Recently one of our executives received an odd email message. Initial review of the message shown that her name was in the FROM field, an external recipient was in the TO field, the subject was something like "Request Update: Original Meeting Subject" and to top it off, it shown up as unread in her Inbox.
Initial analysis suggested that the message was a spam or spoofed message, but the subject was deceiving. OK, if that were so, then someone has been infected with a virus or spam-bot. Not good. This required further investigation.
Looking at the received email's message headers, the headers do show the correct TO, FROM and even Reply-to addresses, but they are larger than "normal", containing probably 20-30 x-header entries that start with
x-Notes-Item: ;name=
For example:
X-Notes-Item: Notice;
name=FormToUse
X-Notes-Item: ;
flags=45; name=INetCopyTo
X-Notes-Item: ;
flags=44; name=INetBlindCopyTo
X-Notes-Item: .;
name=$StorageTo
X-Notes-Item: 2031619;
name=MIMEMailHeaderCharset
Ah, clue.
To go a step further, we opened up the message with MFCMapi. In here, I spotted an error that stated the message header was too large (exact wording forgotten).
The sender has confirmed this 'bug'. She hit the "Request Update" option on the meeting request received to get more details. This packages up the Lotus Notes meeting item into this format and sends it across the Internet. IMO, Outlook is unable to process this larger header and uses the first two fields that make sense.
Our local Microsoft rep could not find an existing 'bug' report filed on this. He is curious if this is possibly related to something on the Lotus Notes side.
My user appears happy with not spam, or security risk, but know bug.
Comments
Post new comment