locked
Random Users Receiving Emails That Wasn't Sent To Them RRS feed

  • Question

  •      We have an issue that a bulk of users received an email that wasn't sent to them (neither in TO: nor CC)

    a contractor sent an email from (Bart@companyA.com) TO: contractor (Homer@companyB.com) and in the CC he put a contractor (Lisa@MyCompany.com) and (Lisa@companyC.com), he also added an anonymous mailbox (used for sending not receiving) that belongs to (@MyCompany.com)

    half of the company received the email that was sent by Bart@companyA.com, even though he didn't send the email to them in anyway. 

    the message header shows the following information;

    *User Received: from Exchange2 (IPv6) by Exchange2 (IPv6) with Microsoft SMTP Server (*************************************************)    ID ***            via Mailbox Transport; Mon, 6 Jul 2020 23:10:05 +0300

    we welcome any thoughts or theories on the issue. 

    Tuesday, July 7, 2020 10:40 AM

All replies

  • Run a message trace on your end, and if possible ask the sender to do the same on their end.
    Tuesday, July 7, 2020 4:21 PM
  • Hi,

    For those unexpected recipients, do their addresses display in recipient list in the message they received?

    Please check the transport rule and Inbox rules, make sure no rule is created to Bcc or add to additional recipients.

    As Vasil L. Michev mentioned, you can use the following command to check the message tracking log for unexpected recipient:

    Get-TransportService|Get-MessageTrackingLog -MessageSubject <subject> -Sender <mailbox address> -Recipients <mailbox address> |select timestamp,EventID,Source,ConnectorID|sort-object Timestamp

    Try to verify if this issue can be reproduced when send messages to specific mailboxes.

    Regards,

    Lydia Zhou


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Wednesday, July 8, 2020 2:26 AM
  • Hi Lydia , thank you for the reply.

    we didn't set any transport rules in our Exchange server that BCC.

    the email conversation goes back to more than a month, but suddenly a bulk of users received an email from this contractor. 

    users are from completely different and unrelated departments. we would have to check if he added anyone in the BCC. 

    EMS output: 

    Timestamp            EventId Source      ConnectorId
    ---------            ------- ------      -----------
    7/6/2020 11:10:05 PM DELIVER STOREDRIVER

    Wednesday, July 8, 2020 11:44 AM
  • Do you have other Exchange servers in your organization? Please add Get-TransportService before the cmdlet, so that message tracking logs on other Exchange servers can be collected as well.

    Regards,

    Lydia Zhou


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Thursday, July 9, 2020 8:42 AM
  • Any updates so far? If you have solved your problem, could you share with us? Maybe it will help more people with similar problems.

    This Exchange Server 2016 - Mail Flow and Secure Messaging Forum will be migrating to a new home on Microsoft Q&A, please refer to this sticky post for more details.

    Regards,

    Lydia Zhou


    Exchange Server 2016 - Mail Flow and Secure Messaging Forum forum will be migrating to a new home on Microsoft Q&A! We invite you to post new questions in the new forum.

    For more information, please refer to the sticky post.

    Wednesday, July 15, 2020 9:10 AM
  • Here is a brief summary about replies above. Hope more people can get useful information from it.

    Issue Symptom:

    We have an issue that a bulk of users received an email that wasn't sent to them (neither in TO: nor CC)

    a contractor sent an email from (Bart@companyA.com) TO: contractor (Homer@companyB.com) and in the CC he put a contractor (Lisa@MyCompany.com) and (Lisa@companyC.com), he also added an anonymous mailbox (used for sending not receiving) that belongs to (@MyCompany.com)

    half of the company received the email that was sent by Bart@companyA.com, even though he didn't send the email to them in anyway. 

    Possible Cause:

    Some users may be added as the recipients unexpected.

    Troubleshooting Steps so far:

    Please check the transport rule and Inbox rules, make sure no rule is created to Bcc or add to additional recipients.

    Use the following command to check the message tracking log for unexpected recipient:

    Get-TransportService|Get-MessageTrackingLog -MessageSubject <subject> -Sender <mailbox address> -Recipients <mailbox address> |select timestamp,EventID,Source,ConnectorID|sort-object Timestamp


    Next Step:

    Add Get-TransportService before the cmdlet, so that message tracking logs on other Exchange servers can be collected as well.

    Try to verify if this issue can be reproduced when send messages to specific mailboxes.

    This Exchange Server 2016 - Mail Flow and Secure Messaging Forum will be migrating to a new home on Microsoft Q&A, please refer to this sticky post for more details.

    Regards,

    Lydia Zhou


    Exchange Server 2016 - Mail Flow and Secure Messaging Forum forum will be migrating to a new home on Microsoft Q&A! We invite you to post new questions in the new forum.

    For more information, please refer to the sticky post.

    Friday, July 17, 2020 8:43 AM