Update 10/29/08: Microsoft says they'll fix this in Outlook 2007 Service Pack 2! The waiting begins…
I hate Outlook 2007 with the white hot heat of a thousand suns.
Why?
Because I've just exposed my email address to thousands of spam harvesting little fucks. I've gone out of my way to not use this address for anything other than corresponding with friends and trusted business partners. If I don't know you, you get a throwaway email.
And is where the story begins.
Inbox:Spam ratio
I have a catch-all address configured that I use for signing up for for websites, and it works great. The downside is it gets a staggering amount of spam. 3 years worth of messages and I've got 2758 messages in my inbox. And there are 10,041 pieces of spam in the past 30 days.
That's fine though, because I've only had a few false-positives that I care about (or at least noticed), and I don't even look in the Spam folder unless I'm expecting something. To make my life easier I've been POPing my mail into Outlook, the one downside being that it doesn't synchronize reads or deletes. When I upgraded my desktop last week I decided to switch to IMAP, because who doesn't want more synchronization, right?
It turns out there is an incredibly nasty bug in Outlook 2007. Scream and pull your hair out and pray for testicular cancer in all of the male developers bad. Not data loss, no, that's manageable if you backup regularly. No, it's not emails not being delivered either.
No, the problem is that Outlook doesn't honor your "Read Receipt" option. If Outlook has synchronized with the server and downloaded messages, and then you delete the message elsewhere, Outlook will send the Read Receipt the next time it synchronizes with the server.
And because every shit eating kid with a botnet and a list of email addresses to sell wants proof that an address is alive, spam almost always is sent with a Read Receipt requested. This means that if you're using some relatively unknown webmail service like GMail along with Outlook, you're in for a world of hurt. The next time you (or GMail) deletes spam messages a slew of read receipts will be sent out to wonderful people like Monty Savage or Данила Алексеевич.
That's not the worst part though. The worst part is that if you're using Exchange, that address will be exposed. Presumably it's whatever your primary email address is. That email address that you've kept secret, cherished, coddled and protected for years will be ravaged and exposed to the world.
Steps to reproduce:
- Add an IMAP account to Outlook
- Send a message to the IMAP account email address with Read Receipt Requested from a different email account.
- Send/Receive until the message appears in Outlook
- Delete the IMAP message from a different client (eg, GMail). Make sure to completely delete the message (check the Trash folder on GMail).
- Send/Receive in Outlook again.
- Return to the sending account to see the unexpected read receipt.
The read receipt will be similar to:
Your message
To: primary_email@address.com
Subject:was deleted without being read on 10/27/2008 4:20 PM.
Where primary_email@address.com is not necessarily the address you sent the email to.
It doesn't matter if you set your options to always send a read receipt, never send a read receipt or prompt before sending a read receipt. Outlook does what Outlook wants, and Outlook wants you to suffer and drown in a flood of spam.
Did I mention that this bug was reported around 15 months ago?
In closing, if you are one of the developers who decided that this wasn't something worth fixing, I hope you die in a fiery car crash.
Tags: a wee bit annoyed, bugs, Outlook, Spam
November 5th, 2008 at 8:05 am
I just found this same problem too in Outlook 2007. Really harsh bug from Microsoft and still no fix?
Then I deleted over 1K spam messages on Gmail, but I can't start Outlook; otherwise 1K "Not Read" messages will be sent all over the Internet into the grubby hands of spambot making bastards.
I did a test and Apple Mail does not have this problem. No more Outlook! Lesson learned.
November 7th, 2008 at 10:22 am
@Uncle C no fix until SP2 is released, but I think if you delete the GMail account from the Mail control panel, open Outlook and then re-add it you should be fine. If you want to use IMAP again make sure to not sync the Spam folder. Right click on the IMAP root folder, choose Synchronization Settings. Select Don't Synchronize for the spam folder. That should work, but I haven't tested it – I went back to POP until Office 2007 SP2 is released.
November 30th, 2008 at 4:47 am
Very strange ! I just got a flood of "Not read:" emails for the first time today whereas I am using IMAP on Outlook 2007 since Gmail did open the IMAP access!
Something must have changed recently, if not I guess I would have noticed something before, no?
December 4th, 2008 at 2:31 pm
Hi Corey,
I noticed this behavior too on my boxes and I blogged about a workaround I implemented for this Outlook IMAP spam bug at my blog at http://impactalabs.wordpress.com/2008/11/05/outlook-2007-imap-spam-bug-workaround/. Hope this helps you resolve your issue.
–Kevin
http://www.impactalabs.com
http://www.buildingsecurecode.com
May 11th, 2009 at 11:46 am
Hi Corey,
thanks for the post on this subject. I noticed this was happening when I would start outlook – seems outlook was ninja sending not read recipts – they would show up in my gmail sent items. I grabbed SP2 and installed it – but the ninja receipts continue. Did you have any success with SP2?
thanks
darrin
May 12th, 2009 at 2:58 pm
Hey Darrin,
I've been too gunshy to test this out with SP2, I'll check in with my Microsoft rep and see what he can dig up. Kevin's fix sounds like it might work too, although it's not as clean as having MS fix Outlook.
May 12th, 2009 at 3:01 pm
Yah I tried Kevin's suggestion and Outlook is still sending trying to send out e-mails from the primary address. Ahh well, I've lived without Outlook this long – what's a little bit longer? =)