Outlook 2007 bug

It’s not a nice one. In fact at first I thought I had a virus or some sort of malware. The bug allows my Outlook to send out spam!

Basically I first noticed something wasn’t right when I got a request to verify the security certificate associated with my email account. The way I have my email account set up is to use the secure smtp through my web host which is hosting my domain. So what happens is the security certifcate doesn’t match the domain. That’s fine, it just means I have to confirm that the security certificate is a safe one every time I open outlook (my super computer knowledgable husband has now informed me that I can actually install the certificate so that I no longer receive that warning…….lol thanks for telling me NOW after years of being frustrated, haha).

Anyway, now that I’ve explained that, the other day when opening Outlook I got this request to confirm the security certificate when I had not actually sent any email. I ONLY get this request when I send an email normally. After a bit of looking around I noticed that there was no messages queued in my outbox yet in the bottom right of the status bar it said “Sending 1 of 4”.

hmmmmm

Not sure what to do I accepted the security notice and then within seconds I received emails bounced back. Those emails were spam messages. Meaning my account had just tried to send spam.

I run an antivirus at all times and Alexander and I have spent the last few days trying to track this problem. We installed a program called “UnHackMe” and did various other tests. Added to this Alexander started logging the DNS requests on his server. We hadn’t yet been able to figure out the source of this problem yet, although we hadn’t read the logs in detail as yet.

However tonight I started googling to see if there were other people out there having the same problem. It took testing a few different search terms to eventually find discussions on forums of other people having EXACTLY the same problem. The common denominator appeared to be Outlook, gmail and IMAP. I also have my outlook configured via IMAP to read my gmail (which I use to collect my email from all my other addresses and filter the spam).

It appears, after a bit of reading, that this is a bug in Outlook. As far as I can tell, Microsoft call it a “feature” (yeah right). This is appears to be a massive problem because it allows spammers to verify legit email accounts (which so far I’ve managed to keep my main personal email account free from spam) and it also uses these accounts to forward on spam.

I don’t understand it all completely, yet. But from what I can tell the reason the emails don’t appear in your sent items is because it uses the Outlook read receipt feature to send on the spam (these don’t get saved in your sent items). This seems to be only IMAP related. It’s far more complicated than that but my next task is to figure out a workaround (without removing my IMAP accounts entirely)……..which I might wait for hubby to help me out with that one. ­čÖé

Microsoft aren’t going to do themselves any favours if they don’t try and fix this one! My understanding is that this bug request was first submitted in Dec 2007!