They are instrumental tools which provide essential information about the emails; ranging from its origin, path taken across the network to its destination, size, importance, and many more. An in-depth understanding of message headers is necessary to troubleshoot various email delivery issues and ensure optimum performance of your mailing system.
Understanding Message Headers:
Each email message comes with headers that carry crucial tracking information. These headers are divided into two categories; “Standard Headers” and “Non-standard X- Headers”. The former category includes universal headers like “From,” “To,” “Subject,” and “Date” that are both essential and mandatory. The latter category includes flexible headers that can be defined by the sender and may-have headers like “X-Originating-IP,” which contains the IP address of the email sender.
Analyzing Message Headers:
Analyzing headers can inform you about the transit path of an email message from the sender to the receiver along with the “hops” it took across servers. It also provides insights into the protocols used, any errors encountered and much more.
Message header analysis is an integral part of many security features in MS-203, such as diagnosing sender verification failures, identifying malicious senders, and understanding message delivery problems.
How To View Message Headers in Microsoft 365:
While the steps to view message headers can vary depending on the email client used, in Microsoft 365, you can do this:
Select the particular message, then click on Actions -> View message details.
This command will display the complete details of the message headers.
Example of a Message Header:
- “Return-Path”:
- “Received”: from
by with SMTP id - “From”:
- “To”:
- “Date”:
- “Subject”:
Tools for Analyzing Message Headers:
Microsoft 365 provides a Message Header Analyzer tool which simplifies the process of header analysis for administrators. This tool enables users to view, understand and analyze email headers efficiently. You just need to copy and paste the header details into the tool, and it will present the details in an easy-to-understand interface.
Using Message Header Analyzer tool, you can not only understand various data points like Sender, Recipient, Sender IP, but also identify the reasons for mail not getting delivered to the recipient, if there are any.
Message Header Analyzer tool focuses on two categories of information:
- Basic Information: This includes Sender, Recipient, Timestamp, Message ID, and the Message Trace ID.
- Detailed Information: It includes more intricate details including IP addresses involved, server names, hops count, SPF checking status, and more.
Security and Compliance in Message Headers:
Understanding and analyzing message headers not only speeds up troubleshooting but plays a crucial role in ensuring security and compliance. Tracing email paths, the origin of senders, and verifying secure protocols helps optimize your Microsoft 365 mail performance and enhance its security.
In conclusion, mastering the art of analyzing message headers can give system administrators an edge in managing and optimizing Microsoft 365 messaging. It not only helps with troubleshooting but also gives a detailed overview of mail paths and activities, aiding in maintaining a secure and compliant messaging environment.
Practice Test
All emails contain message headers.
- A. True
- B. False
Answer: A. True
Explanation: Every email contains message headers which are used by Mail servers to deliver emails correctly.
The email envelope is the same as the email header.
- A. True
- B. False
Answer: B. False
Explanation: The envelope typically contains recipient addresses, while the header consists of fields such as Subject, Sender, Date and Time, etc.
Which of the following are parts of an email header?
- A. From: Field
- B. To: Field
- C. Email Body
- D. Subject Field
Answer: A. From: Field, B. To: Field, D. Subject Field
Explanation: The From, To, and Subject fields are all parts of an email header. The email body is not part of the header, but is the main part of the email message.
Message headers contain sensitive information about the sender and receiver.
- A. True
- B. False
Answer: B. False
Explanation: Email headers contain routing information, not sensitive information about the sender or receiver.
Bounces and feedback loops are found in the message headers.
- A. True
- B. False
Answer: A. True
Explanation: Bounces and feedback loop reports typically include the original message headers, which help to identify the message related to the report.
SPF and DKIM values are found in the message header.
- A. True
- B. False
Answer: A. True
Explanation: SPF and DKIM values are involved in the validation of emails and can be found in the header in the return-path and DKIM-signature fields.
The Envelope Sender address is located within the message header.
- A. True
- B. False
Answer: B. False
Explanation: The Envelope Sender address is not located within the header, it is part of the SMTP transaction.
Message ID that is found in headers is unique for each email.
- A. True
- B. False
Answer: A. True
Explanation: Message ID found in headers is generated by the server that makes the final delivery of the email, and it is unique for each email.
Which element in the message headers can be used to trace the source of spam messages?
- A. Return-Path
- B. Date and Time
- C. Subject Line
- D. SMTP Hostname
Answer: A. Return-Path
Explanation: Return-Path provides a way to trace the source of a message and is often used when tracing spam messages.
Email clients display the full message header by default.
- A. True
- B. False
Answer: B. False
Explanation: Email clients usually display a simplified header with only the basic information. The full header can be viewed, but you typically need to select an option to see it.
Interview Questions
What crucial information about the sender, recipient, and email’s path is communicated by the Header in an email message according to Microsoft 365?
The Header in an email message provides information about the sender’s and the recipient’s email addresses, the authentication of the sender’s domain, the servers it has passed through on its way to the recipient, and the message’s timestamp.
How can you view message headers in the Outlook desktop app in Microsoft 365?
You can view message headers in the Outlook desktop app by opening up the email, clicking on ‘File’, then ‘Properties’. Here, you will see the Internet Headers box which contains the header of your email message.
What information is held in the “Received: from” line in an email header?
The “Received: from” line in an email header holds information about each server that an email passes through on its journey from the sender to the recipient. It also includes the IP address and timestamp.
What is the purpose of the Message-ID field in the email header?
The Message-ID field in the email header is a unique identifier for each message which can be used to track or refer to the specific message.
What does the “Return-Path” header field specify in an email?
The “Return-Path” header field specifies the email address to which bounce-backs or error messages should be sent if the message cannot be delivered.
What does the “SPF check” line in an email header indicate?
The “SPF check” line in an email header indicates whether the domain from which the email originated has passed the sender policy framework (SPF) check, which is a validation system designed to detect and block email spoofing.
What is the purpose of the DKIM-Signature in the email header?
The DKIM-Signature field in the email header helps in detecting forged sender addresses in emails, which is a technique often used in phishing and spam email.
What does the ‘X-Forefront-Antispam-Report’ field in the email header indicate?
The ‘X-Forefront-Antispam-Report’ field in the email header provides insights about the message’s spam processing, such as spam detection verdicts, IPs, and protection policy results.
What does the ‘X-Microsoft-Antispam’ in the email header indicate?
The ‘X-Microsoft-Antispam’ field in the email header provides the message’s bulk complaint level (BCL) and spam confidence level (SCL), which are used to determine if the message is bulk mail or spam.
What does the ‘Authentication-Results’ field in the email header display?
The ‘Authentication-Results’ field in the email header displays the results of each authentication check, including SPF, DKIM, and DMARC.
What does DMARC Verification status in an email header indicate?
DMARC verification status in the message header indicates whether the message has passed or failed Domain-based Message Authentication, Reporting, and Conformance (DMARC) check.
What are the entries present in the ‘X-OriginatorOrg’ field in the email header?
The ‘X-OriginatorOrg’ field in the email header displays the tenant domain, essentially indicating from where the message was originally sent.
What is the significance of the ‘X-MS-Exchange-CrossTenant-originalarrivaltime’ in the message header?
The ‘X-MS-Exchange-CrossTenant-originalarrivaltime’ in the message header reveals the precise time the message reached Microsoft’s data center.
What does ‘X-MS-Exchange-CrossTenant-fromentityheader’ field in the email header indicate?
The ‘X-MS-Exchange-CrossTenant-fromentityheader’ field in the email header describes the nature of the sender’s identity. For example: Hosted, Internet, and OnPremises.
What details does the ‘Thread-Index’ line in an email header hold?
The ‘Thread-Index’ line in an email header keeps track of the conversation threads from an email, enabling the messages to be grouped together in the correct order.
extutorials.com