How to investigate Return Receipt for an email that has not been s

[will~]

Outlook 2003 (SP3), Exchange Server 2003 on Windows Server 2003 R2 standard

In Outlook, both 'Read receipt' and 'Delivery receipt' has been turned on.

A 'Delivered: Return Receipt' has been delivered to the inbox of a user (A).
-----------------
Your message

To: Jo Bloggs
Subject: RE: xxx
Sent: 08/02/2008 09:36

was delivered to the following recipient(s):

(e-mail address removed)
-----------------

It raises some concern as user inform me that an email has never been sent
to this business contact in recent weeks, and no email has ever been sent
with that subject title. Checking of the Journal Mailbox confirm this is
true.

The email header of the return receipt email was checked from the user's
machine. It appears to be generated from the business contact's company.
I.e. "From: Mailer-Daemon:ext.domainname.co.uk". Using Message Tracking
Center in Exchange System Manager, other previous genuine return receipts
from the same email address can be found.

Now the concern is how could the user receive a return receipt for an email
that has not been sent, but more worry about the content of that
inappropriate email the receipent (might) received and believe it was sent
from the user.

If someone (internal) has sent an email using the user (A)'s account, then
the outgoing email would still be logged in the journal mailbox, but this
could not be found. Is it possible that someone (external) could construct
an email, send it to "(e-mail address removed)" and got their email
software to believe it was originated from us?

Please could you advice how this could be investigated further? Many thanks
in advance,

 

[Nikki Peterson [MVP - Outlook]]

Understanding E-mail Spoofing
http://www.windowsecurity.com/articles/Email-Spoofing.html

Email "Spamming" and Email "Spoofing"
http://www.lse.ac.uk/itservices/help/spamming&spoofing.htm

e-mail spoofing - Definition
http://www.webopedia.com/TERM/E/e_mail_spoofing.html

If you receive a snail mail letter, you look to the return address in the
top left corner as an indicator of where it originated. However, the sender
could write any name and address there; you have no assurance that the
letter really is from that person and address. E-mail messages contain
return addresses, too - but they can likewise be deliberately misleading, or
"spoofed." Senders do this for various reasons, including... (Follow the
link above for the full explanation).

Nikki Peterson

 

[will~]

Thank you Nikki,

Following the instructions from the webpage article "Understanding E-mail
Spoofing" I have compared the message header with the email address in the
"From:" field in the top left corner of the Return Receipt, and the email
addresses are identical.

It appears that the Return Receipt has been generated from the business
contact's exchange server. What I do not understand is how could a return
receipt generated if a email has not been sent to them. Please could you
advice further?

 

[Nikki Peterson [MVP - Outlook]]

The business did receive an email that "appeared" to come from
your client. They sent a receipt to your client because it appeared
to them that your client sent it.

The business received an email that was "Spoofed" with your
clients address.

Nikki