Solved

Internal email message gets sent to unknown recipient outside the company

Posted on 2013-06-20
5
313 Views
Last Modified: 2013-07-08
This is a very weird situation.  This is a Microsoft Exchange Server 2003 Small Business server with Microsoft Outlook 2007 clients.  There are five employees.  Employee A sent an email to the other four people with a nice quote to start the day.  A few days later, Employee A got an email from an unknown person at a reputable consulting company saying thanks for the kind words.  Employee A didn't know who this person was.

When we look at the email in her sent items which was sent at 7:39am on Tuesday, only the four employees are in the To line and no one is CC's or Bcc'd.  The response from the unknown party included the original message and it has the same date and time but this person's email address is included as a fifth recipient.  I double checked Employee A's sent items and this unknown person is NOT on the To: list.

Message tracking was not turned on with this server.  Ugh.  I checked everyone's rules and there are no auto-forwarding rules ... actually no rules of any sort.  I am at a loss as to how this person magically became a recipient when the original email doesn't include her at all.  There is anti-malware on all clients and the server.  The server checks out fine
0
Comment
Question by:Steve Bantz
  • 2
  • 2
5 Comments
 
LVL 41

Accepted Solution

by:
Amit earned 225 total points
ID: 39263450
Enable the advance logging with option like client IP.
http://www.msexchange.org/articles-tutorials/exchange-server-2000/monitoring-operations/Logging_the_SMTP_Service.html

That can show from which client it is being generated.
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 75 total points
ID: 39264183
Without message tracking is almost impossible to know what has happened here. Has anyone in the company had dealings with that other party at all?
Simon.
0
 

Author Comment

by:Steve Bantz
ID: 39264219
I have enabled message tracking now but of course it won't do me any good unless it happens again.  No one knows this person.  I even checked the original sender's outlook.nk2 file and the email address in question is not in there either.  I just have to think it is something that happened with the Exchange server since the address doesn't appear in the original message. It just appears that the address was added AFTER it left the local Outlook client and hit the Exchange server.  There are no open relays or anything like that, but that shouldn't matter.  Somehow, an address was appended to an outgoing email that the sender didn't put in there.  :)

The person outside the company who received the email was from a reputable firm so I don't have any reason to believe malware is involved.  I am just trying to figure out how something like this could even happen.  The company is nervous now so I have to come to some sort of conclusion.
0
 
LVL 41

Expert Comment

by:Amit
ID: 39264234
Check with ISP, they might be able to track something for you.
0
 

Author Comment

by:Steve Bantz
ID: 39308501
Nothing was found out on this after the fact.  I have turned on message tracking in case this happens again.  I have never seen this before and I have been doing this for 15 years.
0

Featured Post

Free book by J.Peter Bruzzese, Microsoft MVP

Are you using Office 365? Trying to set up email signatures but you’re struggling with transport rules and connectors? Let renowned Microsoft MVP J.Peter Bruzzese show you how in this exclusive e-book on Office 365 email signatures. Better yet, it’s free!

Join & Write a Comment

Suggested Solutions

Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now