locked
Determine SMTP Sender address?

    Question

  • Having an increase in messages where the SMTP sender is not the MIME sender.  The MIME sender is shown in Outlook, and the SMTP sender is shown in SMTPReceive .TXT logs produced by Exchange.  Between these two items, there is no way to link an e-mail together other than guessing using timestamps.

    My question is:  How in Outlook (if at all possible) and how in EMC is it possible to view the SMTP sender of an e-mail?  I'm curious to see the whole picture of some of these junk e-mails.

    Monday, June 11, 2012 9:02 PM

Answers

  • What version, service pack and rollup hotfixl level of Exchange are you running?

    Unless you have some kind of SMTP appliance between the Internet and Exchange stripping headers, you should be able to see all of the headers with Outlook.  Perhaps you are confusing the headers with the envelope information?  There is no guarantee that the sender information in the envelope is any more accurate than the headers.


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

    • Marked as answer by Castinlu Monday, June 25, 2012 8:53 AM
    Monday, June 11, 2012 9:33 PM
  • On Mon, 11 Jun 2012 21:02:53 +0000, Mini Button wrote:
     
    >Having an increase in messages where the SMTP sender is not the MIME sender. The MIME sender is shown in Outlook, and the SMTP sender is shown in SMTPReceive .TXT logs produced by Exchange. Between these two items, there is no way to link an e-mail together other than guessing using timestamps.
     
    There's a much more reliable way: use the Message-ID. You'll find it
    in the message headers, in the message tracking logs, and in the SMTP
    protocol logs.
     
    >My question is: How in Outlook (if at all possible)
     
    OL2010? With the message open, click the little arrow in the lower
    right-hand corder of the "Tags" part of the ribbon.
     
    OL2007? It's in the message properties.
     
    >and how in EMC is it possible to view the SMTP sender of an e-mail?
     
    It isn't. Exchange doesn't record what's in the RFC822 headr because
    it doesn't us that to deliver the message.
     
    >I'm curious to see the whole picture of some of these junk e-mails.
     
     
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP
     

    --- Rich Matheisen MCSE+I, Exchange MVP
    • Marked as answer by Castinlu Monday, June 25, 2012 8:53 AM
    Tuesday, June 12, 2012 12:46 AM

All replies

  • What version, service pack and rollup hotfixl level of Exchange are you running?

    Unless you have some kind of SMTP appliance between the Internet and Exchange stripping headers, you should be able to see all of the headers with Outlook.  Perhaps you are confusing the headers with the envelope information?  There is no guarantee that the sender information in the envelope is any more accurate than the headers.


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

    • Marked as answer by Castinlu Monday, June 25, 2012 8:53 AM
    Monday, June 11, 2012 9:33 PM
  • So, in Outlook, looking at internet headers, will show you the MIME sender.  The SMTP sender (which you can also refer to as the envelope sender) is what appears in Exchange logs.  I want to be able to associate these two, per message.  Of course unauthenticated e-mail is never reliable.

    This information is helpful for various reasons, even if untrustworthy.

    Monday, June 11, 2012 9:42 PM
  • On Mon, 11 Jun 2012 21:02:53 +0000, Mini Button wrote:
     
    >Having an increase in messages where the SMTP sender is not the MIME sender. The MIME sender is shown in Outlook, and the SMTP sender is shown in SMTPReceive .TXT logs produced by Exchange. Between these two items, there is no way to link an e-mail together other than guessing using timestamps.
     
    There's a much more reliable way: use the Message-ID. You'll find it
    in the message headers, in the message tracking logs, and in the SMTP
    protocol logs.
     
    >My question is: How in Outlook (if at all possible)
     
    OL2010? With the message open, click the little arrow in the lower
    right-hand corder of the "Tags" part of the ribbon.
     
    OL2007? It's in the message properties.
     
    >and how in EMC is it possible to view the SMTP sender of an e-mail?
     
    It isn't. Exchange doesn't record what's in the RFC822 headr because
    it doesn't us that to deliver the message.
     
    >I'm curious to see the whole picture of some of these junk e-mails.
     
     
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP
     

    --- Rich Matheisen MCSE+I, Exchange MVP
    • Marked as answer by Castinlu Monday, June 25, 2012 8:53 AM
    Tuesday, June 12, 2012 12:46 AM
  • On Mon, 11 Jun 2012 21:42:49 +0000, Mini Button wrote:
     
    >So, in Outlook, looking at internet headers, will show you the MIME sender.
     
    The message needn't be MIME for the headers to be there. Thi headers
    are described in a different RFC to MIME's RFCs.
     
    >The SMTP sender (which you can also refer to as the envelope sender) is what appears in Exchange logs.
     
    That's correct.
     
    >I want to be able to associate these two, per message. Of course unauthenticated e-mail is never reliable.
     
    No, but unless the Message-ID is duplicated you can use that to find
    all you need to know.
     
    >This information is helpful for various reasons, even if untrustworthy.
     
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP
     

    --- Rich Matheisen MCSE+I, Exchange MVP
    Tuesday, June 12, 2012 12:49 AM