Wednesday, September 1, 2010

The strange case of the missing PDF attachment


By Joe Dolittle

Reader Courtenay writes in:

I sent an email with a large PDF file attached that was never received nor did it bounce back. It is filed in my 'sent' folder in Outlook, so I am assuming someone, somewhere has it. If so, how do I find where it went?

Hmmm...Okay, so let's start with how email clients generally move messages around. I don't know whether Courtenay is using Exchange, IMAP, or POP3 as her connection mechanism, but the concepts apply for all.

When you send an email in the Outlook email client running on your desktop, the message originates on your computer. If you send the email message using Outlook Web Access, then the message actually originates on your Exchange server, but in a separate bucket that's your email outbox.

Once you hit send, the message is moved to the store-and-forward mechanism on your email server, Exchange or otherwise. Essentially, the message leaves your hands and is now on that server.

Next, your server attempts (in theory) to connect with the destination server and if all the handshaking goes well, the destination server accepts your message. At this point, your server sends the message to the receiving server and that receiving server eventually sends the message to your designated recipient.

Except, well, the world ain't that simple no more.

A mail message can travel through a number of servers and a number of gauntlets, all generally designed to reduce mail overhead and spam. This is what likely happened to your message.

For example, here at ZATZ, because we get such an epic amount of junk mail (David's had the same email address publicly visible for more than a decade), a message coming into one of the email accounts is first redirected through Google's Postini service, which filters out a swath of very obvious spam.

Postini, if it decides a message should be delivered, then sends the message to our in-house corporate SMTP server. That server runs another series of spam and UCE-management software on the incoming messages, and if the message is still deemed worthy, it's then (and only then) forwarded off to our Exchange hosting provider, for us to read.

If you're following along, once it leaves the sender's server, to get into our hands, the message has to successfully traverse three separate servers.

Now, here's the thing. Junk email management servers often don't send responses when they decide not to deliver the message. They just delete the message. First, there's no good reason to establish a dialog with a spammer's server and second, it takes more time and helps validate the email address.

Courtenay's message could very likely have been intercepted along the way.

Courtenay also has another very big red flag. She described attaching a "large PDF file". Depending on how large that file was -- and it's also an attachment -- the intermediate servers along the way to the destination may have simply chose to delete it.

So, Courtenay, you'll never get that message back. But at least, now, you know why it might have gone walkabout.