Mails are received by Wrong Recipient, Exchange Server 2013

Question

I have an Exchange Server 2013 for my small organization. I noticed today that some mails are not intended to me, but i am still receiving those.

for example.

mail is TO: abdullah@MY_DOMAIN.com

but i have received that at my address which is ali@MY_DOMAIN.com

same for some other mails which are TO: support@MY_DOMAIN.com but received at ali@MY_DOMAIN.com

I have checked mail forwarding etc, and there is none.

here are the details of received mail

Received: from MAIL.MYDOMAIN.com (XXX.XXX.XXX.XXX) by MAIL.MYDOMAIN.com
 (XXX.XXX.XXX.XXX) with Microsoft SMTP Server (TLS) id 15.0.847.32 via Mailbox
 Transport; Wed, 26 Jul 2017 01:30:15 -0700
Received: from MAIL.MYDOMAIN.com (XXX.XXX.XXX.XXX) by mail.MYDOMAIN.com
 (XXX.XXX.XXX.XXX) with Microsoft SMTP Server (TLS) id 15.0.847.32; Wed, 26 Jul
 2017 01:30:03 -0700
Received: from bfbf9ca0.virtua.com.br (191.191.156.160) by
 MAIL.MYDOMAIN.com (XXX.XXX.XXX.XXX) with Microsoft SMTP Server id
 15.0.847.32 via Frontend Transport; Wed, 26 Jul 2017 01:29:46 -0700
Return-Path: <mywymqgdkjru@bginc.com>
From: "Gianna Bosworth" <Bosworth_Tammi@birdtrack.com>
To: <abdullah@MYDOMAIN.com>
Subject: [SPAM] Re: 1 Missed H00kup Call
Date: Wed, 26 Jul 2017 12:28:46 +0300
Message-ID: <313435524230274-ANIDWIRSBFBUMRDAQAOZPTM@dns727.birdtrack.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
    boundary="----=_NextPart_000_39E81_01D30602.E7E2FB70"
X-Mailer: Microsoft Outlook 15.0
X-MS-Exchange-Organization-Network-Message-Id: db135972-4c5a-44a3-f042-08d4d4008340
X-MS-Exchange-Organization-SCL: 0
X-MS-Exchange-Organization-PCL: 2
X-MS-Exchange-Organization-Antispam-Report: DV:3.3.5705.600;OrigIP:191.191.156.160
X-MS-Exchange-Organization-AVStamp-Enterprise: 1.0
X-MS-Exchange-Organization-AuthSource: mail.MYDOMAIN.com
X-MS-Exchange-Organization-AuthAs: Anonymous
X-EsetId: 37303A2966CD616264726B
Thread-Index: AQNNsumj2OX1juynzTq2c6mquJPo/A==

and here is another sample.

Received: from MAIL.MYDOMAIN.com (XXX.XXX.XXX.XXX) by MAIL.MYDOMAIN.com
 (XXX.XXX.XXX.XXX) with Microsoft SMTP Server (TLS) id 15.0.847.32 via Mailbox
 Transport; Tue, 25 Jul 2017 20:53:51 -0700
Received: from MAIL.MYDOMAIN.com (XXX.XXX.XXX.XXX) by mail.MYDOMAIN.com
 (XXX.XXX.XXX.XXX) with Microsoft SMTP Server (TLS) id 15.0.847.32; Tue, 25 Jul
 2017 20:53:50 -0700
Received: from hmsoldies.org.uk (61.143.228.162) by MAIL.MYDOMAIN.com
 (XXX.XXX.XXX.XXX) with Microsoft SMTP Server id 15.0.847.32 via Frontend
 Transport; Tue, 25 Jul 2017 20:53:49 -0700
X-Message-Info: 3nTBjI87KoG8J4XJnFVyrzwteBkBv72F
Received: from lwzj.hmsoldies.org.uk ([28.135.219.52]) by
 xa1-e77.hmsoldies.org.uk with Microsoft SMTPSVC(5.0.2195.6824);     Wed, 26 Jul
 2017 03:52:50 -00
Received: from oep.hmsoldies.org.uk (rqlc.hmsoldies.org.uk [27.25.82.38])   by
 hbb.hmsoldies.org.uk (8.12.10/8.12.9) with ESMTP id d4ICTfPJ403188 for
 <support@MYDOMAIN.com>; Wed, 26 Jul 2017 03:52:50 -00 (EST)    (envelope-from
 bstihtd@hmsoldies.org.uk)
Received: from YL808357023033 (modemcable688.622-658-53.kv.hmsoldies.org.uk
 [141.226.240.104]) (authenticated bits=0)  by cgbi.hmsoldies.org.uk
 (8.12.10/8.12.9) with ESMTP id n0RRE4gg637508  for <support@MYDOMAIN.com>;
 Wed, 26 Jul 2017 03:52:50 -00 (EST)    (envelope-from bstihtd@hmsoldies.org.uk)
Message-ID: <526700j8iuo3$zc6c0i06$8724j8t7@WR083866513330>
From: Kenneth <bstihtd@hmsoldies.org.uk>
To: <support>
Subject: Good afternoon! Medical supplies Prices are  amazing.
Date: Wed, 26 Jul 2017 03:52:50 +0000
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable
Return-Path: bstihtd@hmsoldies.org.uk
X-MS-Exchange-Organization-Network-Message-Id: 1cd05558-f3f6-44f2-43b1-08d4d3d9ed66
X-MS-Exchange-Organization-SCL: 5
X-MS-Exchange-Organization-PCL: 2
X-MS-Exchange-Organization-Antispam-Report: DV:3.3.5705.600;OrigIP:61.143.228.162
X-MS-Exchange-Organization-AVStamp-Enterprise: 1.0
X-MS-Exchange-Organization-AuthSource: mail.MYDOMAIN.com
X-MS-Exchange-Organization-AuthAs: Anonymous
MIME-Version: 1.0
X-EsetId: 37303A2966CD616264726B

Can you someone advise what wrong i have done with my server.

Thanks Ali

Answer 1

You are receiving these emails because your email address is in the BCC (Blind Carbon Copy) of these emails. BCC is utilized by both spammers and legitimate users. If you are in the BCC of email, your email address will not show up in the TO field.

From RFC 5322

The "Bcc:" field (where the "Bcc" means "Blind Carbon Copy") contains addresses of recipients of the message whose addresses are not to be revealed to other recipients of the message. There are three ways in which the "Bcc:" field is used. In the first case, when a message containing a "Bcc:" field is prepared to be sent, the "Bcc:" line is removed even though all of the recipients (including those specified in the "Bcc:" field) are sent a copy of the message. In the second case, recipients specified in the "To:" and "Cc:" lines each are sent a copy of the message with the "Bcc:" line removed as above, but the recipients on the "Bcc:" line get a separate copy of the message containing a "Bcc:" line. (When there are multiple recipient addresses in the "Bcc:" field, some implementations actually send a separate copy of the message to each recipient with a "Bcc:" containing only the address of that particular recipient.) Finally, since a "Bcc:" field may contain no addresses, a "Bcc:" field can be sent without any addresses indicating to the recipients that blind copies were sent to someone.