0

A customer states that an email was received from Bob. Bob claims that the email was never sent.

How can I verify which side is lying? If both sides have on-premises email servers (e.g. Exchange Server), is this even possible?

EDIT

I'm assuming both parties have motivation and possibly skills to tamper the server

ivarec
  • 151
  • 5

2 Answers2

0

You can prove it from your side.

You didn't specify what version of Exchange you're running, but you can perform a message trace in Exchange to search for all emails sent by Bob. If you don't see the email in question then Bob didn't send it via your Exchange server.

That's not to say that Bob didn't send the customer an email form another email server/provider.

joeqwerty
  • 109,901
  • 6
  • 81
  • 172
  • What if Bob had access to the mail server? – ivarec Jan 29 '20 at 13:12
  • 1
    What if he did? As in, "What if Bob had access to the mail server, could be expunge his activity?" - Yes, he could, by deleting the relevant tracking logs. If this is the case then you could ask the recipient's Exchange administrator(s) to check their message tracking logs for the email from Bob. – joeqwerty Jan 29 '20 at 15:01
0

You can check that on any of the servers. Their logs will indicate if it was sent/received. Specifically, you can check in Exchange Message Tracking, as long as you have it enabled.

For the receiving part: If the email appears in message tracking on your Exchange Server as "message delivered locally to store...", it proves the emails were delivered to the respective inboxes.

In a similar manner, for the sending part, you can check the message tracking (which will give you timestamp, user and subject).

Overmind
  • 3,076
  • 2
  • 16
  • 25