Understanding Message Headers

Any message that is processed by Mailprotector will include several header lines that provide detail on why a message was quarantined or delivered.  This article will assist you in interpreting that information to determine why a message was quarantined/delivered.

 

Accessing Message Headers

To begin, we will need to retrieve the header data from the email message in question.  If the message has been quarantined, begin by releasing the message.  Once the message is in Outlook, you can retrieve the headers from it:

  • Open the email
  • Click the File Tab
  • Click the Properties button
  • highlight all text in the Internet Headers box and choose "copy",
  • Then paste the text into notepad, or the text editor of your choice

Note: It is not necessary to copy & paste the headers, it simply makes it easier to review them.

 

Understanding message headers

There is quite a bit of information here; for the purposes of determining why a message was delivered / quarantined, we are really only interested in the lines starting with x-mailprotector.

Lets use this message as an example:

  • X-Mailprotector-Decision: deliver
  • X-Mailprotector-Results: spf_pass clean
  • X-Mailprotector-Score: 0
  • X-Mailprotector-IP-Analysis: 0, 205.139.105.174, Ugly c=0.350494 p=-0.2 Source Normal
  • X-Mailprotector-Scan-Diagnostics: 0-0-0-10253-c
  • X-Mailprotector-Timestamp: xxx xxx xxx
  • X-Mailprotector-ID: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

 

The lines we are most interested in are the Decision, Results, and Score lines:

  • X-Mailprotector-Decision: deliver
  • X-Mailprotector-Results: spf_pass clean
  • X-Mailprotector-Score: 0

Here, we can see the message received a spam score of 0, and was delivered.

 

 

Lets take a look at another example:

  • X-Mailprotector-Decisionquarantine_policy
  • X-Mailprotector-Results: spf_pass bulk block
  • X-Mailprotector-Score: 167

Here we have a message that received a spam score of 167.  That is still below the 200 required to quarantine the message, however, it was placed in my policy quarantine due to a block rule.

 

 

Lets look at an additional example:

  • X-Mailprotector-Decisionquarantine_spam
  • X-Mailprotector-Results: truncate spf_pass subject_50_chars debt_credit
  • X-Mailprotector-Score520

 

This particular message was placed in my spam quarantine, as it received a spam score of 520, which is well over the baseline 200 required for a message to be classified as spam.

 

One last example:

  • X-Mailprotector-Decisiondeliver
  • X-Mailprotector-Results:  spf_pass subject_50_chars allow
  • X-Mailprotector-Score: 873

This last message was classified as spam, receiving a spam score of 873 (again, well over the baseline 200 required for a message to be classified as spam).  Normally, this message would be quarantined;  however, it was delivered to my inbox due to an entry on my Allow List.

 

 

Have more questions? Submit a request

Comments