Tale of the sent email

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

I am about to investigate an email three people received whereby the sender claims not to have initiated it - second time around anyway!

It's nothing naughty, or something he wishes he could retrieve, so there is no motive to say so in all fairness.

It's a plain, single exchange 2003 environment with bes installed on another box. clients run a mixture of outook '03 and '07.

an email the sender (or not in this case!) sent back last year was sent again yesterday (locally, within the exchange environment).

i am waiting to speak/connect, but some things i do know so far are:

the user did not resend this message of their own accord
the message is not in the users sent items
no one has access or send as permissions for the mailbox
the user does not use a blackberry
the message has been found within exchange tracker and does indead say it was submitted to the store
the machine is fully patched and cleared when checking with ms malicious checker.
no strange processes or ports open when checked with tcp view

any idea's on this one?

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Dr Watson helping you out ?

 

Is there anyway to tell that if the email has ever been in the users sent items, they didn't delete it from sent in a panic did they.

 

You could maybe find what time the email was sent and cross check that with when he was logged on.

Could he have left his pc unattended for a short time, time enough that someone else can sit down at it, copy paste the text into a new mail and then delete the sent mail?

 

thanks for the pointers with this chaps. after presenting them with the facts, heard no more!

Can only assume it was sent

 

Sorted!