Message tracking uses messageIDs as the key for correlating message tracking
events. It also correlates any NDRs related to the message that you are
tracking. Compliant email programs generate a globally unique ID for each
In the case of spam, the message ID is often spoofed. The senders are
usually using a cookie cutter type message in which they modify the
recipient list and nothing else. When several of these messages enter your
mail system, message tracking thinks that they are all the same message, due
to the duplicate MessageIDs, and displays the entire result list. This makes
the route look rather confusing because it is actually information from
The return address is also spoofed so when these spam messages NDR, Exchange
attempts to deliver them to the invalid host specified in the "MAIL FROM"
command by the spammer. This is where the strange host names are coming
Please do not send email directly to this alias. This alias is for newsgroup
This posting is provided "AS IS" with no warranties, and confers no rights.