Internal email message gets sent to unknown recipient outside the company

Posted on 2013-06-20
Last Modified: 2013-07-08
This is a very weird situation.  This is a Microsoft Exchange Server 2003 Small Business server with Microsoft Outlook 2007 clients.  There are five employees.  Employee A sent an email to the other four people with a nice quote to start the day.  A few days later, Employee A got an email from an unknown person at a reputable consulting company saying thanks for the kind words.  Employee A didn't know who this person was.

When we look at the email in her sent items which was sent at 7:39am on Tuesday, only the four employees are in the To line and no one is CC's or Bcc'd.  The response from the unknown party included the original message and it has the same date and time but this person's email address is included as a fifth recipient.  I double checked Employee A's sent items and this unknown person is NOT on the To: list.

Message tracking was not turned on with this server.  Ugh.  I checked everyone's rules and there are no auto-forwarding rules ... actually no rules of any sort.  I am at a loss as to how this person magically became a recipient when the original email doesn't include her at all.  There is anti-malware on all clients and the server.  The server checks out fine
Question by:Steve Bantz
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
LVL 43

Accepted Solution

Amit earned 225 total points
ID: 39263450
Enable the advance logging with option like client IP.

That can show from which client it is being generated.
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 75 total points
ID: 39264183
Without message tracking is almost impossible to know what has happened here. Has anyone in the company had dealings with that other party at all?

Author Comment

by:Steve Bantz
ID: 39264219
I have enabled message tracking now but of course it won't do me any good unless it happens again.  No one knows this person.  I even checked the original sender's outlook.nk2 file and the email address in question is not in there either.  I just have to think it is something that happened with the Exchange server since the address doesn't appear in the original message. It just appears that the address was added AFTER it left the local Outlook client and hit the Exchange server.  There are no open relays or anything like that, but that shouldn't matter.  Somehow, an address was appended to an outgoing email that the sender didn't put in there.  :)

The person outside the company who received the email was from a reputable firm so I don't have any reason to believe malware is involved.  I am just trying to figure out how something like this could even happen.  The company is nervous now so I have to come to some sort of conclusion.
LVL 43

Expert Comment

ID: 39264234
Check with ISP, they might be able to track something for you.

Author Comment

by:Steve Bantz
ID: 39308501
Nothing was found out on this after the fact.  I have turned on message tracking in case this happens again.  I have never seen this before and I have been doing this for 15 years.

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Find out what you should include to make the best professional email signature for your organization.
In-place Upgrading Dirsync to Azure AD Connect
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
how to add IIS SMTP to handle application/Scanner relays into office 365.
Suggested Courses

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question