Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 365
  • Last Modified:

Internal email message gets sent to unknown recipient outside the company

This is a very weird situation.  This is a Microsoft Exchange Server 2003 Small Business server with Microsoft Outlook 2007 clients.  There are five employees.  Employee A sent an email to the other four people with a nice quote to start the day.  A few days later, Employee A got an email from an unknown person at a reputable consulting company saying thanks for the kind words.  Employee A didn't know who this person was.

When we look at the email in her sent items which was sent at 7:39am on Tuesday, only the four employees are in the To line and no one is CC's or Bcc'd.  The response from the unknown party included the original message and it has the same date and time but this person's email address is included as a fifth recipient.  I double checked Employee A's sent items and this unknown person is NOT on the To: list.

Message tracking was not turned on with this server.  Ugh.  I checked everyone's rules and there are no auto-forwarding rules ... actually no rules of any sort.  I am at a loss as to how this person magically became a recipient when the original email doesn't include her at all.  There is anti-malware on all clients and the server.  The server checks out fine
0
Steve Bantz
Asked:
Steve Bantz
  • 2
  • 2
2 Solutions
 
AmitIT ArchitectCommented:
Enable the advance logging with option like client IP.
http://www.msexchange.org/articles-tutorials/exchange-server-2000/monitoring-operations/Logging_the_SMTP_Service.html

That can show from which client it is being generated.
0
 
Simon Butler (Sembee)ConsultantCommented:
Without message tracking is almost impossible to know what has happened here. Has anyone in the company had dealings with that other party at all?
Simon.
0
 
Steve BantzIT ManagerAuthor Commented:
I have enabled message tracking now but of course it won't do me any good unless it happens again.  No one knows this person.  I even checked the original sender's outlook.nk2 file and the email address in question is not in there either.  I just have to think it is something that happened with the Exchange server since the address doesn't appear in the original message. It just appears that the address was added AFTER it left the local Outlook client and hit the Exchange server.  There are no open relays or anything like that, but that shouldn't matter.  Somehow, an address was appended to an outgoing email that the sender didn't put in there.  :)

The person outside the company who received the email was from a reputable firm so I don't have any reason to believe malware is involved.  I am just trying to figure out how something like this could even happen.  The company is nervous now so I have to come to some sort of conclusion.
0
 
AmitIT ArchitectCommented:
Check with ISP, they might be able to track something for you.
0
 
Steve BantzIT ManagerAuthor Commented:
Nothing was found out on this after the fact.  I have turned on message tracking in case this happens again.  I have never seen this before and I have been doing this for 15 years.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now