OT: Outlook oddities

Glenn Steen glenn.steen at gmail.com
Tue Mar 9 08:13:14 GMT 2010

On 8 March 2010 18:10, Steve Campbell <campbell at cnpapers.com> wrote:
> Glenn Steen wrote:
>> On 8 March 2010 15:53, Steve Campbell <campbell at cnpapers.com> wrote:
>>> Just wondering if anyone ever experiences email sent by Outlook senders
>>> that
>>> have no "From" in the envelop? The headers seem to have the proper "From"
>>> entry. These get caught quite often by MS (actually SA) with a "no
>>> watermark
>>> or sender address". They are sent from our users, which normally get
>>> whitelisted by IP address. The problem doesn't always happen even from
>>> the
>>> same sender.
>>> Thanks and sorry for the OT
>>> Steve Campbell
>> The empty sender (MAIL FROM:<>) is a valid sender reserved for the
>> mail system itself. Typically used for delivery reports (or rather
>> "non-delivery":-). Since all mail coming into your system having an
>> empty sender need be in response to a mail sent from you, MailScanner
>> (not SA) adds a watermark header... The "returning MTA" is supposed to
>> preserve that in the reply/DSN/NDN, so MailScanner checks for that and
>> stamps any mail lacking a watermark, or having a forged one, as spam.
>> So you need look a bit harder on from where you get these, and in what
>> situations;-). It's probably doing just the thing it should:-);-)
>> Cheers
> Yep, I agree it looks like valid mail and all and that the headers and
> envelop are probably valid for certain types of email. But...
> All of our users are NATted to one IP address from our internal network to
> the outgoing mailserver. These emails show that they have arrived properly
> from that internal network. These are real emails sent from our users. They
> just don't have the "From" in them and, as you stated, they don't have the
> proper Return-Path (it's blank). They show only one hop to the mailserver
> and it's from the proper NATted IP.
> So I guess the question is: Why, if all email from our users takes the same
> path, do only Outlook users exhibit this problem and only occasionally? It
> never shows up from Thunderbird, OE, or any other mail client.
> I'll dig a little deeper, but was just hoping some of you had run across
> this before.
> Thanks for the reply.
> steve
It could be some "automatic" thing ... some of the software we use
internally use a "mapisend" utility to send mail via OutLook (The MAPI
interface, of course)... And that software might be ... either through
flawed programming/knowledge or perhaps some type of misconfig,
abusing the "empty sender" feature of SMTP.

But I'd look at capturing some of them and scrutinizing the actual
content. It might be either "out of office" or "return receipts" you
are seeing. Some MTAs (or MUAs for that matter) just plain don't
preserve the watermark headers as they should.
Capturing a few should be an easy config matter... perhaps you already
have them?

-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

More information about the MailScanner mailing list