How Are SMTP Addresses Indexed and Searched for Discovery Search and Exchange Search in Exchange 2010

  • Article
Symptoms

How are SMTP addresses such as @company.com searched and indexed for Exchange 2010 Discovery Search, Outlook Online Mode Search, and OWA Search?

If you search for 5 SMTP addresses such as (@company1.com OR @company2.com OR @company3.com OR @company4.com OR @company5.com), you get unexpected results such as fewer results than expected.

If you search for 5 SMTP addresses surch (@company1.com OR @company2.com OR @company3.com OR @company4.com OR @company5.com), and combine those results with 5 words such as (settle* OR double OR bond OR depos* OR appeal*) - you get unexpected results such as fewer or more results than expected.

In other words, if you perform a Discovery Search or an Outlook Online Mode Search or an OWA Search and combine 5 SMTP addresses with 5 terms -such as (@company1.com OR @company2.com OR @company3.com OR @company4.com OR @company5.com) AND (settle* OR double OR bond OR depos* OR appeal*), you get unexpected results such as fewer or more results than expected.

 

Cause

1. You must use correct Advanced Query Syntax (AQS Syntax) to construct queries with more than one logical operator (such as OR or AND or NOT) in them. For further information, see this Blog:

How to Use AQS to Construct Complex Discovery Queries
https://blogs.technet.com/b/exchangesearch/archive/2012/03/10/how-to-use-aqs-to-construct-complex-discovery-queries.aspx

2. If an email has an attachment, there must be a corresponding iFilter to be able to index the attachment. For example, if you wish to index Microsoft Office 2010 and Microsoft 2007 Office attachments, you must have Microsoft Office 2010 Filter Pack installed on the Exchange 2010 Mailbox and Hub servers. You must do this manually in Exchange 2010 RTM. This is done for you automatically beginning in Exchange 2010 SP1.

3. If an attachment has an extension of a file which is covered by an IFilter such as .doc or .docx but the file is really another type of file such as .rtf, the attachment will not be indexed.

4. Attachments such as .jpg and .gif image files that have SMTP addresses or words relevant to the search will not be indexed because there is no IFilter for image files.

4. If email has an attachment that is encrypted or created with a pasword, the attachment will not be processed for indexing even if an IFilter exists for the attachment.

 

Resolution

1. Searching for @company.com is the same as searching for to:@company.com OR from:@company.com OR @company.com in the body or subject of an email. Entering a search for @company.com will retrieve @company.com in the To: field and in the From: field and the body of the message and the subject of a message.

2. Use correct AQS Syntax from the following Blog:

How to Use AQS to Construct Complex Discovery Queries
https://blogs.technet.com/b/exchangesearch/archive/2012/03/10/how-to-use-aqs-to-construct-complex-discovery-queries.aspx

3. Instead of searching for (@company1.com OR @company2.com OR @company3.com OR @company4.com OR @company5.com) - enter this instead:

((((company1.com OR company2.com) OR company3.com) OR company4.com) OR company5.com)

4. Instead of searching for (settle* OR double OR bond OR depos* OR appeal*) - enter this instead:

((((settle* OR double) OR bond) OR depos*) OR appeal*)

5. Combine the two expressions in 3. and 35. above by using the AND operator:

((((company1.com OR company2.com) OR company3.com) OR company4.com) OR company5.com) AND ((((settle* OR double) OR bond) OR depos*) OR appeal*)

6. Use the rule to add another set of matching parentheses every time you add a logical operator like this to get the finished, correct way using AQS Syntax to enter this search:

( ((((company1.com OR company2.com) OR company3.com) OR company4.com) OR company5.com) AND ((((settle* OR double) OR bond) OR depos*) OR appeal*) )

7. Another strategy in Discovery Search is to include Unsearchable Items in your Discovery Search, and examine those items for search hits:

Understanding Multi-Mailbox Search
https://technet.microsoft.com/en-us/library/dd335072.aspx

Unsearchable items Unsearchable items are mailbox items that can't be indexed by Exchange Search. Reasons include lack of an installed search filter for an attached file, a filter error, and encrypted messages. When creating a discovery search, you can include unsearchable items in search results.

 

Conclusion and Summary

Entering a search for @company.com will retrieve @company.com in the To: field and in the From: field and the body of the message and the subject of a message. Use correct AQS Syntax from the following Blog:

How to Use AQS to Construct Complex Discovery Queries
https://blogs.technet.com/b/exchangesearch/archive/2012/03/10/how-to-use-aqs-to-construct-complex-discovery-queries.aspx

Add IFilters for any 3rd party programs to be able to search for additional attachment types such as Adobe .pdf files. Another strategy in Discovery Search is to include Unsearchable Items in your Discovery Search, and examine those items for search hits.

 

Written by Bob Want, Senior Support Escalation Engineer, Enterprise Communications Services, Microsoft

Technically Reviewed by Marco Manzato, Senior Support Escalation Engineer, Enterprise Communications Services, Microsoft