OT: Outlook oddities

Steve Campbell campbell at cnpapers.com
Tue Mar 9 12:47:48 GMT 2010

Glenn Steen wrote:
> On 8 March 2010 18:10, Steve Campbell <campbell at cnpapers.com> wrote:
>> Glenn Steen wrote:
>>> On 8 March 2010 15:53, Steve Campbell <campbell at cnpapers.com> wrote:
>>>> Just wondering if anyone ever experiences email sent by Outlook senders
>>>> that
>>>> have no "From" in the envelop? The headers seem to have the proper "From"
>>>> entry. These get caught quite often by MS (actually SA) with a "no
>>>> watermark
>>>> or sender address". They are sent from our users, which normally get
>>>> whitelisted by IP address. The problem doesn't always happen even from
>>>> the
>>>> same sender.
>>>> Thanks and sorry for the OT
>>>> Steve Campbell
>>> The empty sender (MAIL FROM:<>) is a valid sender reserved for the
>>> mail system itself. Typically used for delivery reports (or rather
>>> "non-delivery":-). Since all mail coming into your system having an
>>> empty sender need be in response to a mail sent from you, MailScanner
>>> (not SA) adds a watermark header... The "returning MTA" is supposed to
>>> preserve that in the reply/DSN/NDN, so MailScanner checks for that and
>>> stamps any mail lacking a watermark, or having a forged one, as spam.
>>> So you need look a bit harder on from where you get these, and in what
>>> situations;-). It's probably doing just the thing it should:-);-)
>>> Cheers
>> Yep, I agree it looks like valid mail and all and that the headers and
>> envelop are probably valid for certain types of email. But...
>> All of our users are NATted to one IP address from our internal network to
>> the outgoing mailserver. These emails show that they have arrived properly
>> from that internal network. These are real emails sent from our users. They
>> just don't have the "From" in them and, as you stated, they don't have the
>> proper Return-Path (it's blank). They show only one hop to the mailserver
>> and it's from the proper NATted IP.
>> So I guess the question is: Why, if all email from our users takes the same
>> path, do only Outlook users exhibit this problem and only occasionally? It
>> never shows up from Thunderbird, OE, or any other mail client.
>> I'll dig a little deeper, but was just hoping some of you had run across
>> this before.
>> Thanks for the reply.
>> steve
> It could be some "automatic" thing ... some of the software we use
> internally use a "mapisend" utility to send mail via OutLook (The MAPI
> interface, of course)... And that software might be ... either through
> flawed programming/knowledge or perhaps some type of misconfig,
> abusing the "empty sender" feature of SMTP.
> But I'd look at capturing some of them and scrutinizing the actual
> content. It might be either "out of office" or "return receipts" you
> are seeing. Some MTAs (or MUAs for that matter) just plain don't
> preserve the watermark headers as they should.
> Capturing a few should be an easy config matter... perhaps you already
> have them?
> Cheers


I think I have them since MS quarantined them. Another strange thing 
about all this is that I whitelist our senders by IP address, the email 
is sent through that IP, and yet, MS has decided to block it anyway - 
sort of not honoring the whitelisted IP. I'm guessing this is due to the 
watermark not being inserted somewhere.

Thanks for the help. If I find out anymore, I'll post it.


More information about the MailScanner mailing list