We're seeing reports from users that suspect Outlook is sending spam. Some users think it means that their computer is infected with an previously unknown spambot, it's not. It's a bug in how Outlook 2007 responds to Read Receipt Requests for Junk Email
I recently found something terrible in my system. Special types of spam are sent mail to unknown domain without any notification. I'm using a Gmail account and I have no spam in my INBOX folder. But spam reports about their status from my computer, I find this when I check Sent mail folder in my Gmail account.
Spam occasionally includes requests for read receipts. In some cases this is so the spammer can check for valid email addresses but most of the time it’s not intentional or the spammer just wants to be doubly annoying since the sender’s address is invalid and the read/not read receipt bounces back to the victim in the form of an NDR.
Newer versions of Outlook offer the ability to control if read receipts are sent but there may be a bug with IMAP accounts and read receipts in Outlook 2007. When you move messages with a receipt request to the Junk E-mail folder and empty the Junk E-mail folder using another client, the setting in Tools, Options, Email Options, Tracking Options may be ignored. If so, read receipts are returned when Outlook syncs with the server and purges the junk folder.
The steps to repro are as follows:
- Send yourself some messages with receipts requested and move them to Junk E-mail.
- Sync with IMAP and update all folders then close Outlook.
- Empty junk email folder using a different client.
- Reopen outlook.
- When outlook updates the folder, it ignores the Tracking setting and always returns receipts as it syncs the junk mail folder, purging the messages deleted from the other client.
Until Microsoft releases a fix, do the following:
- Always mark messages as read before emptying the Junk Email folder.
- Always empty the Junk Email folder from Outlook.
If you don't ever want to send receipts back, set Outlook to never ask and never send, otherwise set Outlook to always ask before sending. (Tracking settings are found in Tools, Options, Email Options, Tracking Options.)
If you move message between folders, this can also trigger a Not Read receipt, since moving messages marks the message for deletion in the original folder.
To: [an address you don't recognize]
Subject: Not read: [Varying Subjects] Body:
To: [your address] Subject: [Varying Subjects] Sent: 9/25/2008 4:19 AM
was deleted without being read on 10/26/2008 9:21 AM.
The only difference between Read and Not Read receipts is the subject is prefixed with 'read', instead of 'not read' and the text says it was “read on [date]”.