Analyze Office 365 Message headers
How to get the message headers?
From outlook.
i. Double click on the mail “This will open the mail in new window”
ii. Go to File option in the tool bar.
iii. File > Info > Properties
In the new pop up window copy all the contents available under “Internet Header” option.
From OWA
a. Open the mail
b. Click on dropdown option available under “reply all” option
c. Under the dropdown options select “Message Properties”.
- Once you are the Microsoft remote connectivity site is opened select the option “Message Analyzer”
- Paste the copied/saved header under “Insert the message header you would like to analyze” and click on analyze.
You will see the results in the below order.
·
Summary
will give the overview of the mail like
o
Subject
o
From , To , …etc
·
Received
header will give the over view of how the mail traveled.
****The Above Picture represents a Sample for demonstration only.
FT - Frontend
Transport
MB – Mailbox
server
CA – CAS
mailbox
EOP – Exchange
Online Protection
Obe.outbound
– This is SPF check, if it fails
mail will be Blocked, checking for legitimate senders IP
HT –
Quarantine
·
Forefront
Antispam Report Header – This section represents
o
Country of mail origin
o
Spam confidence level
o
Connecting IP – senders Public facing
server IP details, used to communicate with our mail server.
o
Spam Filtering Verdict
·
Microsoft
Antispam Header - This section represents.
o
Bulk confidence level
o
Phishing confidence level
·
Other
Headers – This will give you the all details of the message.
we need to check
“X-Forefront-Antispam-Report” and “X-Microsoft-Antispam” under this section to
understand why the mail was marked as spam or not marked as spam.
X-Forefront-Antispam-Report
– This section
helps us to understand why our mail was classified/marked as spam or Not a
Spam.
We have to check these values
under this section.
CIP
IPV
EFV
SFV
Please refer to this link for the
details of the values specifies for SFV and SCL.
X-Microsoft-Antispam
– This will help us to identify if
the mail was sent to bulk users and it is a Phishing mail.
We get the following information
under this option
BCL
PCL
Please refer to this link for the
details of the values specifies for SFV and SCL.
Comments
Post a Comment