While troubleshooting issues related to email delivery, email message header information is really useful information which can help to find root cause of the issue. Recently, It was reported to me that some of the emails sent by the partner company is being Filtered as Spam and Some of the emails are being redirected to a different internal email address.
I investigated the issue by first performing a Message trace from Exchange admin center. If you are an Exchange administrator or Global Administrator you can perform a message trace by following below steps:
- Login on Exchange admin center (https://admin.exchange.microsoft.com).
- Go to Mail Flow > Message trace.
- Click on + Start a trace.
To narrow down your search, you can provide Sender and Recipient email address or domain name. Select the Time range, Delivery status, Direction details etc. and click on Search. This will provide the data on the dashboard. You can click on each email to find more information about the mail flow.
For example: When clicked on one of the email which has the status of FilteredAsSpam, it provided further information that “The message was delivered to the Junk Email folder.” However, you cannot view message header information from here which you will need for further analysis. Let’s check how to get email header information.
Option 1 – Get Email message header information from Microsoft 365 defender portal
You could ask the receipient to send the email as an attachment and then you can extract email header information from it. What if you do not have this option available ? In that case, you can also view email header information from Microsoft 365 defender portal.
To View Email message header information, please follow below steps:
- Login on Microsoft 365 defender poral (https://security.microsoft.com).
- Email & Collaboration > Explorer.
- When you click on Explorer, it will open Threat Explorer page.
- Search for the email using the filters.
| Important |
|---|
| Please note you will not see Explorer option if you have Microsoft Defender for Office 365 Plan 1 license. If you have Microsoft Defender for Office 365 Plan 1 license assigned to the users, you will see Real-time detections option instead. To know more about the difference between Microsoft defender for Office 365 Plan 1 vs Microsoft defender for Office 365 Plan 2 click here. |
- Click on the email to get more information about it. Then click on View header.
- Under the tab “Plain-text email header“. Click on Copy message header to copy the email message header information for further investigation.
Option 2 – Get Email message header information from Outlook
If you have a copy of an email saved or sent to you as an attachment or If you have access to Outlook desktop client or Outlook Web client where the email was delivered. You can get the email message header information. Please follow below steps to get the required info:
2.1 Get email header information from Outlook Web Access Client (OWA)
Please follow below steps to get email header information from Outlook Web Access client.
- Login on Outlook Web Access client (https://Outlook.office365.com/owa)
- Search for the email for which you want to get email header.
- Right click on the email and click on View > View message details.
- You will see Message details which provides Email message header information. You can copy all the text from Message details and perform further Investigation / Analysis on it.
2.2 Get email header information from Outlook Desktop Client
You can also get email message header from Outlook Desktop client. Please follow below steps for the same:
- Launch Outlook Desktop client.
- Search for the email for which you want to get email header.
- Open the email by double-clicking on it.
- After you open the email. Go to File > Properties.
- You will see Internet headers. You can copy all the text from Internet headers textbox and copy to a notepad. This will be the email header information for that email. You can then perform further investigation / analysis on this email header to find more details about the email flow.
How to analyse Email Headers
Now we got the email header information, as you have seen raw data from the internet header is not easy to read. You can analyse the email address using many email header analyzers available. To analyse email header, I have provided few of the options below:
Use Microsoft Message header analyzer
You can paste email header into Microsoft message header analyzer and click on Analyze headers to analyse the email header information.
Use MXtoolbox Email Header Analyzer
You can also paste email header into MXToolbox Email Header Analyzer and click on Analyze header to analyse the email header information.
Conclusion
In this blog post, we have seen different ways to find email header information. This information is required to analyse the issue in email delivery. If you have logged a ticket with Microsoft related to an issue with emails, you may be asked to provide this information. Therefore, its best to know how to get this information from the user and also from Microsoft 365 defender portal as well.
You will not be able to get email header information from Microsoft 365 defender portal if users are assigned with Microsoft defender for Office 365 Plan 1 license. You will have to either get a copy of the email sent to you as an attachment or have access to either Outlook for web or Outlook desktop client where the email was sent to.
READ NEXT
- Block Emails Based On File Attachment Extension In Office 365
- How To Create Defender Antivirus Exclusions Using Intune
- How To Whitelist A Website Or Domain In Microsoft 365 Defender
- Block Office 365 Apps On Specific Devices Using Azure AD Conditional Access
- Onboarding Devices To Microsoft 365 Apps Admin Center