Recover Deleted items in Exchange online (Microsoft office 365)

  In Exchange online we provide 3 layers of Recovery so that messages can be recovered Deleted Items Folder Recover Deleted Items Folder Purges Folder     Deleted Items Folder When a mail is deleted(normal Delete not shift Delete) its moved to Deleted Items folder and its present there until, either we manually delete the messages from there or its deleted automatically as per the Retention Policy of the Organization(default value is 30 days)   Recover Deleted Items Folder   When a mail is Shift deleted(hard deleted), or deleted from Deleted items or removed from deleted items by the Retention policy, its moved to the Recover Deleted Items Folder and it remains there for next 14 days (can be extended to 30 days).   There are 2 folders under Recovery Deleted Items Deleted Folder(its not the normal Deleted folder in the mailbox) Purges Folder    When the mail is present in Recovery Deleted Items(Deleted folder) i

Analyze Office 365 Message headers

How to get the message headers?

From outlook.

i. Double click on the mail “This will open the mail in new window”

ii. Go to File option in the tool bar.

iii. File > Info > Properties

In the new pop up window copy all the contents available under “Internet Header” option.

From OWA

a. Open the mail

b. Click on dropdown option available under “reply all” option

c. Under the dropdown options select “Message Properties”.

·         Summary will give the overview of the mail like
o   Subject
o   From , To , …etc
·         Received header will give the over view of how the mail traveled.

****The Above Picture represents a Sample for demonstration only.

FT - Frontend Transport
MB – Mailbox server
CA – CAS mailbox
EOP – Exchange Online Protection
HT – Quarantine

·         Forefront Antispam Report Header – This section represents
o   Country of mail origin
o   Spam confidence level
o   Connecting IP – senders Public facing server IP details, used to communicate with our mail server.
o   Spam Filtering Verdict

·         Microsoft Antispam Header - This section represents.
o   Bulk confidence level
o   Phishing confidence level

·         Other Headers – This will give you the all details of the message.

we need to check “X-Forefront-Antispam-Report” and “X-Microsoft-Antispam” under this section to understand why the mail was marked as spam or not marked as spam.

X-Forefront-Antispam-Report – This section helps us to understand why our mail was classified/marked as spam or Not a Spam.

We have to check these values under this section.


Please refer to this link for the details of the values specifies for SFV and SCL.

X-Microsoft-Antispam –  This will help us to identify if the mail was sent to bulk users and it is a Phishing mail.

We get the following information under this option


Please refer to this link for the details of the values specifies for SFV and SCL.


Popular posts from this blog

Error - AttributeValueMustBeUnique in Azure AD connect sync

Add members to office 365 Security Group Using PowerShell and CSV

Error - QuarantinedAttributeValueMustBeUnique

Enforce MFA using CSV