Troubleshooter: Verifying the Illicit Forwarding of Mail

We suspect that one of our employees is forwarding mail to an outside address. Is verifying this suspicion possible?

It depends. You can always use message tracking to look for messages from or to a particular user. In Exchange 2000 Server, you can also track messages by the subject line. Another option is to check your postmaster mailbox to look for nondelivery reports (NDRs). However, these approaches assume that you know what you're looking for.

If you're using Exchange Server 5.5 and you suspect wholesale forwarding, you can use the Inbox Rules Manager to scan the Information Store (IS) for rules that forward messages to distribution lists (DLs), custom recipients or contacts, or foreign addresses. Your search might turn up the miscreant. As a bonus, when you use the Inbox Rules Manager, you can check for rules that automatically reply to messages. Auto-reply rules occasionally cause message loops. If you suspect a loop, Inbox Rules Manager can tell you whether any rules are feeding the loop by directing messages to it. Inbox Rules Manager is available only from Microsoft Product Support Services (PSS). For more information about this tool, see the Microsoft article "XADM: How to Use the Inbox Rules Manager Program" ( .com/?kbid=271603).

TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.