The requirement from this came from the auto reply loop that is defined as when using CRM based tools you have the option to send an automatic response - this Is usually along the lines of a confirmation of your inquiry and a unique order number if that’s coded however many times it’s a confirmation that you’ve got the email.
Auto reply emails?
Logically this sounds like a good move because whoever is mailing into your CRM as they’ve got the email, however, what isn’t so great is when the other CRM also has the same auto response at the end, so you get a loop of you send a confirmation email to the other CRM send you back a confirmation email to which you get sent another email and back-and-forth this goes on until it spotted or someone breaks the loop.
Depending on the volume of your inbox, this can even generate a large amount of emails or a very large amount of emails, which you don’t want being processed anymore, because it’s the same email over and over again and depending on how you’ve coded your CRM you may even be given these different order reference numbers for every email.
Out of office notifications are different!
Do not confuse this out of office, Out of office does not apply here because the out of office will only be sent from exchange once every 24 hours, that prevent this loop from happening.
If you look at the auto response loop with a message tracking, it becomes clear that because this is an automated platform you can’t really block the subject that would also block the official message to give the customer their confirmation, You are also not able to block the sender because that would block all inbound messages - so using common email data points doesn’t seem to work here.
Finding the “problem” messages
First, you need to take a look at some of these messages, which means the first thing you have to do is locate them, depending on your infrastructure, you will have many tools to help you accomplish this however, in my case, I took the recipient dress and the general timeframe to see if I can spot any increase in mail, this is what I found, the elevation outside the normal baseline pattern of inbound emails indicates this could be a potential problem:
Trending : with valid data (seeing the wood for the trees)
While visual clues are helpful, when you are trying to spot out of sequence peaks and troughs to successfully identify a problem, you need a rough date range, if I was to change that filter for the whole of the month you would then get a chart that looks like this, while you can still just about spot where the problem happens it’s a lot harder with more data:
Remediation
We now know exactly what messages were sent, And we have also established that we can’t do anything with the subject because each auto response could have a different subject completely or it could change from company to company, So it’s impractical to keep updating your remediation with every single subject as they come up.
You’re not able to do anything on the sender because you still need to receive emails, you are just trying to intercept the auto response emails.
Message Headers - Skeletor
Message headers are quite handy for technical purposes because you see all the email servers that your email has gone via - this is known as email routing.
However, along with the email routing, you also get headers included in every message that will outline information like SPF, DKIM, ARC to name a few, however, where it gets interesting is the other headers that get added for all the different mail platforms you find your message routing through, when I examined these headers, I noticed that all the auto response headers had three additional headers that normal messages do not have:
Note: Which header you choose is your choice, however for this article I have used the second option below:
- X-Auto-Response-Suppress: All
- auto-submitted: auto-generated
- x-ms-exchange-generated-message-source: Mailbox Rules Agent
This is good news because if we have message headers that are unique to unwanted emails we can set up transport rules to interact with those headers and perform various operations on the email that’s incoming.
Auto reply looping - 🔥 triangle
Slight side step for a moment, if you think of this non-technically, when you get an email auto reply loop the first reply message starts the loop and it doesn’t stop until somebody breaks that loop, which ironically is exactly like a fire triangle, let’s quickly take a look at that:
The logic here goes if you remove one of the triangles, the fire can no longer continue because it requires all three to still be a fire, this is no different with the problem we are having with the email loop, however, we just need to re-label the triangles to go round the fire.
If you think in this case that the "three" triangles for this example would be:
Mail platform, CRM auto reply outside, CRM auto reply inside
You can then apply the same logic to stopping this particular email loop, exactly the same as if you’re trying to put out a fire, except in this example, we’re not removing the heat triangle, we are modifying the email platform which in this case in Exchange to apply transport rule, this transport rule will then break the "fire" fuel.
Transport rule : Auto-reply Loop Preventer
This means to stop this particular loop we need to add a new transport rule, however, this rule can be extremely targeted to only affect mailboxes that can be affected by a mail loop.
Note : This particular rule focuses on deleting the message, this will allow a message from the third-party to come into our, it will then allow CRM to send the auto response to the third-party, however, if they try to send an auto response back, it will not get delivered it will be deleted.
Recipient e-mail : CRM-loop@pokebearswithsticks.com
Message Header : auto-submitted
Message Header Value : auto-generated
Action : Delete message, without notifying anyone
Audit Action : Low
That should look like this when setup, here I have added the values above, but this will need to be customised on your corporate requirements:
Is deletion not a bit aggressive?
These are all unwanted messages that just give you a bit of a headache with your CRM platform, however, you may sometimes wish to have a sanity check to make sure what’s been deleted is correct, I’m sure some people will be very cautious about just deleting messages.
That’s absolutely no problem, On the action for the transport rule, you have two other options you can utilize at this point that do not need to be delete.
Send messages to quarantine
If you do not want to delete the message, but you want to preserve the mechanism for being able to then deliver that message on bound if it does need to be delivered with a simple release command, you can redirect all the messages this transport rule captures to quarantine.
Obviously, you may already have quite a busy quarantine queue as email attack factors are quite an active common way to try and intercept data and cause problems, so just be mindful with this option, you may not see the wood for the trees with all the other messages you are quarantining and depending on how it’s managed, you may miss legitimate messages.
Redirect to another mailbox
If you are not a big fan of deleting messages or sending them to quarantine, I would highly recommend you redirect them to a mailbox with the purpose of only receiving the auto reply messages, obviously, you won’t get them in the same volume because you’re breaking one of the triangles to allow the orderly Luke to happen, so you should really only see one message from the third-party pop into this mailbox and then it should go quiet.
This also gives you the option if you accidentally capture messages messages that are not auto replies. You can then forward them on to your CRM platform, however, I have never seen a normal email that is not auto generated without these headers, so the chances of blocking legitimate customer emails is very insignificant.
Do not forget to click in the "select one" and choose the valid mailbox for redirection:
