Whether you are diagnosing mail flow issues or checking the validity of an email message, being able to interpret message headers is an important troubleshooting step.
The email header contains important information pertaining to the message and the server the message was sent from. You will be able to view basic information such as the from address, to address, Subject and Id, as well as some more advanced information.
How to view an email message header
Here I will show you 3 ways you can view an email message header; through OWA (Outlook Web App), in Outlook (Desktop App) & in the Exchange Online Admin Centre.
Through OWA (Outlook Web App)
- Right-click the email message in question.
- Select View.
- Click View Message Source.
In Outlook (Desktop App)
- Double-click an email to open it in a new window (Outside of the reading pane).
- Click File, then Properties.
- You can see the header in the Internet headers box.
In the Exchange Online Admin Centre
If you are an IT professional or manage an Exchange Online environment, this method will be most useful for you.
- Login to https://security.microsoft.com/ as your global administrator account.
- Under Email & collaboration, select Explorer.
- Click the subject line of the email and a slide-out window will appear.
- Select Open email entity.
- Click on the Analysis tab and you will see the plain-text email header on the right-hand side.
How to interpret email message headers
Now you have your email message header, we need to know what we are looking at. Here is an example message header I have created.
Received: from VI1P194MB0544.EURP194.PROD.OUTLOOK.COM (2603:10a6:800:144::18) by AM0P194MB0498.EURP194.PROD.OUTLOOK.COM with HTTPS; Fri, 8 Jul 2022 08:41:50 +0000
Received: from AS9PR06CA0104.eurprd06.prod.outlook.com (2603:10a6:20b:465::16) by VI1P194MB0544.EURP194.PROD.OUTLOOK.COM (2603:10a6:800:144::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5395.14; Fri, 8 Jul 2022 08:41:48 +0000
Received: from VI1EUR06FT036.eop-eur06.prod.protection.outlook.com (2603:10a6:20b:465:cafe::72) by AS9PR06CA0104.outlook.office365.com (2603:10a6:20b:465::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5417.20 via Frontend Transport; Fri, 8 Jul 2022 08:41:48 +0000
Received: from EUR03-DBA-obe.outbound.protection.outlook.com (40.92.58.25) by VI1EUR06FT036.mail.protection.outlook.com (10.13.6.61) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5417.15 via Frontend Transport; Fri, 8 Jul 2022 08:41:48 +0000
Received: from DB8PR09MB2810.eurprd09.prod.outlook.com (2603:10a6:10:af::15) by AS4PR09MB5707.eurprd09.prod.outlook.com (2603:10a6:20b:4cd::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5417.17; Fri, 8 Jul 2022 08:41:47 +0000
Received: from DB8PR09MB2810.eurprd09.prod.outlook.com ([fe80::34ea:21a8:444f:f133]) by DB8PR09MB2810.eurprd09.prod.outlook.com ([fe80::34ea:21a8:444f:f133%6]) with mapi id 15.20.5395.021; Fri, 8 Jul 2022 08:41:47 +0000
ARC-Seal: i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass; b=W+rBlw+R9wOyznzOM8jJUPkwEpiWxllPxugRaJmlh4bjzBDY4+azBBt6D/UZqhfwrOZ5Bfvkd9/tecHGFv2mThZXQJZV+0KVeAZaebvta5cgzB90avSgeNblXKC6t6llovqZGIO1ETkFSLQ1m0aPgMUjO0MnmmcCkPhmucyGS0BCoStCRPMIQKfqwyu+fk4vmAb3QEIQSEQIrncwkTQmi31YVw4RdHdPW7Q70TupxNuezpXTIAx7BV6mLGh4FJtC8+BlBBZRAZtLq6KrE/eeQBnQ7wThHBQUyJrUDuhA9i1BFQpmv8IOfCXPjZpJFPvCfmUrxCT4su39l3yJeHU4Fg==
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=E9ZTPc3/0RrBQE7HS+2QfZXI5z0GsVDMMpn0ww5kTlsFz+1YiWUnm6D34LfXBamlAt1Kryoqp8wTcrJoNuITRcKAOqAC3dn9PTQmQkTTCIdJuAPOkQoQaeqi8RDX0AlL2NNhZA4pEs3LHb3OrB1O6f7+CHjdkkJV2KRBJamZvX6jdyJHP5UEuFaLN/BgfeT5M2gyhLRxOJUoyj8x3vfBOJTSno5VJ0c2gD4AYai645FFvAHY7BPh+BD/QwO6gcv4EZsz5dhLQv91PwV1OX6qsfKu6F5O+5InjoHv2DflYfxx1rTa2dyGJSgvu0kle+foBeQ3sbCy76Md/+Ybp0qu2w==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=yvPdng9tzVGBdSiGdxT7eJPllsmD7QPHjQQfiFvF/9g=; b=ARmIyUbgCs/ilEegybkCHtqhFN2yGswW1wVr+EM+6KzzKoEro0nbOjWX3wQ36yUEM4OV6zuVyzG+Und2NnaB8pTvHw/kyaVHQps9EPreYXFI9kslBVPuZak1A4Dw/48YcxgCRxgRT3fvvBtubgBgybGG1XF8HzJnncYck0YH6Nt8EMETpU3O+d5ETxVHSXiT83weoAzNXFXJrQ8W9gnPRh9UimPOvBVL50xxg82qPd+rreYFw27gQEGmQG4/TjF7kNXWJu+V0knyLLHyJ+1meEX5geyyoTaZRzLoY+WTEfG6EmhirsF4FaxSJcNhT/BjrTnFReZh+42Kyr1Yd2ceug==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=yvPdng9tzVGBdSiGdxT7eJPllsmD7QPHjQQfiFvF/9g=; b=SeheO3RIwQoDM2nAHj8wSJX6hkEjLFAKESGUmNXrzv2YoAKZAs0DWo6RwqVM0lZVI5QMl9X9b3qQTXacnUQ91S1QZPUPr6E4k5B9BMlBERvYdATYWnSmK3Ba5m7iS0JcXWWr7PP13gARPNHwQyIUL7QOEkHOQyAweNYHs/AjJKxsg04CBZ1MZ+uZD56UuHSTmQUB7/xsJp7j27o55WXyROERrPLV3DLKeGJvZY2AGbId+041UBLjsX5bWa9838cC+YPjC0/pdUo2EdAzcUeM2EFzXs9Kiw48CR1MGYRoUE5dig2PI6VkBqF+c3CfbYYS8Jd5nOXjRUAywt2B8GhTEw==
ARC-Authentication-Results: i=2; mx.microsoft.com 1; spf=pass (sender ip is 40.92.58.25) smtp.rcpttodomain=x7kxf.onmicrosoft.com smtp.mailfrom=hotmail.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=hotmail.com; dkim=pass (signature was verified) header.d=hotmail.com; arc=pass (0 oda=0 ltdi=1)
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
Authentication-Results: spf=pass (sender IP is 40.92.58.25) smtp.mailfrom=hotmail.com; dkim=pass (signature was verified) header.d=hotmail.com;dmarc=pass action=none header.from=hotmail.com;compauth=pass reason=100
Received-SPF: Pass (protection.outlook.com: domain of hotmail.com designates 40.92.58.25 as permitted sender) receiver=protection.outlook.com; client-ip=40.92.58.25; helo=EUR03-DBA-obe.outbound.protection.outlook.com; pr=C
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yvPdng9tzVGBdSiGdxT7eJPllsmD7QPHjQQfiFvF/9g=; b=gfiFiRRPHaavc5y8H3ve98fFpisOmgbKWsOyxKKXiBBr5HbDYt3+v80d8j6sFmHf+Df1AuZlysRHy6vmwLVoe6xrO0roxL4rol8G3nmKG4VvnHhQ2Dg7m6JSylG4xBi+jtOMvGIWwcnaUX564w9P+QdjB8+w1L8phc5fPHXj+gviYHzFFikmHV0Dsr9NnBrii8+/VhB8f4ZbdZUFlapQtF7BZksIEqbkXGip9/N8p/nBWHaIUOd5Rrd0H6p2TfpS5sO8T3/68O+RAnHFUBgPxCrBbfynl1X7CSoXOFcU6/UNAmK+rmanvz69RX/vGPniExVB2TMoNXBH5/cmbzlFqA==
From: "daniel" <[email protected]>
To: "[email protected]" <[email protected]>
Subject: test
Thread-Topic: test
Thread-Index: AQHYkqaPF8l3pbNqiEeafT7x6Z57dQ==
Date: Fri, 8 Jul 2022 08:41:46 +0000
Message-ID: <DB8PR09MB281074F79222B067EE73A60ABC829@DB8PR09MB2810.eurprd09.prod.outlook.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
suggested_attachment_session_id: 5200ab4c-ebd2-80f7-24bb-542ab81b209c
x-tmn: [nnfbePV+y0RyYN9sKd2aeaI97AIWRIc6]
X-MS-Office365-Filtering-Correlation-Id: 3e276419-4156-414b-f088-08da60bdb25c
x-ms-traffictypediagnostic: AS4PR09MB5707:EE_|VI1EUR06FT036:EE_|VI1P194MB0544:EE_
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: Yif3R+NAwkXAmmdy7HyetTl3Fo4vWL/HJI83Gi2FkA6zUw4RFFalpweFv9FGB404oSqu26VtR6rHilqTWfgEWb1IgbA3HRUkKO8gY8AC9qAom6CXW86cqrG8bdBpUZ72RrDbPJD7EsvqqGWvu9ccxIKmwZe4iKTb8S0PWwY2qPZ0g5tgeL3qWlpb6CqC0ZdrfGn2YTRCkwvQLUAgECfVaCMoLeZwwrNklWngHq+t6vMCzGvFs3H3ZldtXOemGPo0fuWinP07eYppnoPL3FP/xpSAmVCc8O3LdyfPBdiik4u7Yy38A/zVbRFv+epJkO5GZVppHbXqKZJ/GCtMvDanMWJMM7e2jukAQy91nj3PiFobIoKQ1gqXXHdhkM/1N8c+dK11B9olW3DMqqX73T4oej/pwF5P6mcQNVbQmxuubX5Pm9QRdgQpM4UgMk06zRKL
X-MS-Exchange-AntiSpam-MessageData-Original-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-Original-0: ecmOq6nhT3UCVofM5byByu5GPHl/aRU/nHUTjZxhxCnoA9oVGrP/4ARpDC6WgwPnyp1wqgjP4SM0L+ulOKFPFyeABkiM83M6R6kWVd9Pqvl7OPrp7p1MzBPxCRT+HcvygAfHPWMeZ6aC0JNyn8t+c1Aoc6l2NO2p+urdZ+E1VTT3NHccnNjbC4D2f+bJ3P3INB7cMRnnJLlrXnLcmXAQSzMXhWxMNsjs4wLNn36Of8+psV3ArGSH6qhnHrb8YiR96JlIL26sSmbVnRZEfI2tmReOsuu4/F3hSplnDbV+ECDOiOqKZq2Sjh6wZzMPP/ruzbBISC5UG6dWO5ZTTtHUZAini8ntq10+NbJG90YefPexamUzLJDBV4L92yDGphFnTahsnwZmrw42F/H6f9pgQH5FQKW4UQsUlPsJgoucTNLEbecxfFH/7ivw8zvo9VF8C5ZJUdzWLOB7JxCLs3SUS3a5TFzyOkfZZd+qocmhCKwwkMInYQGsSgT713YFU4tZ3WQvLDfdahK/7gBLSuBy0eki8XPNEY3aK+CSeRsddOEFx6wFRY/XJF56rytRwcy8yb+XyNVz5nYYJaYty8QYEiTpcfZ6R8V4LuCqsIarSTRHkRyEPATvVKkQYmBMQU5kxN2ZlP1Ty3Gir2fvEVmnqV2HRi5AFPvF5RNuStRg0SSa8qmUBxk7mEZm8gl3/n8e5+0Ai4/8c9RwG1DiSpD7tJl2naqj0UrvvBZZkf1DY4PQjqa6xvxU7iBzyOLWy8WYQxAVFKFVERHFLI7XJdOfdCKcnsgrtqXI87smpVxrEK8sCf19e4KT7B9lW3wQPcflXtlBYb3/fd4pzizDqpulWWe6ucWcXXxt5KIHhsJ1y56qxIe03ypsX4a7DM6BHWfhnh1Lr2dGxS0BkQhj3j1LV2cgmhUJ6WHbr+2iEm8TvzVqAyWOi8T8fq7hqVW2SMBjPWSVjYhtNQYr1cnfVhTmKlAtKQCG+ytmxbJAdlJ7sfd19uH8bhmAdQCPbgZuzyD2PzR0uJxYlTavD+xaxYbItiQFhVZmRUjcmfKenK5CoVC9P4VkdcpUPk/4rC+7iPmbkaXqYcTYZkMoXY+rxleMdaCqovdwluMr7xSqbDRjKQKSVLG1ulyGh4pJctyqYFDynv8rNalfIbRJbBOuM5vHd6nFKTJH0YhXXOmBKeU9EvrFuaIKYsLpGg2LdMJtj1+7a8NznbitW5iXeUUlGIrixHV2Cm88vnuuWKt95sf9f0y1J/OByR8ppRFo0O53gBqd2sc29I+XUZ1zJKZ6NW2Asw==
Content-Type: multipart/alternative
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS4PR09MB5707
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1P194MB0544
Return-Path: [email protected]
X-MS-Exchange-Organization-ExpirationStartTime: 08 Jul 2022 08:41:48.3867 (UTC)
X-MS-Exchange-Organization-ExpirationStartTimeReason: OriginalSubmit
X-MS-Exchange-Organization-ExpirationInterval: 1:00:00:00.0000000
X-MS-Exchange-Organization-ExpirationIntervalReason: OriginalSubmit
X-MS-Exchange-Organization-Network-Message-Id: 3e276419-4156-414b-f088-08da60bdb25c
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 4e67cd72-f73a-42aa-a841-b8dd6ec328ca:0
X-MS-Exchange-Organization-MessageDirectionality: Incoming
X-MS-Exchange-Transport-CrossTenantHeadersStripped: VI1EUR06FT036.eop-eur06.prod.protection.outlook.com
X-MS-Exchange-Transport-CrossTenantHeadersPromoted: VI1EUR06FT036.eop-eur06.prod.protection.outlook.com
X-MS-PublicTrafficType: Email
X-MS-Exchange-Organization-AuthSource: VI1EUR06FT036.eop-eur06.prod.protection.outlook.com
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Office365-Filtering-Correlation-Id-Prvs: 9eb927ec-808b-47f6-791b-08da60bdb19e
X-MS-Exchange-Organization-SCL: 1
X-Microsoft-Antispam: BCL:0;
X-Forefront-Antispam-Report: CIP:40.92.58.25;CTRY:IE;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:EUR03-DBA-obe.outbound.protection.outlook.com;PTR:mail-dbaeur03olkn2025.outbound.protection.outlook.com;CAT:NONE;SFS:(13230016)(4636009)(84050400002)(6506007)(82202003)(26005)(7696005)(7116003)(9686003)(8676002)(336012)(19618925003)(19627405001)(55016003)(33656002)(3480700007)(356005)(1096003)(564344004)(52536014)(5660300002)(7636003)(22186003)(58800400005)(86362001)(6916009)(220243001);DIR:INB;
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Jul 2022 08:41:48.2617 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 3e276419-4156-414b-f088-08da60bdb25c
X-MS-Exchange-CrossTenant-Id: 4e67cd72-f73a-42aa-a841-b8dd6ec328ca
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-AuthSource: VI1EUR06FT036.eop-eur06.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-EndToEndLatency: 00:00:02.2199905
X-MS-Exchange-Processed-By-BccFoldering: 15.20.5417.016
X-Microsoft-Antispam-Mailbox-Delivery: ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506458)(944626604)(920097)(930097);
X-Microsoft-Antispam-Message-Info: HmWErP4AoVFpYb3XKsFtmx+mHdh/M9q1lOd1WKYXHDoAoif/MEmRSUtDOgG0cJGLLlPwA0oVTu9dLBit4XNTchpYDkk5BWhI/OD08uENAlfBnpDD2qPRa5+LBAunn881pjPQduG0uzz1xao18SFL8YCXTrkMjKpMZ1/Zt5TIKGAhwbDDqadwVlTqUdDTTBk8rzZOSEhO1PSxLn9JzlO2hdQS0H3FyQwj0vpduZxEusceh18hHBhHDPqgS49k1/Qj2FIezV+s7uaKbJ5AWofLrLATlXMT1xaUGG/75lSHZB3DRuwUsLkSJnKSUHQQv52D9YTyfaJCv/qYxMAda9Vr3zkwgXom+zrkwZJQOYvaypOaNCi6xVAqgOgCUormcsA/u7pPNs7uHgTrnKf5G+2RM7+wldt0LHdOWt326Iq+niiHWHodhB2ay+1VwSRHuHvZQ9n84rwEhyUOj3UlePbpTuK1elUgzBXlzuqjATors9L4hUa9t12VXyBzDj/RFeFUt3eyt3ab6jMHjhkfIRW4+fGK0Ry8gNG149tmIChF4nH1tMFp3CMfLthSYeAMSa+9CRjxSGe+JOK5+3gN7zyMPZ6r3lnuwUgLZidWWI7EVHrEeN47RwB+wJE1gLNytgus7SI0wW3JylJ2T1r5Bu54snU9G2a2IGy8iggkbZpE0Og+Enj0jSw7GVSW3hBLLLkeIpctVOESBmlbcZ3vz8gxZni8aLNOGgGRrbWgVqQZLyyOcBazweoNFvMvetvVaUUvsOS+iOzXEwIUNcU9www8NClP8hGYArPW7VCR3RE5XFQlIOBChPui3JEtsWFWB3Jtoayd3HZF6sSwLrc1gbi2bz6c2tOoazL7xOL94wMp8PGFBC7FG0Evo1FO1qzJhrMmMkpP61pGWTpM7DnpZf3fWIWwaVUaf3XgnPa6Dg7O0yuvFtxLj3LaMjhLHnqKCH5+0fiOuoRoTXK/6+1uzTgGSQqrWVqNJPsf7qOl1MUodrHQG5Ll0W6RObVr7WmZZ3eGRn3mFOlkhgOdaoZeBUwOAxSin6zetWgFU1YkCwnG7u/dXd7oly1D2VoDlrxLOcE4530icKbqxpAkpQoqWNZGjOCIoLhpgA8SzJC+/MjGN0zUvNFPM0+wJOho8UkThJw8EVUx3OdoybRaSLvxkXiQzSy4khuVdDquJ2db0T73v1yEgAq3Q31tibkvpKb8nVhZFX4xb8YbC+7JmRYRONWU76fcGL+5eV7JRf5ZJNSm06Mdv+yUJVR1mA1ZJZuCjwL3oskR25Q9aDVOQOEzR3NF38IIZUxs5IELckf9VMO+jh8LOka07+SfKd/8lEmdZf+A9JFO3XebXuPnwTYvakmBf1Hil7pwAhFk9ulZFTs+RV2NPpnCu+GXG5923lZPoA+12V5Ztfj9uiJAi0+5K/ngFt+8Qx/cMrsGkpnpR3PkZaXnkBPIk1b+nskaTxgeIwb6jwDzN8IR1suIc7iFj38rkdJdskRvFxj8bno4xEvmlBdGr61SN2r5oZ4nJhSJ/Ilw7FJyl0Itwe4qDNPBmGLyRjAhfwfa1M2CSdzhm6I0uOhzLkcWjVyzsv1gsaqhgpQaYB28zPF+5jwpgEWe+t8kHXuJMfdM481zub62KDtXk0hMTnvOWtBx+Cofcm3iC7B/hJBkxmCOBXgAKoUe3W4aThFbOAj3+bGu7VeKT8iNAik=
Let us break it down! note: some information we may skip, as it will not be relevant for our troubleshooting purposes.
The first 6 lines below explain each hop the message has gone through. Starting from the bottom the email was first submitted by: DB8PR09MB2810.eurprd09.prod.outlook.com, then working our way up, on the final hop, the email was received by AM0P194MB0498.EURP194.PROD.OUTLOOK.COM.
Received: from VI1P194MB0544.EURP194.PROD.OUTLOOK.COM (2603:10a6:800:144::18) by AM0P194MB0498.EURP194.PROD.OUTLOOK.COM with HTTPS; Fri, 8 Jul 2022 08:41:50 +0000
Received: from AS9PR06CA0104.eurprd06.prod.outlook.com (2603:10a6:20b:465::16) by VI1P194MB0544.EURP194.PROD.OUTLOOK.COM (2603:10a6:800:144::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5395.14; Fri, 8 Jul 2022 08:41:48 +0000
Received: from VI1EUR06FT036.eop-eur06.prod.protection.outlook.com (2603:10a6:20b:465:cafe::72) by AS9PR06CA0104.outlook.office365.com (2603:10a6:20b:465::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5417.20 via Frontend Transport; Fri, 8 Jul 2022 08:41:48 +0000
Received: from EUR03-DBA-obe.outbound.protection.outlook.com (40.92.58.25) by VI1EUR06FT036.mail.protection.outlook.com (10.13.6.61) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5417.15 via Frontend Transport; Fri, 8 Jul 2022 08:41:48 +0000
Received: from DB8PR09MB2810.eurprd09.prod.outlook.com (2603:10a6:10:af::15) by AS4PR09MB5707.eurprd09.prod.outlook.com (2603:10a6:20b:4cd::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5417.17; Fri, 8 Jul 2022 08:41:47 +0000
Received: from DB8PR09MB2810.eurprd09.prod.outlook.com ([fe80::34ea:21a8:444f:f133]) by DB8PR09MB2810.eurprd09.prod.outlook.com ([fe80::34ea:21a8:444f:f133%6]) with mapi id 15.20.5395.021; Fri, 8 Jul 2022 08:41:47 +0000
Authentication-Results – Here we whether the email passed SPF, DMARC and DKIM checks. Also importantly, we can see the sender’s IP address: 40.92.58.25.
spf=pass (sender IP is 40.92.58.25) smtp.mailfrom=hotmail.com; dkim=pass (signature was verified) header.d=hotmail.com;dmarc=pass action=none header.from=hotmail.com;compauth=pass reason=100
Received-SPF – The Received-SPF is a record of the sender SPF record. In this case, the SPF checks passed, so this line demonstrates that the sender is indeed sending from a permitted source.
Pass (protection.outlook.com: domain of hotmail.com designates 40.92.58.25 as permitted sender) receiver=protection.outlook.com; client-ip=40.92.58.25; helo=EUR03-DBA-obe.outbound.protection.outlook.com; pr=C
X-Forefront-Antispam-Report – This includes information about the message and how it was processed. Including the Category, connecting IP, country, HELO or EHLO string, language and more. For our message header, we can determine the following:
- Connecting IP: 40.92.58.25
- Country: Ireland
- Language: English
- Spam Confidence Level: 1
- IPV: NLI, the IP was not found on any IP reputation lists
- SFV: NSPM, the message was not spam
- H: The HELO response identified the server as: EUR03-DBA-obe.outbound.protection.outlook.com
- CAT: The protect policy category was NONE.
CIP:40.92.58.25;CTRY:IE;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:EUR03-DBA-obe.outbound.protection.outlook.com;PTR:mail-dbaeur03olkn2025.outbound.protection.outlook.com;CAT:NONE;SFS:(13230016)(4636009)(84050400002)(6506007)(82202003)(26005)(7696005)(7116003)(9686003)(8676002)(336012)(19618925003)(19627405001)(55016003)(33656002)(3480700007)(356005)(1096003)(564344004)(52536014)(5660300002)(7636003)(22186003)(58800400005)(86362001)(6916009)(220243001);DIR:INB;
From – The sending mail address is [email protected]
From: "daniel" <[email protected]>
To – The recipient is: To: [email protected]
To: "[email protected]" <[email protected]>
Subject: the subject of this email was ‘test‘
Subject: test
Date: the email was received on Friday 8th July at 8:41am.
Date: Fri, 8 Jul 2022 08:41:46 +0000
Return-Path: This is the return address of the email if it was replied to by the recipient. In this case, the response will go to [email protected].
Return-Path: [email protected]
The above should be enough information for you to interpret the message header and identify if there are any issues which may interrupt your mail flow.
Summary
Thank you for taking the time to read this post. This article on how to review and interpret email message headers in Exchange Online covers the first step towards the MS-220 exam. Be sure to check out our full study guide below:
This is great stuff! thanks very much