none
Outlook 2007 IMAP Bug

    Question

  • I submitted a bug report on this several months bug, but I never heard back and it was never fixed in SP1 that was released today.

    It is dead easy to duplicate - send an email to one of your IMAP accounts that has a read receipt requested.  Send this message from one of your own accounts so that you get the read receipt.  Open Outlook 2007 so that the message is downloaded/cached.  Close Outlook 2007 and then delete that message (fully - delete and purge) from another client (different PC or webmail).  Now open Outlook 2007 again and do a send and receive.  Sometimes I need to close Outlook and reopen it.  During either the first or second open it will automatically send a "deleted" read receipt to the sender.

    This occurs even if I have turned off the sending of receipts in Outlook, and I am never prompted.

    This is very frustrating, and is quite the deal killer for me to put 2007 on any of my production machines.  I cannot have my clients getting messages backing saying I have deleted their email without reading it when that isn't the case.
    Tuesday, December 11, 2007 11:48 PM

Answers

  • Hi,

     

    Thanks for the contacting Microsoft. The issue has been reproduced and has been filed as a bug by us. I will update this post, when the issue is fixed.

     

    Thanks,

     

    Harjit.

    Friday, December 28, 2007 1:58 PM
    Moderator

All replies

  • Hi,

     

    I am looking for the information on the request you have posted. I will update you as soon as possible.

     

    Thanks,

     

    Harjit.

    Thursday, December 20, 2007 5:12 PM
    Moderator
  • Hi,

     

    Thanks for the contacting Microsoft. The issue has been reproduced and has been filed as a bug by us. I will update this post, when the issue is fixed.

     

    Thanks,

     

    Harjit.

    Friday, December 28, 2007 1:58 PM
    Moderator
  •  Harjit-MSFT wrote:

    Hi,

     

    Thanks for the contacting Microsoft. The issue has been reproduced and has been filed as a bug by us. I will update this post, when the issue is fixed.

     

    Thanks,

     

    Harjit.



    Thanks - this will be great.  I have four machines that I would like to get moved to Office 2007 and haven't been able to because of this.
    Friday, January 04, 2008 2:27 PM
  • Any update on this?

    Thanks.
    Thursday, February 07, 2008 6:34 PM
  • Hi,

     

    Once a bug is filed, it takes some time for the product team to decide whether this bug will be fixed in the current version or not and if they decide to fix it, then it will be available in next patches or service pack etc.

     

    Harjit will update you regarding the decision of the team regarding it.

     

    Friday, February 08, 2008 6:30 PM
    Moderator
  • Any updates on this bug? It's really a pain when several outlook 2007 clients are sending out unauthorized notifications (500-1.000 once in a while). We'd really like to see this bug fixed, moving to Thunderbird can't be the solution?
    Monday, June 02, 2008 12:57 PM
  • I believe I have the same or similar bug.  I use Outlook 2007 to read my Gmail via IMAP and I have work setup to forward emails to Gmail so that I can access them at home and on my mobile.  My work machine is setup to request read receipts.

     

    Even though my home computer is setup to never send read receipts (Options->email->tracking) whenever I read my Gmail in Outlook it sends read receipts.  Very annoying as I get 100-200 emails a day and all the read receipts show up on my mobile as new emails.

    Thursday, June 26, 2008 3:57 AM
  • I discoverd the same issue today after moving both business and personal accounts to Gmail and using IMAP.  The difference for me was that I deleted mail I hadn't read within Outlook.  My "Tracking Options" are set to "never...", but it sent about 20 "Not Read" receipts after I cleaned up my mailbox in prep for uploading to Gmail.

     

    One workaround - not elegant but meets the intent of not sending receipts - is to set it to "Ask me before sending a response".  I tested that and it works. I don't know if it would work in the use case above where a different method of moving/deleting the mail is used.

     

    Looking forward to a fix...

    Wednesday, July 16, 2008 6:17 AM
  • I think that this bug is serious enough to be fixed ASAP. This is a bug created in Outlook 2007 ans should be solved under Outlook 2007.

     

    Saturday, July 26, 2008 12:19 AM
  • I'm seeing the same thing with messages in GMail's "Spam" folder.  "NOT READ" replies are being automatically generated for spam even though I have all of Outlook 2007's message tracking options disabled.
    Monday, July 28, 2008 1:25 PM
  • I have ecountered the exact problem with Outlook 2007 and IMAP.  Has a fix for this been released?

    Tuesday, September 23, 2008 5:23 PM
  • I am seeing the same thing.  It seems like Microsoft might have released a patch to Outlook this week, as this only started yesterday (Wed 23rd Sep 2008) for myself and a colleague and I have found that Outlook is sending "Not Read" notifications out to random e-mail addresses, shortly after spam stored in a folder on our IMAP server was automatically deleted.  (I have the tracking options in Outlook set to 'Never').

    I've blocked the sending of read / no-read receipts on our mail server with a filter rule, so the mails do not actually get sent out.
    Wednesday, September 24, 2008 8:03 PM
  • Why is it taking so long? This is a security problem. Due to this bug Outlook released my e-mail address to spammers who have now trashed the addess. Is Microsoft going to fix the problem or should I switch to Thunderbird now? By the way, not only was the e-mail adresss to which the spam was addressed released, but so was the address of another e-mail account on Outlook, which Outlook decided to use for the receipt response.

     

    Thursday, September 25, 2008 7:23 AM
  •  

    Hi Harjit,

     

    Could you mail the bug number to andreyka@microsoft.com? Thanks in advance. 

    Friday, September 26, 2008 6:58 AM
  • Wow. This bug was posted in January. It's late September and no fix has been posted.

    I guess this is Microsoft's way to force more people to use their awful Exchange Server. The bug just allowed at least four spammers to verify my e-mail account. Thanks, Microsoft.

    I am moving to Thunderbird, and with me an organization of 20 people. I will also asking for money back on the Office 2007 suite for an equal amount of licenses. This is disrespectful to Microsoft customers.


    Richard

    Friday, September 26, 2008 1:57 PM
  • To add to the few previous comments, it looks like there has definately been some kind of change made recently to how Outlook 07 handles either "Disposition-Notification-To" or "X-Confirm-Reading-To" - when my mailserver deletes spam (which it does daily, after it has been sitting in the spam folder for 3 days) my Outlook will send out "Not read:" messages to selected addresses (not, luckily, every single one... I only download headers not full emails for my spam folder) using whatever my default mail profile is.

     

    This could make it easy for spammers to work out an address is real (as suggested above) but more likely the address being sent to is either non-existent or a third party, in which case it makes my email address much more likely to be considered spam.

     

    Any updates would be appreciated

    Saturday, September 27, 2008 7:13 PM
  • Yes, Outlook is helpfully spewing out read receipts for all the spam I'm pulling off my imap server even though it's configured to never send receipts... and I'm getting bounces for all the invalid addresses.

    I'm trying to decide it it's worth the effort of filtering the receipt requests at the server or just trashing outlook.

    Given my past experience, I would not hold your breath for a fix.
    Saturday, September 27, 2008 9:07 PM
  • http://www.microsoft.com/communities/newsgroups/list/en-us/default.aspx?dg=microsoft.public.outlook.general&tid=a8139e3f-69b2-425c-8750-8f02ec8bdbe3&cat=&lang=&cr=&sloc=&p=1&mid=4836bdb6-da28-42d9-acf6-b8059863f9fe

     

     

    newsgroup thread I was posting in before I found this forum post.

     

    Assuming everyone's view of what's happening is accurate, it looks like this is affecting 2003 as well.

    Sunday, September 28, 2008 12:25 PM
  • ah, microsoft haven't changed anything, the spammers have Smile

     

    1 month ago no spam in my junk folders out of about 8000 had the line
    "X-Confirm-Reading-To" in it. Today 962 out of 1440 does - hence why
    everyone's started noticing this. Additionally about 40 of those 1440 is in
    itself read-receipt backscatter, and most of the rest is standard smtp server
    backscatter. In other words, this issue is only going to get worse.

    Monday, September 29, 2008 9:16 AM
  • I can't understand what is taking Microsoft so long to reply to this. There surely has to be some communication to users even if there isn't a fix.

    This is a real isuse for my network. We're working using Outlook 2003 and we've just purchased a number of 2007 licenses which have been put in to production. Moving over to Thunderbird isn't really an option at the moment otherwise we'd do it - but it is being seriously considered.

    As said previously, once spammers cotton on to this, a serious problem will develop.

    If anyone from Microsoft is actually checking this can they prompt the required team for some kind of feedback and ideally a solution!


    Monday, September 29, 2008 12:17 PM
  •  

    I don’t understand how an issue of this magnitude can still be open since January... it seems to me like Microsoft is trying to play there hand in forcing people to use their mail system... though this issue will most likely cause some animosity to Microsoft products which will in turn make people start switching to Linux or Mozilla style alternatives... I don’t know about anyone else here, but Thunderbird or Evolution are starting to look like my alternatives... you can also bet the 500+ users I deal with day to day will be requesting their money back for the Microsoft office package...

     

    Thursday, October 02, 2008 5:11 PM
  • I'm using Outlook 2003 w/IMAP and gmail.  I have all tracking options turned off and have not noticed a problem until just now.  I got the popup that said the IMAP server had disconnected.  I clicked "connect to gmail" under the File menu and noticed that the footer said "sending".  I check the sent folder and outlook had sent to read replies to emails containing disposition-to headers.  Very disturbing.
    Thursday, October 02, 2008 9:49 PM
  • Guys, agreed spent ages making the jump from an organised pst file previously using pop to the 'more' manageable IMAP only to find to my horror Outlook and MDN's are a spammers best friend.

    The trail of sent messages with subject beginning "Not Read" is constant nauseous reminder that my email address is making to the spammers united lists as an active account ready to receive . . .

    Sample:

    Your message

     

          To:   Default Email Account (in outlook)

          Subject:    10 ways to fulfill her xxxxx.

          Sent: 26/09/2008 13:32

     

    was deleted without being read on 04/10/2008 12:58

    This issue alone makes a mockery of the monthly download for the Junk E-mail Filter update for Outlook.

    Does anyone know for sure if outlook client is able to override action-modes and sending-modes of disposition notifications?


    Workaround
    In the meantime I have put the following workaround in place to stop outlook sending MDN's for spam mail (yes tried changing the tracking option to never and ask - no change) by unsubscribing the junk email folder to IMAP folders until a more permanent solution arises for outlook / imap integration.

    Sunday, October 05, 2008 2:35 AM
  • i did that work around, it worked ok till someone accidentally clicks on the junk folder... it automatically syncs them and causes all the receipts to be generated and delivered...

    i'm actually working on modifying my servers to delete "not read" receipts before sending, as well as removing any and all "receipts" from e-mails once they are classified spam.
    Sunday, October 05, 2008 3:17 AM
  • I've written a pre-SMTP queue config script which dumps any messages with "Not Read:" in the subject to a dedicated mailbox.

    So far this mailbox has in the in region of 2,000 messages from just over 1 week.

    Nice work Microsoft
    Thursday, October 09, 2008 10:02 AM
  • Monaghans,
    Please - could you possibly upload your script with small set of how-to instructions, so that we may all use it?

    This bug is a major disturbance for me for a very long time now
    I'm working with multiple IMAP accounts,
    Some of them are shared, meaning they are accessed by many people from many locations at the same time,
    so i don't have to purge messages at all, other people with access to my mail boxes purge messages on these boxes,
    every couple of minutes.

    (the inbox of support@my-company.com is managed by support TEAM, an email hits this box every couple of minutes,
    and as soon as it is answered by a supporter, it's moved to another folder on the IMAP box, and the inbox is purged.
    so if i just leave my outlook open, it will send out "not read"
    receipts for all of these emails (hundreds of emails per day!)
    plus, these "not read" receipts are sending out with my PERSONAL email address (which is the default one on my outlook)

    I simply can't begin to describe how this looks, and how quickly this uber-bug must be resolved.
    I have no doubt that people can sue microsoft for this & win.

    I'm sure that this is a major
    disturbance for everyone that uses IMAP with outlook
    the thing is, this bug is not easally detected, so many people could be suffering from it,
    and simply not know about it.

    Monaghans,
    Please consider making your script public, it will be much apriciated.

    All the best,
    Ktopaz.
    Tuesday, October 21, 2008 1:52 AM
  • This is a major issue.

    I have no exchange server, just several imap accounts (including gmail) configured in outlook on several computers.

    I have recently started to have a crapload of not read: emails start to send on my default account on all computers - I then get the bounces back on these.

    Can you please make this a high priority. I never want to send any form of receipt - EVER - the option to ask clearly doesn't work, its meaning that I am having responses go out to spammers confirming my address, and even worse it is from my default address which was the name of my catchall account which I have _never_ used - so now that address has gone to many spammers meaning they are now spamming that address.

    IMO this is the behaviour is fundamentally broken, and sadly I have no ability to filter these reciepts on a mail server like others have. outlooks is violating my privacy and potentially getting me blacklisted when people are reporting these not read mails as spam on their webmail interfaces.

    A while ago I had issues when moving mails between folders sending not read reciepts out for old mails on mailing lists etc.

    This needs to be fixed, it needs to be fixed _NOW_ if I am to not just start using thunderbird instead

    Thursday, October 23, 2008 6:23 AM
  • I have just experienced this too.  I initially thought I had a virus, turned out Outlook was the virus!  The small number of people posting here is likely due to the small number of people actually finding out/realising that outlook is actually at fault.  As stated before, this is a serious security issue.  It is offensive of MS's customers that such a serious issue is ignored when it was first raised months ago (how are we to believe they take security seriously?!?)!!!

    No doubt this message is futile, but please, if you read this thread and have the same problem let it be known so that something might get done about it.  It the meantime, I'm going to use thunderbird... if this doesn't get resolved soon it will be a permanent change.
    Thursday, October 23, 2008 1:25 PM
  • We also have this problem and 50 licenses of Outlook 2007 in use and waiting for the bug fix.

     

    Hello Microsoft!

     

    Thomas

    Thursday, October 23, 2008 1:52 PM
  • I've got one client with 2000+ seats moving to Thunderbird... They had planned to upgrade from Outlook 2003 to 2007 till i showed them this issue and microsofts lack of response.

     

    They also requested i look into deploying Scalix to replace the exchange 2000 environment as well as scrap the exchange 2007 upgrade plan.

     

    Microsoft is loosing plenty of licences on this one... gotta love the lack of action

    Thursday, October 23, 2008 6:19 PM
  • thank goodness I found this thread. I am also experiencing this problem. I understand sp2 was announced today, so maybe this will contain a fix?

    Jon
    Thursday, October 23, 2008 6:29 PM
  • Add me to the list that have this problem.Spent all morning thinking I had some trojan/virus. The problem for me didn't start till yesterday aternoon.
    Thursday, October 23, 2008 6:37 PM
  • Experience the same issue.

    MS - please fix this asap.

     

    /Claus P

     

    Friday, October 24, 2008 6:19 AM
  • Yet another one affected and suitably unimpressed at having spent a couple of days chasing a non-existent virus that I PAID FOR. Thanks, Microsoft. Fix please?
    Friday, October 24, 2008 10:03 AM
  • My isp was telling me that I was senting lots of smtp out, I told them they were full of *** because I had left my laptop set up tcpdumping between the router and the firewall here at home to see if there was any.

    Turns out this only seems to happen when I am deleting emails on the laptop, then the desktop goes and sends these unsolicited spams out to other people.

    As SNL said

    FIX IT, FIX IT, FIX IT....
    Friday, October 24, 2008 10:16 AM
  • Think I have the same issue at home. Received a lot of bounced email from strange addresses.
    Temporary solution was to uninstall office 2007:-(

    Please fix asap!


    Friday, October 24, 2008 11:12 AM
  •  

    Same applies to me.

     

    Outlook 2007 is sending mails without being told to do so.

     

    Is it a "bug"? .... Sure

    Is it Microsoft's fault?..... Sure

    Is Microsoft aware of it?..... Not sure, 'cause I don't know whether Microsoft tracks these forums. We probably need a $$$-support-contract to get this fixed.

    Can we blame Microsoft for this?..... If they do not track these forums/this thread: YES!

     

    Is this a solution?.... No

     

    Just my 2 euro-cents

     

    Friday, October 24, 2008 12:32 PM
  • Hello, Microsoft: This is a SERIOUS security issue!

     

    I fell victim to this bug yesterday and spent considerable amount of time looking for viruses etc. before realizing it was Outlook that was spamming these "Not read" notifications to innocent people (since the spam messages that activated this bug usually use harvested email addresses as senders) without my permission, without informing me and using my personal mail account details to do that, ie. making me a spammer!

     

    Posts in the first page of this thread make me believe Microsoft has known of this bug since 2007, and they have done nothing to fix it. Frankly, it is quite obvious that phrases like "Trustworthy Computing" etc. are just lies.

     

    This is inexcusable and needs to be fixed now! Not ASAP, not during the monthly security updates but NOW! No ridiculous workarounds like the one mentioned in this thread: https://forums.microsoft.com/Forums/ShowPost.aspx?PostID=3954259&SiteID=1, please! Just a fix that works. Personally I'll never trust Outlook again, but most people using it have no real choice.

     

    Then again, seeing as Microsoft has been ignoring this issue since last december or so, I guess the only chance is to make this thing public, so more people will be aware of this and won't waste their time looking for the "virus" that made them spammers.

    Friday, October 24, 2008 2:33 PM
  • to be fair, the symptoms of the original problem didn't include spamming random people (as in the original problem as described it just involved spamming _non_ random people) - this wasn't an issue until last month when spam emails started requesting read receipts.

     

    As of this morning none of the spam emails I received in the last 3 days are still asking for receipts - it must have been one specific "batch" that was sent out.

     

    This doesn't mean this isn't a serious problem and it doesn't mean it shouldn't be sorted ASAP.  There the argument that MS should have realised the potential of the original bug.  But nevertheless, the problem with spam emails is only just over a month old, so maybe _some_ slack should be given (for now, anyway Stick out tongue )

    Friday, October 24, 2008 2:43 PM
  • This precise problem has been going on much longer than a month.  I've been aware of it since the beginning of the year, but that was only because it was then that I started using the combination of Outlook/IMAP/Gmail for the first time.

    Considering the nature of the problem, I'm really disappointed that Microsoft hasn't done anything about this.


    Friday, October 24, 2008 6:43 PM
  • I reported this as a bug well over a year ago.  The thing is that most don't even know it has been occuring on their systems all that time.  MS seem to have a total lack of interest in resolving the problem because it isn't evident in anything other than IMAP accounts - and quite frankly it is a poor excuse for an IMAP client anyway.

    Thunderbird is the way to go and those wanting calendering etc, use Outlook for that!  Scalix is an excellent solution BTW .. far better bug response than MS.


    Klaus

    Saturday, October 25, 2008 11:28 AM
  •  

    AH HA! So this is why Outlook is sending spam through my GMAIL account. At first I thought I had been hacked, but then I checked the header and it showed it was sent though Outlook. So then I thought I had a virus. Now I see it's just a stupid loophole that MS forgot to close! I have Outlook 2007 as well. I hope a fix comes soon! Fortunately I don't think it has sent any mail to someone I actually know, because I keep getting "cannot be delivered" messages. However the whole thing has me on edge, and Microsoft NEEDS TO FIX THIS NOW!

    Saturday, October 25, 2008 4:00 PM
  •  Mangutee wrote:
    Workaround
    In the meantime I have put the following workaround in place to stop outlook sending MDN's for spam mail (yes tried changing the tracking option to never and ask - no change) by unsubscribing the junk email folder to IMAP folders until a more permanent solution arises for outlook / imap integration.

     

    I have Outlook 2007 and sync to Gmail via IMAP.  I tried using this workaround, and, to my dismay, when I unsubscribed from the 'Spam' folder, all of the 'Not Read' mails were generated and sent out...

     

    I guess I am lucky that I only sent 19 of these since I had 857 messages in my Spam folder when I unsubscribed from it.  Nevertheless, it is still not what I was hoping for... is there a better workaround at this point or did I do something wrong?
    Saturday, October 25, 2008 9:28 PM
  • I am installing Mozilla Thunderbird as I write this.

     

    I have simply had enough of the security holes and unreliability of Microsoft Outlook and I am voting with my feet. I will be recommending that all of my clients do the same.

     

    IMAP meets my needs and those of my clients and I have no intention of revising all of the e-mail servers I administer to fix a deficiency in a client application. I have been using Thunderbird in parallel with Outlook for some months now and I have not had a single issue with it, compared with regular crashes in Outlook. Now, the fact that Outlook has been sending out spam from my account without any security breach, and Microsoft have done nothing to fix the problem in months is simply the last straw.

     

    In short: The ultimate work-around for this problem? Ditch Outlook.

     

    Saturday, October 25, 2008 11:11 PM
  • I just got hit with bug on Friday (Oct 24, 2008).  I too started receiving mail from mail-list servers telling me that my message about pleasing my wife was rejected because there was no such address at this mail server.  I looked in my sent Items folder on GmaiI and found 10-14 messages to people I didn't know sending messages I had not sent.  I thought my Gmail account had been compromised and changed all my passwords.  The symptoms seemed to clear up for a day, until I realized my smartphone was not synchronizing.  Oops.  Need to reset the passowrds in the phone.  Again, I started spamming the world with Canadian Meds and all sorts of odd topics.  

     After that I suspected the phone was the problem, maybe I'd been bluetooth scanned, I didn't know.  I took all accounts out of my phone.  this morning I looked and I've sent out another batch of spam at 10:01pm last night, right about the time I stopped using the PC for the night.

    I discovered this thread this morning and realized I have this problem as well.  Microsoft, please help us...

    Monday, October 27, 2008 3:31 PM
  • I thought my system was compromised, too, either by a virus or some malware. I almost went to the extreme of re-installing until I found this thread that explained what was going on.

    Microsoft needs to make this issue a priority because this bug can, and has, exposed our e-mail addresses to spammers.

    In another thread I found a workaround which I'm about to try, which is to unsubscribe to the spam folder, but that doesn't do anything for spam that slips through the filters. PLEASE fix this ASAP Microsoft. It's been an open bug for way too long.
    Tuesday, October 28, 2008 2:03 PM
  • Hi All,

     

    Same problem here. I am about to log a call with our support provider who will escalate into the right bits of MS Support if they don't have news of a fix.

     

    Our initial testing has also shown that OWA Light ignores your preference not to send "not read" receipts, which may or may not be related - and would make the problem server-side on Exchange, rather than Outlook related. This may be related to us "possibly" - and I stress this as it needs more testing, also seeing the issue *without* Outlook connected when a retention policy is run over night.

     

    Updated: Or of course it may be two seperate bugs, one in Outlook and one in Exchange. Call has now been logged.

    Tuesday, October 28, 2008 2:32 PM
  • Interesting.  If it does affect Exchange, it would certainly improve the likelihood of getting a fix sometime.  If they change it on the Exchange side, though, it's not likely to help anyone using standalone Outlook.

    Tuesday, October 28, 2008 6:02 PM
  •  

    It just happened to me again this morning! It sent out about 19 messages!

     

    What I am wondering is HOW this all started happening to us, because this didn't happen when I FIRST started using IMAP with GMAIL. It's only within the last couple of months this started happening to me.

     

    Either way, Microsoft needs to act soon! Now I have a lot of patience, but it is wearing thin. I like Outlook, I really do, but if they can't fix this bug, I may be jumping ship with the others over to Thunderbird. I would do more than that though, I would try talking to all my friends and family about the issue too (some who don't have office yet!)! I would also not consider buying the next office version. I don't want to have to take these measures, but this is ridiculous. Please fix this Microsoft! = \

    Wednesday, October 29, 2008 12:26 PM
  • it's only sporadic because it's only certain spam mailshots that have read receipts requested... for example, I first had this in the middle of september (as did several others) but haven't had this issue at all since (though I bet it will again soon) as i've not received any spam with the bad settings

     

    Wednesday, October 29, 2008 12:37 PM
  • UGH!

    Add me to the list.

    I have been using OL2007 with Gmail IMAP since Google released it some time ago.  I noticed this happening 2 days ago (the bounced read receipts) and now wonder how many I actually sent that were received.  I am very security conscious - guarding my email address from spammers and deleting what little junk mail gets through Google's filters, so when I saw this, I immediately freaked out!  I quickly disabled my network card, booted into safe mode and ran two AV scanners and three Anti-spyware scanners on my system overnight.

    Imagine my shagrin to awake to discover no viruses and only a handful of cookies found by the scanners!  So, for two days, I have been only using web-based email until I had more time to investigate.  As luck would have it, I happened to be listening to Leo Laporte's Security Now "netcast" (Episode 165) with Steve Gibson and this exact subject came up (preventing me from beating my head against the wall any further).  Man...do I get lucky sometimes!  I was relieved to find out that this is not something I screwed up.  However, at least if it was a virus or spyware, I could just reimage my drive and all would be good.

    Since I have no way of fixing this (maybe unsubscribing the Spam folder works, we'll see), shame on Microsoft for allowing this to continue for so long.  We understand mistakes, but ignoring them is irresponsible, especially when it comes to security!


    Wednesday, October 29, 2008 9:22 PM
  • I'm beginning to thing that the only way to get a fix for this in our lifetimes will be to get it a little media exposure.  I'll bet Microsoft would be much more interested if the security hole started getting mentioned on sites like Ars Technica, Engadget, Life Hacker, etc., etc.
    Wednesday, October 29, 2008 11:07 PM
  •  Oscar Fowler wrote:
    I'm beginning to thing that the only way to get a fix for this in our lifetimes will be to get it a little media exposure.  I'll bet Microsoft would be much more interested if the security hole started getting mentioned on sites like Ars Technica, Engadget, Life Hacker, etc., etc.

     

    YEAH! Good idea. Everyone should also contact their favorite tech magazine (PC World, Maximum PC, PC Magazine etc...), they usually have a Watchdog/editorial section that you can contact.

    Thursday, October 30, 2008 12:01 AM
  • It is happening to me too...

    I've done some googling and no permanent fixes so far, however a few solutions have been suggested.

    1. Create a dummy default account. Outlook uses the default account to send the spam so if you got a dummy account nothing will be sent.

    2. Apparently you can unsubscribe from the gmail junk and allmail folders (i have no idea how to do this so if someone works it out please post)

    Also there is a thread here that is tracking the problem, please post on there too if you have solutions

    http://forums.techguy.org/general-security/753746-outlook-2007-sending-spam-5.html
    Thursday, October 30, 2008 11:57 AM
  • Can everyone detail when posting which Messaging Server they are using please?

    This might help identify where the problem with the fix lays. I.E Why M$ haven't fixed it yet.

    I'm currently using a Postfix MTA with Courier IMAP. I'd be very interested to see if this happens with an IMAP connection to an Exchange server.

    The pre-SMTP queue header checks is the only way around this without having to reconfigure each outlook client. Obviously, this workout will only work if you have a SMTP server which will allow such customization. As bad and dirty as this workaround is, it prevents spammers gaining valid email addresses. It also stops users asking questions - which when replied to with "it's a microsoft problem" - they think they are being fobed off. 

    If anyone is using postfix then I'll quite happily post the pre-header check if they are unfamiliar with this method of smtp queue control.
    Thursday, October 30, 2008 2:41 PM
  •  Monaghans wrote:
    Can everyone detail when posting which Messaging Server they are using please?

    This might help identify where the problem with the fix lays. I.E Why M$ haven't fixed it yet.

    I'm currently using a Postfix MTA with Courier IMAP. I'd be very interested to see if this happens with an IMAP connection to an Exchange server.

    The pre-SMTP queue header checks is the only way around this without having to reconfigure each outlook client. Obviously, this workout will only work if you have a SMTP server which will allow such customization. As bad and dirty as this workaround is, it prevents spammers gaining valid email addresses. It also stops users asking questions - which when replied to with "it's a microsoft problem" - they think they are being fobed off. 

    If anyone is using postfix then I'll quite happily post the pre-header check if they are unfamiliar with this method of smtp queue control.

    Hi,

    this would be very useful to know.  can this method be used to filter outgoing emails only? (in the unlikely event we ever receive legitimate not read recipts)
    Thursday, October 30, 2008 4:14 PM
  • Got a long list for that one...

    1. Noteworthy IMAP
    2. Gmail IMAP
    3. POSTFIX - IMAP
    4. Exchange IMAP

    So in other words, any and all IMAP connections i am able to reproduce it with...

    Specifically, if an item is synchronized down to outlook 2007 using IMAP, and it is deleted from the server through another means (webmail, Pop download, Server Purge), when outlook syncs again to the folder and recognizes the item is not present, it sends the "NR" receipts.

    I've heard Exchange does this as well if you run a auto purge, but being in 3 out of 4 cases i'm not even using exchange, its evident to not being a server issue.

    incidentally, after speaking with microsoft and reporting this issue, i was told to "Pay" for a support case for them to look into this one.

    I have instead decided to relay that standing to my customers, which have decided to migrate away from Microsoft products whenever they can.



    Thursday, October 30, 2008 4:24 PM
  •  127frymaster wrote:
     Monaghans wrote:
    Can everyone detail when posting which Messaging Server they are using please?

    This might help identify where the problem with the fix lays. I.E Why M$ haven't fixed it yet.

    I'm currently using a Postfix MTA with Courier IMAP. I'd be very interested to see if this happens with an IMAP connection to an Exchange server.

    The pre-SMTP queue header checks is the only way around this without having to reconfigure each outlook client. Obviously, this workout will only work if you have a SMTP server which will allow such customization. As bad and dirty as this workaround is, it prevents spammers gaining valid email addresses. It also stops users asking questions - which when replied to with "it's a microsoft problem" - they think they are being fobed off. 

    If anyone is using postfix then I'll quite happily post the pre-header check if they are unfamiliar with this method of smtp queue control.

    Hi,

    this would be very useful to know.  can this method be used to filter outgoing emails only? (in the unlikely event we ever receive legitimate not read recipts)


    Header checks are performed on any message entering the smtp queue. So this is outgoing or incomming. I'm unsure if you can specify. I guess you could add another condition saying if subject:.Not Read/ AND from:.@yourdomain.com/ - but I don't know the syntax for that or if it's possible - sorry.

    In /etc/postfix/header_checks
    [code]
    #
    # Entry to redirect all messages containing Not Read in the subject to ####### to get around outlook 2007 read receipt bug
    #

    /^Subject:.Not read/                            REDIRECT someaccount@yourdomain.com
    [/code]

    After you do this watch the mailbox fill up. Mark all as read then delete.
    You do have the choice of what you do with the message. You can amend it, delete it, redirect it etc... Take a look here: http://www.postfix.org/header_checks.5.html. I wanted to see the extent of this issue so I redirected them.

    This is a dirty method, but it's effective for us. I guess it would be easy enough to use rules in Exchange - but why should you have to!

    As posted above - I was told I would have to pay £200 just to speak to someone. If the problem was recognised as a bug then the money would be refunded. I only called them to see if they'd identified this bug and whether or not they'd do anything about it.
    Friday, October 31, 2008 8:51 AM
  •  Christopher J. Amatulli wrote:
    Got a long list for that one...

    I have instead decided to relay that standing to my customers, which have decided to migrate away from Microsoft products whenever they can.



    And one of those is Evolution:

    http://www.dipconsultants.com/evolution/

    While I use it in Linux against an exchange server and am happy with that, I haven't toyed with the Windows version so can't recommend only refer you to it. It will speak to the Exchange Server as well as run as many IMAP accounts you want.


    Klaus

    Wednesday, November 05, 2008 2:43 AM
  • I posted a reply earlier, but I think I goofed somewhere and lost the reply somehow.

     

    Hello Everyone,

     

    I was able to reproduce the issue on my lab computers and came up with a simple workaround based on some interesting behavior I observed.  The workaround is documented here: http://blog.impactalabs.com/2008/11/05/outlook-2007-imap-spam-bug-workaround/.

     

    Basically, I observed that the spam is only sent out as a read receipt for the IMAP account that appears last alphabetically (I had 2 IMAP accounts), and the rest are untouched.  So I ended up creating a third dummy IMAP account called z@junk.com (z,so it would appear last always) with a bogus IMAP server.  That seemed to do the trick nicely, and I haven't seen any spam reject messages from message gateways for > 2 weeks now.  Hopefully the solution above works for you as well, let me know through comments.

     

    --Kevin

    http://www.impactalabs.com

    http://www.buildingsecurecode.com

     

    Wednesday, November 05, 2008 9:09 AM
  • Hi,

     

    My experience is that it always uses your default mail account to send... strange

    Wednesday, November 05, 2008 12:18 PM
  •  

    i'm sorry, but while your idea is good for a couple users, i have 4200 users that would required this change as well as training to not accidentally send as this account.

     

    also, mine appears to come from which ever account is the default.

     

    The work around i had to employ is create a macro that deletes the mail in the spam and trash, rather than allowing the server to do it.

     

    But to be honest, all that doesnt matter as the level of frustration with microsoft's lack of response to a issue of this magnitude has now made 2800 users (across 11 of my clients) decide to drop microsoft products when they can...

     

    so far the ones that have switched, are loving the new version of open office, and i have a project to deploy scalix at two of my clients.

    Wednesday, November 05, 2008 1:50 PM
  •  Christopher J. Amatulli wrote:

     

    i'm sorry, but while your idea is good for a couple users, i have 4200 users that would required this change as well as training to not accidentally send as this account.

     

    also, mine appears to come from which ever account is the default.

     

    The work around i had to employ is create a macro that deletes the mail in the spam and trash, rather than allowing the server to do it.

     

    But to be honest, all that doesnt matter as the level of frustration with microsoft's lack of response to a issue of this magnitude has now made 2800 users (across 11 of my clients) decide to drop microsoft products when they can...

     

    so far the ones that have switched, are loving the new version of open office, and i have a project to deploy scalix at two of my clients.

     

    Hey Chris,

     

    You're absolutely right -- definitely my workaround wouldn't reasonably work in deployment scenarios of 4200, let alone 10 or more! 

     

    If you have an MS account manager or an onsite TAM (technical account manager) it might be worth having them escalate it for you.  They will have more success finding the right people, and that's what they are there for too (to help you quickly resolve issues like this).  I don't work at Microsoft anymore, but I definitely know that they care about their customers (and yes, of all sizes Stick out tongue) -- I know that doesn't help you right now either but still wanted to give you that partial inside.

     

    --Kevin

    http://www.impactalabs.com

    http://www.buildingsecurecode.com

     

    Wednesday, November 05, 2008 10:47 PM
  • Do you think this issue concerning IMAP affects 2003, 2000 and outlook express users as well? I have found it affecting a 2007 user of ours and have looked at one PC having major email issues that has 2003. This PC however doesnt have the "Not Read" emails in the sent items folder....

     

    Thursday, November 06, 2008 9:49 PM
  • Under your IMAP mail account settings, under "more settings" do you have the option "Purge items while switching folders while online" checked? I removed this option and since I haven't recieved any of these emails.

    Perhaps a coincidence.

    Saturday, November 08, 2008 8:24 AM
  •  deedubb83 wrote:

    Under your IMAP mail account settings, under "more settings" do you have the option "Purge items while switching folders while online" checked? I removed this option and since I haven't recieved any of these emails.

    Perhaps a coincidence.



    I turned this option off towards the beginning of the year.  It doesn't make a difference.


    Saturday, November 08, 2008 11:16 AM
  • Hi Everyone,

     

    Just wanted to give an update on the workaround I describe for the Outlook 2007 IMAP spam bug (Gmail) at http://blog.impactalabs.com/2008/11/05/outlook-2007-imap-spam-bug-workaround.  It's been about 3 weeks now and it seems to be working fine for me -- has anyone tried the workaround and not have the same success?

     

    --Kevin

    http://www.impactalabs.com

    http://blog.impactalabs.com

    http://www.buildingsecurecode.com

     

     

    Tuesday, November 11, 2008 12:20 AM
  •  Kevin Lam (IMPACTA) wrote:

    Hi Everyone,

     

    Just wanted to give an update on the workaround I describe for the Outlook 2007 IMAP spam bug (Gmail) at http://blog.impactalabs.com/2008/11/05/outlook-2007-imap-spam-bug-workaround.  It's been about 3 weeks now and it seems to be working fine for me -- has anyone tried the workaround and not have the same success?

     

    --Kevin

    http://www.impactalabs.com

    http://blog.impactalabs.com

    http://www.buildingsecurecode.com

     

     



    No offence, but this can not be considered a viable work around for anyone with more than a handful of users.

    There are 3 work arounds that I can see as being viable for organisations with more than say 20 users:

    1. SMTP Queue filtering
    2. Mark all as read before deletion takes place (although this isn't always an option)
    3. Install a Hotfix/Update (hint, hint Microsoft...)

    It's probably worth saying that anything which involves visiting machines simply isn't practical. I suppose you could use PRF files, but this is a whole heap of work in itself. 
    Tuesday, November 11, 2008 12:03 PM
  •  Monaghans wrote:

    No offence, but this can not be considered a viable work around for anyone with more than a handful of users.

    There are 3 work arounds that I can see as being viable for organisations with more than say 20 users:

    1. SMTP Queue filtering
    2. Mark all as read before deletion takes place (although this isn't always an option)
    3. Install a Hotfix/Update (hint, hint Microsoft...)

    It's probably worth saying that anything which involves visiting machines simply isn't practical. I suppose you could use PRF files, but this is a whole heap of work in itself. 

     

    Hey Monaghans,

     

    No offence taken at all -- I put in the beginning of the blog post that the workaround isn't practical for large, or even medium sized user bases. 

     

    If you do fall into these situations (medium or large), then you hopefully you should have an MS account manager that you can talk to.  Typically they are called TAMs or technical account managers and they are usually on site depending on the size of your company.  When I was working MS, all the TAMs I encountered were great, and responded promptly to their customer issues.  Escalate through them, and they should be able to get you in touch with the people at Microsoft who can get you a practical workaround.

     

    Good luck,

     

    --Kevin

    http://www.impactalabs.com

    http://blog.impactalabs.com

    http://www.buildingsecurecode.com

     

    Tuesday, November 11, 2008 6:28 PM
  • Well it's been a year since the original post, and no official fixes yet. :- (

     

    I will say though I haven't experienced this problem since 10/29/2008, so that's pretty good. Anyone else still getting this problem?

    Friday, December 12, 2008 9:31 PM
  •  CowboyJMB wrote:

    I will say though I haven't experienced this problem since 10/29/2008, so that's pretty good. Anyone else still getting this problem?



    Yes, it's still happening.  I just had it happen again a few minutes ago, and my machine is fully updated.

    Wednesday, December 24, 2008 3:01 AM
  • I notice that http://support.microsoft.com/default.aspx/kb/959642 has been issued, which includes the following fix:

     

    "If you read an e-mail message in Outlook Web Access without sending a read receipt, and then later you delete the message in Outlook cached mode, a non-read notification is sent to the sender of the message."

     

    While not exactly the same, it sounds like it could be related and I will be trying this out in the new year to see if it fixes the problem.

     

    As this patch is for Outlook, I dont think it will solve all the issues as we believe the issue also exists in Exchange core as we can reproduce "not read" receipts being sent mistakenly with OWA only and we also think when unread spam messages are cleaned up by MRM.

    Wednesday, December 24, 2008 9:29 AM
  • @m.r.wallis:  I just came across this thread and was wondering if the hotfix you posted worked for you?  Thanks.
    Monday, March 23, 2009 9:38 AM
  • Didn't work for us. Anyone else had any joy with this "fix"?
    Monday, March 23, 2009 3:37 PM
  • Does anyone know if Office SP2 fixes this issue?
    John Cambridge
    Wednesday, April 29, 2009 3:33 AM
  • i can't belive that there is no bugfix from MS. isn't it ?
    Friday, May 22, 2009 10:22 AM
  • As of today, August 11, 2009, Outlook 2007 installed as part of Office, with SP2 installed, and all current updates installed, still exhibits this behavior.  I started up Outlook 2007 for the first time in a while to do some testing, and started noticing the bounces in my inbox, which indicate the Subject of the bounced email to start "Not read: ", followed by the subject of the spam.  I also have a setup with IMAP on an central server, which I access from several different computers, and delete the spam from which ever computer I see it first.

    James Nachbar
    www.plastic.org
    Wednesday, August 12, 2009 3:30 AM
  • The bug is still there ! This is a major privacy issue. It is a shame that it is still not corrected as of now !

    Thursday, October 15, 2009 7:08 PM
  • I'm an office 2010 beta tester - the bug is still here.....

    i don't use IMap.


    regards,
    Stuart
    YGM.net
    NetActivated.com
    Saturday, October 17, 2009 2:03 PM
  • I don't use imap and had the same exact issue! I had to switch to incredimail b/c after running every virus scan known to man, i couldn't get rid of the bug. It's a shame b/c I liked outlook...

     

    Anthea

    www.sahmbabybaskets.com

    Saturday, October 17, 2009 2:53 PM
  • I'm having the same problem with IMAP account. Seriously, going on two years and this bug hasn't been fixed?! I really don't want to switch email clients, but Outlook is sending read receipts to email from 2-3 years ago and people are contacting me asking what's happening. Since I really don't want to look stupid to people, I'm starting the migration to Thunderbird...
    • Proposed as answer by InoEvertin Tuesday, December 08, 2009 7:27 PM
    Monday, October 26, 2009 8:39 PM
  • I ran into this problem when I switched to Google Apps for my company's email while still using Outlook as a front end.  We use outlook for so many inhouse functions it was unavoidable.

    I found that any message being cached on outlook and then read online (using gmail or another imap program) would then cause outlook to flag it as READ and disregard the RETURN RECEIPT policies in place.  To my 'JOY' it would send out read or not read receipts to anyone under the sun including spammers.

    The way I worked around this was to create another folder called 'working' and have GMAIL (or whichever IMAP mail system you are using) mark all incoming messages as read.  This would guarantee that outlook would never see the message as requiring a receipt assuming it was already handled by the mail system.

    In outlook I took any message I had actually read from the inbox and file it under the proper folders or place in the 'working' folder as my 'email I read but still want to work on'.  Now, every other email I ever get in the INBOX I consider unread.

    Hope this helps until Microsoft decides that this might not be such a good thing to delay fixing for over 2 years.
    Tuesday, December 08, 2009 7:33 PM
  • Just to keep the party going - I use Outlook 2007 as a front end for Gmail over POP.  I have never used IMAP. Every now and again, I get a random read receipt back from someone I've sent an email to, and I've never turned on "Read Receipts" in my life. I annoys me to get them, so I don't wish to subject others to things that annoy me. However, once or twice a week, I get a read receipt back.  The only consistency seems to be that the other person is using Outlook 2007 as a front end for Gmail, but I do not know whether they are using IMAP or POP.

    Hopefully Microsoft will hear the pleas of the masses and DO SOMETHING!

    Thursday, December 31, 2009 11:11 PM
  • Has this been fixed yet??  I can't make any of the work around solutions work.  I am using Office Professional 2007.
    Friday, February 12, 2010 4:53 PM
  • UNBELIEVABLE!!! That this has not been fixed yet! We are running Google Apps Sync with outlook 2007 fully updated and are experiencing the same issues! At the beginning of this post a few Microsoft employees responded and submitted a bug.. Is there any update on this bug? Please post back here.
    Thursday, May 13, 2010 9:44 AM
  • Dear Harjit,

     

    there seems to be no solution for this problem although it exists for 3! years now?

    Can you please provide us with information how to fix this more than annoying bug?

     

    Thanks,

    Jens

     

    Thursday, June 17, 2010 11:23 AM
  • I'm having this annoying problem as well.   Is there a simple fix yet or an update from MS that resolves it?

     

    Thanks.

    Tuesday, September 14, 2010 12:13 PM