MessageTrace

Roger Roger 5,711 Reputation points
2024-08-21T22:35:17.3366667+00:00

Hi All,

I am using exchange 2016 hybrid environment. we create users in onprem and migrate to online. One of my user sent an email to 450 recipients in Bcc, but the email was received by 470 users. The email should not have been received by one particular user, let's say User2. I want to understand how this email was delivered to User2. There might be a forwarder or a transport rule involved. How can I trace this? Here is the information I have:

Sender Email: user1@contoso.com

Recipient Email: user2@contoso.com

Message Subject:

Message ID:"

Microsoft Exchange Online
Exchange Server
Exchange Server
A family of Microsoft client/server messaging and collaboration software.
1,258 questions
Microsoft Exchange Online Management
Microsoft Exchange Online Management
Microsoft Exchange Online: A Microsoft email and calendaring hosted service.Management: The act or process of organizing, handling, directing or controlling something.
4,482 questions
Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,598 questions
Microsoft Exchange Hybrid Management
Microsoft Exchange Hybrid Management
Microsoft Exchange: Microsoft messaging and collaboration software.Hybrid Management: Organizing, handling, directing or controlling hybrid deployments.
2,066 questions
{count} votes

Accepted answer
  1. Jake Zhang-MSFT 4,900 Reputation points Microsoft Vendor
    2024-08-22T05:18:49.24+00:00

    Hi @Roger Roger,

    Welcome to the Microsoft Q&A platform!

    To trace how an email was delivered to User2, you should perform a message trace and check for possible forwarding or transport rules. Here's a step-by-step approach:

    Step 1: Perform a Message Trace

    1. Log in to the Exchange Admin Center (EAC) or Office 365 Security & Compliance Center:

       - For Exchange Online, go to https://protection.office.com.

       - For an on-premises Exchange 2016 environment, go to your EAC.

    1. Navigate to the message trace tool:

       - In the Security & Compliance Center, go to Mail flow > Message trace.

       - In the Exchange Admin Center, go to Mail flow > Message trace.

    1. Run the message trace:

       - Enter the details of the sender (user1@contoso.com), recipient (user2@contoso.com), and potentially the time range when the email was sent.

       - Optionally, you can use the Message ID if you have it for more accurate results.

       - Run the trace to see the email’s journey and check if it got forwarded.

    Step 2: Review the Message Trace Results

    • Check for Forwarding Rules: Look at the detailed message trace results to see if the email was delivered directly to User2 or if it was forwarded by another mailbox.
    • Check Transport Rules: Look for any organization-wide mail flow rules (also known as transport rules) that might have added User2 as a recipient.

    Step 3: Check Forwarding Settings on Mailboxes

    1. Individual Mailboxes: Ensure that no mail forwarding is set on the mailboxes of the other recipients.

       - In EAC, go to Recipients > Mailboxes.

       - Select each mailbox and check Mail Flow Settings (e.g., Delivery Options).

    1. Shared Mailbox Settings:

       - Check if any shared mailboxes or groups have forwarding enabled that might include User2.

    Step 4: Review Transport Rules

    1. Navigate to Transport Rules:

       - In the EAC, go to Mail flow > Rules.

      

    1. Review Rules:

       - Check the transport rules to see if any rules could have caused the email to be forwarded to User2.

       - Look for rules that involve modifying recipient lists or adding recipients.

    Additional Considerations

    • Distribution Groups: If the email was sent to a distribution group, ensure that the distribution group did not include User2 or any nested groups that could have User2.
    • Mailbox Delegation: Check if User2 has delegate access to any other mailbox that received the email.

    By following these steps, you should be able to trace the path of the email and understand how it was delivered to User2. If you find something unusual, like a forwarder or transport rule, you can then take appropriate action to prevent this from happening in the future.

    Please feel free to contact me if you have any queries.

    Best,

    Jake Zhang


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.