Forum Discussion
Weird forwarding activity
We have a weird problem. It was reported that our client's email is acting strange. There are two companies involved that are actually connected but have separate Exchange accounts. Suddenly, if someone sends an email from anyone from any contoso1.com address to Email address removed the email is immediately redirected to the CEO: Email address removed (it's the CEO's named account.)
After checking all accounts for forwarding rules (including on the admin level) and finding nothing, we tried sending from a contoso1.com account (online) to Email address removed we were shocked to see that although we typed Email address removed in the SEND box, it immediately showed up in the SENT folder as having been sent to Email address removed! There is no indication in the SENT mail message of the address we typed, only the CEO's address!
Anyone have a clue?
Thanks for any help!
- Message trace (the detailed one) will give you a clue as to what's happening: https://docs.microsoft.com/en-us/exchange/monitoring/trace-an-email-message/message-trace-modern-eac
Also, you might want to check the mailbox for any stored contacts that might be overriding the address.- kdrew098Copper Contributor
VasilMichev Thank you for your help. We created an test message aimed at the target at Email address removed and got the usual result of the message being redirected on our contoso2.com Exchange server. We traced it and got the following result: (the company name is changed of course)
Message sent to contoso2-com.mail.protection.outlook.com at 104.47.57.110 using TLS1.2 with AES256
This was followed by a response saying it had been submitted
Finally a third response saying:
Message received by: DM6PR05MB5244.namprd05.prod.outlook.com
And of course, the email message is listed in the sender at contoso1.com as having been sent to the owner of contoso2.com and not the ap address.
This seems to be happening on the senders side of this communication but I don't undestand why.