MS Exchange 'Recall' feature - Possible to delete mail?

[Viraj Alankar <valankar () access4less net>]

Hello,

I don't run Exchange but recently came across it's 'recall message'
functionality. To me, it just seems dangerous to allow a sender to delete a
message from a recipient's mailbox. I understand this will only work for
Exchange systems, but is it possible for a malicious user outside the
network/domain to send fake 'recall' messages and delete users' mail? Also,
even within an Exchange network, would it be possible for a malicious employee
to delete another employee's mail that they did not send?

All I can tell from these 'recall' messages are that there is the header:

X-MAPI-Message-Class: IPM.Outlook.Recall
Subject: Recall: subject

And a winmail.dat TNEF attachment.

Anyone know much more about this?

Viraj.