My Outlook is compromised and being Used to Send SPAM

[RDK]

Hi Folks......I recently discovered that my Outlook (2003 SP3) was
compromised. I have Symantec AV which scans my mail before sending.
Recently it popped up with a scan when I had not send anything. I found
nothing in the "Sent Files" folder. Later I got a rejected mail notice
which I examined. The headers looked like they came from me, down to the
name of my PC. I've seen "spoofed" e-mail data, but this did not look like
it was spoofed.

Now I'm more aware of the issue and have noticed several other occasions
when mail was going out but not something that I had authored.

I have a fully patched XP Pro OS, run Symantec AV small business version 10
and will be upgrading to version 11 shortly. I have scanned the PC with
Spybot, Ad-Aware, SUPERAntiSpyware, PCTools Spyware Doctor, and MS Defender.
They did not find anything serious BUT the problem continues.

Can anyone help?

Thanks....RDK

 

[Philip Cass]

Hi Folks......I recently discovered that my Outlook (2003 SP3) was
compromised. I have Symantec AV which scans my mail before sending.
Recently it popped up with a scan when I had not send anything. I found
nothing in the "Sent Files" folder. Later I got a rejected mail notice
which I examined. The headers looked like they came from me, down to
the name of my PC. I've seen "spoofed" e-mail data, but this did not
look like it was spoofed.

Now I'm more aware of the issue and have noticed several other occasions
when mail was going out but not something that I had authored.

I have a fully patched XP Pro OS, run Symantec AV small business version
10 and will be upgrading to version 11 shortly. I have scanned the PC
with Spybot, Ad-Aware, SUPERAntiSpyware, PCTools Spyware Doctor, and MS
Defender. They did not find anything serious BUT the problem continues.

Can anyone help?

Thanks....RDK

I have not put the option on for read receipts so I never get anything
like that.

I have office 2003
I have about 6 accounts setup

Just a pain in the arse and unsure how to stop it doing it. Thanks for
any help

I'm using Office 2007 and Vista 64. On Wednesday I got a delivery
failure email for an email I'd never sent.

This is not in itself unusual - almost all my spam is backscatter - but
this email was sent _from my own mail server_. Examining the logs on my
mail server I found that when I'd started up outlook, at the same time as
it logged into IMAP to check for new mail, there'd been a connection made
from my IP, using my username and password, to send about 8 emails.

That same day my friend noticed the same thing (we use the same server
for IMAP but I also use it for STMP whereas he has his own exchange
server set up) - his exchange server had logged outgoing spam emails from
him.

Further experimentation using wireshark and tcpview has confirmed that it
is indeed Outlook sending the mails. The smtp details used correspond to
my default mail profile and if I set my default profile to a different
account the smtp credentials used by the spam change accordingly.

I'm embarrased to admit I didn't have an anti-virus installed at the time
(though I was using Windows Defender); in true barn-door-horse-bolted
style I've now installed McAfee VSE 8.5, which finds nothing. My friend
however did have an antivirus installed - Sophos, which also finds
nothing.

As a workaround I've firewalled my server so I can't actually connect via
SMTP (I'll use webmail for now) but this issue has us rather worried.
Obviously I can do a complete reformat / reinstall but in the absence of
any kind of information on how we've been compromised I'm reluctant to do
so. Hijack This! for instance shows nothing untoward.



Can anyone reccommend any useful diagnostic / troubleshooting tools for
this? Alternatively, if this issue would be best dealt with on another
group, can someone point me in the right direction?


Thanks in advance,
Philip Cass

 

[Philip Cass]

Hi Folks......I recently discovered that my Outlook (2003 SP3) was
compromised. I have Symantec AV which scans my mail before sending.
Recently it popped up with a scan when I had not send anything. I found
nothing in the "Sent Files" folder. Later I got a rejected mail notice
which I examined. The headers looked like they came from me, down to
the name of my PC. I've seen "spoofed" e-mail data, but this did not
look like it was spoofed.

Now I'm more aware of the issue and have noticed several other occasions
when mail was going out but not something that I had authored.

I have a fully patched XP Pro OS, run Symantec AV small business version
10 and will be upgrading to version 11 shortly. I have scanned the PC
with Spybot, Ad-Aware, SUPERAntiSpyware, PCTools Spyware Doctor, and MS
Defender. They did not find anything serious BUT the problem continues.

Can anyone help?

Thanks....RDK

Further to my last email, I've now determined (by firewalling outgoing
connections from my SMTP server to trap the emails) that in my case all
the emails are "Email not read" receipts. And no, I do _not_ have auto-
send receipts on

http://forums.microsoft.com/msdn/ShowPost.aspx?PostID=3932637&SiteID=1

There appears to be a recently introduced bug such that if outlook
"notices" an email in an IMAP store, which subsequently is deleted using
a different client (my server's auto-delete-junk script in my case), it
will ignore reciept settings and send one anyway.

 

[RDK]

Thanks for the update, but I'm not sure this applies here??? I'm running
Outlook 2003 SP3/ My mail is out via SMTP but coming in from a POP3 server.
The "rejected mail" messages look for all the world like spam (selling meds
or ink cartridges) from the subject line.

Thanks.....RDK

 

[RDK]

Philip...Hmmmm, I have re-read your reply and now have a question in my mind
about my problem.

I just looked at the header info again and noticed that the Subject line was
prefixed with "Not read:". OK, could this be an automatic reply to a SPAM
message deleted (and not read) from within Outlook 2003? I thought I had
Outlook configured to ask before send "read" receipts. Are "Not Read:"
receipts different? If yes, how are they controlled?

Thanks...Rob

 

[frymaster127]

(This is still Philip Cass but I'm in a different location and sending using
MS's web interface)

Philip...Hmmmm, I have re-read your reply and now have a question in my mind
about my problem.

I just looked at the header info again and noticed that the Subject line was
prefixed with "Not read:". OK, could this be an automatic reply to a SPAM
message deleted (and not read) from within Outlook 2003? I thought I had
Outlook configured to ask before send "read" receipts. Are "Not Read:"
receipts different? If yes, how are they controlled?

Thanks...Rob

That does indeed sound like my problem, looks like it's an issue with 2003
as well as 2007 then. I think there's been a recent update that's changed
the behaviour of how these unread receipts are sent out; certainly afaik
they _should_ be controlled with the "ask before send" option. Per that
forum link, they are certainly still sent out with the "don't send at all"
option.

 

[Robert]

This is a problem with outlook 2002 as well, see my "How can I stop delivery
receipts" dated 25/09/08. I had first, wrongly, thought that outlook was
trying to send delivery receipts, but have now found out that it's trying to
send these "Not read" receipts. It tries to send them back to the address of
the spam e-mail, but this of course could have been spoofed. These e-mails
also ask for delivery receipts, read receipts & a receipt to say when you
delete the e-mail. I have no control over the delivery receipts, but have
outlook set to ask conformation for the other two, (though I've never been
asked about sending a read receipt as I've never opened any of these mails).

Another point to note is that these not read receipts by-pass my anti-virus
scanning. All my incoming & outgoing mail goes through Norton, also any
read receipts which I allow, also go through Norton, but these not read
receipts are sent directly through outlook. They don't show in my out box or
sent files folder, so I can't delete them. I haven't actually sent any of
these not read receipts, as the e-mail account in question where I'm sent
the original spam e-mails is not my main one, so I'm not connected to the
internet with this account. The not read receipt is sent back using this
account, but the ISP rejects the sending of the receipt as I'm not using
them to connect to the internet, sending can only be done when I am
connected through them. (I can receive, but not send). Therefore outlook
just keeps trying to send the messages & will not stop. The only way to stop
outlook would be to connect to my other ISP & allow them to be sent, or as I
do, & replace my .pst file with a backup copy.

I have now found, using Microsoft's MDBVU32.exe application, that these not
read receipts are in the root folder of the .pst file (which is not visible
to the user in outlook). At that time I had two not read messages, so tried
to delete them using the application, but this failed to work, (don't know
if it was maybe something I was doing wrong, so will try again if I get any
more). I had to replace the .pst file with my backup to get rid of them.

 

[Diane Poremsky [MVP]]

See http://www.outlook-tips.net/howto/delete_rr.htm - the method is the same
on all versions of outlook.

Outlook doesn't respond to Delivery receipts - your mail server (ISP) sends
them. Outlook handles the read/not read receipts.

If Norton is intercepting all SMTP traffic, the not read receipts are
handled by norton. Also, both read and not read receipts are held in the
root folder until sent. There is absolutely no difference in how they are
handled - a receipt is a receipt.

The 'never send' or 'always ask' option should work when deleting junk too -
but if you use an exchange acct, the settings may not apply if you use
outlook 2003 and 2002.

--
Diane Poremsky [MVP - Outlook]





EMO - a weekly newsletter about Outlook and Exchange:
(e-mail address removed)

You can access this newsgroup by visiting
http://www.microsoft.com/office/community/en-us/default.mspx or point your
newsreader to msnews.microsoft.com.

 

[RDK]

Diane....Thank you for your response. Note: XP ProSP3, Outlook 2003 SP3,
e-mail via POP servers on the Internet.

I think what I seeing are "Not read" receipts which were requested by some
SPAM notes which were deleted from my Outlook without being read. I have
setup my Tracking options to "Never Send a Response", but the surrounding
text only talks about "read receipts". Are "Not read" receipts handled
differently?

Thanks again....RDK

 

[frymaster127]

I tried outlook spy the other day and didn't see anything, but I'm very
willing to believe I failed

Norton may very well not think there's anything wrong with the emails -
certainly there's no malicious content in them, and no suspicious content
other than the subject name. My spam filter, for example, isn't catching all
of the incoming Not Read: backscatter that's started to appear, for just that
reason - and because I have legimitate examples that it's learned about.

When deleting Junk in outlook I'm perfectly willing to believe it respects
your receipt sending preferences. However this is manifestly _NOT_ the case
if the junk is downloaded by outlook, and then deleted by another client -
for instance after 7am, when my IMAP server deletes all mail in my spam
folder over 3 days old, outlook will send a small number of not read:
receipts next time it connects.

1 month ago no spam in my junk folders out of about 8000 had the line
"X-Confirm-Reading-To" in it. Today 962 out of 1440 does - hence why
everyone's started noticing this. Additionally about 40 of those 1440 is in
itself read-receipt backscatter, and most of the rest is standard smtp server
backscatter. In other words, this issue is only going to get worse.

 

[Diane Poremsky [MVP]]

A "Read receipt tells the sender if you read the message or not. If you
did, they get one back that says "Read: <subject>" If you delete it without
reading it, they get a read receipt back that with the subject "Not read:
<subject>". There is no difference between read and unread except the
subject.


--
Diane Poremsky [MVP - Outlook]





EMO - a weekly newsletter about Outlook and Exchange:
(e-mail address removed)

You can access this newsgroup by visiting
http://www.microsoft.com/office/community/en-us/default.mspx or point your
newsreader to msnews.microsoft.com.

Diane....Thank you for your response. Note: XP ProSP3, Outlook 2003 SP3,
e-mail via POP servers on the Internet.

I think what I seeing are "Not read" receipts which were requested by some
SPAM notes which were deleted from my Outlook without being read. I have
setup my Tracking options to "Never Send a Response", but the surrounding
text only talks about "read receipts". Are "Not read" receipts handled
differently?

Thanks again....RDK

See http://www.outlook-tips.net/howto/delete_rr.htm - the method is the
same on all versions of outlook.

Outlook doesn't respond to Delivery receipts - your mail server (ISP)
sends them. Outlook handles the read/not read receipts.

If Norton is intercepting all SMTP traffic, the not read receipts are
handled by norton. Also, both read and not read receipts are held in the
root folder until sent. There is absolutely no difference in how they are
handled - a receipt is a receipt.

The 'never send' or 'always ask' option should work when deleting junk
too - but if you use an exchange acct, the settings may not apply if you
use outlook 2003 and 2002.

--
Diane Poremsky [MVP - Outlook]





EMO - a weekly newsletter about Outlook and Exchange:
(e-mail address removed)

You can access this newsgroup by visiting
http://www.microsoft.com/office/community/en-us/default.mspx or point
your newsreader to msnews.microsoft.com.


news:[email protected]...

 

[RDK]

Diane....OK, that is what I suspected. Now the next question is then 'Why
is Outlook sending a "Not Read" receipt when I have specified in the
Tracking section of the Options to "Never Send a Response" for receipts'?

Is this a bug as seems to be indicated in this MSDN thread
(http://forums.microsoft.com/msdn/ShowPost.aspx?PostID=3932637&SiteID=1)?
Except it also seems to be happening to me and I'm using POP servers and the
Internet.

Thanks again...Rob

A "Read receipt tells the sender if you read the message or not. If you
did, they get one back that says "Read: <subject>" If you delete it without
reading it, they get a read receipt back that with the subject "Not read:
<subject>". There is no difference between read and unread except the
subject.


--
Diane Poremsky [MVP - Outlook]





EMO - a weekly newsletter about Outlook and Exchange:
(e-mail address removed)

You can access this newsgroup by visiting
http://www.microsoft.com/office/community/en-us/default.mspx or point your
newsreader to msnews.microsoft.com.

Diane....Thank you for your response. Note: XP ProSP3, Outlook 2003 SP3,
e-mail via POP servers on the Internet.

I think what I seeing are "Not read" receipts which were requested by
some SPAM notes which were deleted from my Outlook without being read. I
have setup my Tracking options to "Never Send a Response", but the
surrounding text only talks about "read receipts". Are "Not read"
receipts handled differently?

Thanks again....RDK

 

[Diane Poremsky [MVP]]

If the IMAP server is deleting the spam before outlook, it’s the one
responding to the receipts not outlook. That's why you don't see them in the
root. (If you are connected at the time of reading or deleting, the receipts
may be sent immediately.)

My spam containing RR ratio is very low - so its something unique to the
spammers using your address.

--
Diane Poremsky [MVP - Outlook]





EMO - a weekly newsletter about Outlook and Exchange:
(e-mail address removed)

You can access this newsgroup by visiting
http://www.microsoft.com/office/community/en-us/default.mspx or point your
newsreader to msnews.microsoft.com.

I tried outlook spy the other day and didn't see anything, but I'm very
willing to believe I failed

Norton may very well not think there's anything wrong with the emails -
certainly there's no malicious content in them, and no suspicious content
other than the subject name. My spam filter, for example, isn't catching
all
of the incoming Not Read: backscatter that's started to appear, for just
that
reason - and because I have legimitate examples that it's learned about.

When deleting Junk in outlook I'm perfectly willing to believe it respects
your receipt sending preferences. However this is manifestly _NOT_ the
case
if the junk is downloaded by outlook, and then deleted by another client -
for instance after 7am, when my IMAP server deletes all mail in my spam
folder over 3 days old, outlook will send a small number of not read:
receipts next time it connects.

1 month ago no spam in my junk folders out of about 8000 had the line
"X-Confirm-Reading-To" in it. Today 962 out of 1440 does - hence why
everyone's started noticing this. Additionally about 40 of those 1440 is
in
itself read-receipt backscatter, and most of the rest is standard smtp
server
backscatter. In other words, this issue is only going to get worse.

See http://www.outlook-tips.net/howto/delete_rr.htm - the method is the
same
on all versions of outlook.

Outlook doesn't respond to Delivery receipts - your mail server (ISP)
sends
them. Outlook handles the read/not read receipts.

If Norton is intercepting all SMTP traffic, the not read receipts are
handled by norton. Also, both read and not read receipts are held in the
root folder until sent. There is absolutely no difference in how they are
handled - a receipt is a receipt.

The 'never send' or 'always ask' option should work when deleting junk
too -
but if you use an exchange acct, the settings may not apply if you use
outlook 2003 and 2002.

--
Diane Poremsky [MVP - Outlook]





EMO - a weekly newsletter about Outlook and Exchange:
(e-mail address removed)

You can access this newsgroup by visiting
http://www.microsoft.com/office/community/en-us/default.mspx or point
your
newsreader to msnews.microsoft.com.

 

[Diane Poremsky [MVP]]

Outlook's settings are client side - they apply only if outlook deletes the
message. When you delete it from another client, that client's setting
apply. If you delete it from outlook, outlook's setting apply.

Outlook updating the client side cache (as it does with IMAP accounts when
the folder contents are deleted in another client) should not cause RR to be
returned.


--
Diane Poremsky [MVP - Outlook]





EMO - a weekly newsletter about Outlook and Exchange:
(e-mail address removed)

You can access this newsgroup by visiting
http://www.microsoft.com/office/community/en-us/default.mspx or point your
newsreader to msnews.microsoft.com.

Diane....OK, that is what I suspected. Now the next question is then 'Why
is Outlook sending a "Not Read" receipt when I have specified in the
Tracking section of the Options to "Never Send a Response" for receipts'?

Is this a bug as seems to be indicated in this MSDN thread
(http://forums.microsoft.com/msdn/ShowPost.aspx?PostID=3932637&SiteID=1)?
Except it also seems to be happening to me and I'm using POP servers and
the Internet.

Thanks again...Rob

A "Read receipt tells the sender if you read the message or not. If you
did, they get one back that says "Read: <subject>" If you delete it
without reading it, they get a read receipt back that with the subject
"Not read: <subject>". There is no difference between read and unread
except the subject.


--
Diane Poremsky [MVP - Outlook]





EMO - a weekly newsletter about Outlook and Exchange:
(e-mail address removed)

You can access this newsgroup by visiting
http://www.microsoft.com/office/community/en-us/default.mspx or point
your newsreader to msnews.microsoft.com.

Diane....Thank you for your response. Note: XP ProSP3, Outlook 2003
SP3, e-mail via POP servers on the Internet.

I think what I seeing are "Not read" receipts which were requested by
some SPAM notes which were deleted from my Outlook without being read.
I have setup my Tracking options to "Never Send a Response", but the
surrounding text only talks about "read receipts". Are "Not read"
receipts handled differently?

Thanks again....RDK

 

[RDK]

Diane....Thanks for the VERY prompt reply.

In my case everything is happening inside of Outlook: I receive/download my
e-mail from a POP server, it gets classified (SPAM, JUNK, the rest) and then
I glance down the JUNK and SPAM folder contents (From, To and Subject only)
then Control A and Shift Delete. My client has Tracking options set to
"Never Send...".

Take care.....RDK

Outlook's settings are client side - they apply only if outlook deletes
the message. When you delete it from another client, that client's setting
apply. If you delete it from outlook, outlook's setting apply.

Outlook updating the client side cache (as it does with IMAP accounts when
the folder contents are deleted in another client) should not cause RR to
be returned.


--
Diane Poremsky [MVP - Outlook]





EMO - a weekly newsletter about Outlook and Exchange:
(e-mail address removed)

You can access this newsgroup by visiting
http://www.microsoft.com/office/community/en-us/default.mspx or point your
newsreader to msnews.microsoft.com.

Diane....OK, that is what I suspected. Now the next question is then
'Why is Outlook sending a "Not Read" receipt when I have specified in the
Tracking section of the Options to "Never Send a Response" for receipts'?

Is this a bug as seems to be indicated in this MSDN thread
(http://forums.microsoft.com/msdn/ShowPost.aspx?PostID=3932637&SiteID=1)?
Except it also seems to be happening to me and I'm using POP servers and
the Internet.

Thanks again...Rob

A "Read receipt tells the sender if you read the message or not. If you
did, they get one back that says "Read: <subject>" If you delete it
without reading it, they get a read receipt back that with the subject
"Not read: <subject>". There is no difference between read and unread
except the subject.


--
Diane Poremsky [MVP - Outlook]





EMO - a weekly newsletter about Outlook and Exchange:
(e-mail address removed)

You can access this newsgroup by visiting
http://www.microsoft.com/office/community/en-us/default.mspx or point
your newsreader to msnews.microsoft.com.


Diane....Thank you for your response. Note: XP ProSP3, Outlook 2003
SP3, e-mail via POP servers on the Internet.

I think what I seeing are "Not read" receipts which were requested by
some SPAM notes which were deleted from my Outlook without being read.
I have setup my Tracking options to "Never Send a Response", but the
surrounding text only talks about "read receipts". Are "Not read"
receipts handled differently?

Thanks again....RDK

 

[Brian Tillman [MVP - Outlook]]

In my case everything is happening inside of Outlook: I receive/download
my e-mail from a POP server, it gets classified (SPAM, JUNK, the rest) and
then I glance down the JUNK and SPAM folder contents (From, To and Subject
only) then Control A and Shift Delete. My client has Tracking options set
to "Never Send...".

Um, Outlook doesn't have a "SPAM" or "JUNK" folder. It has a "Junk E-mail"
folder. Indications are, then, that you have a third-party app scanning
mail and performing an action on the incoming messages and that would
indicate that it is the add-in eliciting the "not read" receipts, not
Outlook.

 

[Diane Poremsky [MVP]]

I tested this quite a few times this morning with both never send and always
ask - set outlook offline, empty junk email, look in the root folder for
receipts waiting for outlook to go online. Emptying Junk email does not ask
and it never sends a response.

Outlook folder is called Junk E-mail - not Spam (that is your antispam
application). Shift-deleting those items should never send receipts and if
always ask is enable, it should generate a dialog asking if you want to
generate them.

Now its possible that its something with the header only setting and the
server is generating the receipt when you delete, as they are still on the
server when outlook deletes them.

--
Diane Poremsky [MVP - Outlook]





EMO - a weekly newsletter about Outlook and Exchange:
(e-mail address removed)

You can access this newsgroup by visiting
http://www.microsoft.com/office/community/en-us/default.mspx or point your
newsreader to msnews.microsoft.com.

Diane....Thanks for the VERY prompt reply.

In my case everything is happening inside of Outlook: I receive/download
my e-mail from a POP server, it gets classified (SPAM, JUNK, the rest) and
then I glance down the JUNK and SPAM folder contents (From, To and Subject
only) then Control A and Shift Delete. My client has Tracking options set
to "Never Send...".

Take care.....RDK

Outlook's settings are client side - they apply only if outlook deletes
the message. When you delete it from another client, that client's
setting apply. If you delete it from outlook, outlook's setting apply.

Outlook updating the client side cache (as it does with IMAP accounts
when the folder contents are deleted in another client) should not cause
RR to be returned.


--
Diane Poremsky [MVP - Outlook]





EMO - a weekly newsletter about Outlook and Exchange:
(e-mail address removed)

You can access this newsgroup by visiting
http://www.microsoft.com/office/community/en-us/default.mspx or point
your newsreader to msnews.microsoft.com.

Diane....OK, that is what I suspected. Now the next question is then
'Why is Outlook sending a "Not Read" receipt when I have specified in
the Tracking section of the Options to "Never Send a Response" for
receipts'?

Is this a bug as seems to be indicated in this MSDN thread
(http://forums.microsoft.com/msdn/ShowPost.aspx?PostID=3932637&SiteID=1)?
Except it also seems to be happening to me and I'm using POP servers and
the Internet.

Thanks again...Rob


A "Read receipt tells the sender if you read the message or not. If you
did, they get one back that says "Read: <subject>" If you delete it
without reading it, they get a read receipt back that with the subject
"Not read: <subject>". There is no difference between read and unread
except the subject.


--
Diane Poremsky [MVP - Outlook]





EMO - a weekly newsletter about Outlook and Exchange:
(e-mail address removed)

You can access this newsgroup by visiting
http://www.microsoft.com/office/community/en-us/default.mspx or point
your newsreader to msnews.microsoft.com.


Diane....Thank you for your response. Note: XP ProSP3, Outlook 2003
SP3, e-mail via POP servers on the Internet.

I think what I seeing are "Not read" receipts which were requested by
some SPAM notes which were deleted from my Outlook without being read.
I have setup my Tracking options to "Never Send a Response", but the
surrounding text only talks about "read receipts". Are "Not read"
receipts handled differently?

Thanks again....RDK

 

[Diane Poremsky [MVP]]

Um, Outlook doesn't have a "SPAM" or "JUNK" folder. It has a "Junk

E-mail" folder. Indications are, then, that you have a third-party app
scanning mail and performing an action on the incoming messages and that
would indicate that it is the add-in eliciting the "not read" receipts,
not Outlook.

Once it hands it off to outlook, the app and folder it created should not
matter. The behavior should be as in every other outlook folder and honor
the tracking option.

I'm thinking headers only might be a factor though - and the server is
generating it.


--
Diane Poremsky [MVP - Outlook]





EMO - a weekly newsletter about Outlook and Exchange:
(e-mail address removed)

You can access this newsgroup by visiting
http://www.microsoft.com/office/community/en-us/default.mspx or point your
newsreader to msnews.microsoft.com.

 

[RDK]

Hmmmmm, Looks like I need to update my comments. Yes, I'm running a Spam
filter, SpamBayes (http://spambayes.sourceforge.net/), to analyze my
incoming mail. It just sorts them into folders: OK goes in the inbox,
question marks go to the Junk folder and high probability SPAM goes into the
SPAM folder. I believe Spam Bayes is an Outlook macro, but I'm not sure??

Regardless, when I delete them it is from Outlook via the "select All" and
the Shift Delete. And as far as a server is concerned, I download my mail
from a POP server and do not leave copies on that server.

Here is what the header info looks like when I get a rejected "Not read"
back. x's, y's and z's to protect the innocent.....
======================================================================
From: (e-mail address removed)
Sent: Sunday, September 28, 2008 18:57
To: (e-mail address removed)
Subject: failure notice

Hi. This is the qmail-send program at mbsau2.mbs.edu.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

<[email protected]>:
128.250.180.12 does not like recipient.
Remote host said: 550 <[email protected]>: Recipient address rejected:
User unknown in virtual alias table Giving up on 128.250.180.12.

--- Below this line is a copy of the message.

Return-Path: <[email protected]>
Received: (qmail 32623 invoked from network); 28 Sep 2008 16:56:39 -0000
Received: from mail.xxxxx.com (xx.xx.47.145)
by email-report2.mbs.edu with SMTP; 28 Sep 2008 16:56:37 -0000
Received: from MyDesk [192.168.99.11] by mail.xxxx.com with ESMTP
(SMTPD-9.23) id A73F0338; Sun, 28 Sep 2008 10:56:31 -0600
Reply-To: <[email protected]>
From: "Me LastName" <[email protected]>
To: <[email protected]>
Subject: Not read: Unbelievable Savings on Medications.
Date: Sun, 28 Sep 2008 18:56:13 +0200
Organization: zzzzzzzzzz
====================================================================

Thanks....RDK

Um, Outlook doesn't have a "SPAM" or "JUNK" folder. It has a "Junk
E-mail" folder. Indications are, then, that you have a third-party app
scanning mail and performing an action on the incoming messages and that
would indicate that it is the add-in eliciting the "not read" receipts,
not Outlook.

Once it hands it off to outlook, the app and folder it created should not
matter. The behavior should be as in every other outlook folder and honor
the tracking option.

I'm thinking headers only might be a factor though - and the server is
generating it.


--
Diane Poremsky [MVP - Outlook]





EMO - a weekly newsletter about Outlook and Exchange:
(e-mail address removed)

You can access this newsgroup by visiting
http://www.microsoft.com/office/community/en-us/default.mspx or point your
newsreader to msnews.microsoft.com.

Um, Outlook doesn't have a "SPAM" or "JUNK" folder. It has a "Junk
E-mail" folder. Indications are, then, that you have a third-party app
scanning mail and performing an action on the incoming messages and that
would indicate that it is the add-in eliciting the "not read" receipts,
not Outlook.

 

[frymaster127]

If the IMAP server is deleting the spam before outlook, it’s the one
responding to the receipts not outlook.

I'm sorry, this is absolutely not the case. Looking at my SMTP server logs,
the outgoing emails are coming from my desktop IP, using the username and
password of whatever account I set as my outlook default. Right now, with
read receipts turned off, I've got 7 emails that don't appear in my outbox
that outlook can't send because I've firewalled access to my smtp server. If
I remove that restriction, yet instead firewall outgoing smtp from my smtp
server, I will have 7 emails sitting in its mail queue with the subject "Not
Readrandom spam)"

If after clearing those 7 emails, I again firewall access to my smtp server,
close outlook, and run the delete-items-in-the-spam-folder-older-than-3-days
script from my mail server, then re-open outlook, it will - immediately after
checking for new mail in the imap folders - try to open an smtp connection to
send "Not Read:" messages. This has been verified with tcpview.

If before I delete spam off the server I copy the files into the filesystem
first, and then shuffle the firewall to capture the contents again, I will be
able to match up the subject line of each "Not Read:" message to the subject
line of an email that I deleted from the server.

To summarise:
It is the case, that with emails that outlook has downloaded, if no action
has been taken (ie not read or deleted in outlook) and thus no opportunity
for outlook to ask about sending a receipt, then if another mail client
deletes the emails while outlook is not connected, it will, upon
reconnecting, send out "Not read:" receipts for these, irrespective of the
reciept settings.

This was not a major problem until last week, which is the first time I've
got records of spam emails asking for read receipts. This is also not a
problem if you delete your spam using outlook; I, like many other people,
have a system where unread spam is deleted automatically after a few days.

My ratio of "Not read:" spam is only about 1% also (because the vast
majority of backscatter doesn't get to a real mailbox), but that's up from 0%
2 weeks ago. It also coincides with when myself, my friend (who experiences
the exact symptoms I do using exchange for smtp, and an imap server for
receving), and at least 3 other people is this group and in the forum I
linked to, all started getting this problem.

While outlook wanting to send "Not Read:" receipts when unread emails
disappear is a good idea in theory, it obviously bypasses the receipt
settings somehow, and fails to account for the case when another client
deletes the emails before outlook sees they have been read. So it needs an
option to turn off this behaviour, too.

If you have any questions or queries about my conclusions or the methods I
used to investigate this issue, please do not hesitate to contact me on or
off list

Philip Cass