Having an increase in messages where the SMTP sender is not the MIME sender. The MIME sender is shown in Outlook, and the SMTP sender is shown in SMTPReceive .TXT logs produced by Exchange. Between these two items, there is no way to link an e-mail together other than guessing using timestamps. My question is: How in Outlook (if at all possible) and how in EMC is it possible to view the SMTP sender of an e-mail? I'm curious to see the whole picture of some of these junk e-mails.

What version, service pack and rollup hotfixl level of Exchange are you running? Unless you have some kind of SMTP appliance between the Internet and Exchange stripping headers, you should be able to see all of the headers with Outlook. Perhaps you are confusing the headers with the envelope information? There is no guarantee that the sender information in the envelope is any more accurate than the headers.Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

What version, service pack and rollup hotfixl level of Exchange are you running? Unless you have some kind of SMTP appliance between the Internet and Exchange stripping headers, you should be able to see all of the headers with Outlook. Perhaps you are confusing the headers with the envelope information? There is no guarantee that the sender information in the envelope is any more accurate than the headers.Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

So, in Outlook, looking at internet headers, will show you the MIME sender. The SMTP sender (which you can also refer to as the envelope sender) is what appears in Exchange logs. I want to be able to associate these two, per message. Of course unauthenticated e-mail is never reliable. This information is helpful for various reasons, even if untrustworthy.

On Mon, 11 Jun 2012 21:02:53 +0000, Mini Button wrote: >Having an increase in messages where the SMTP sender is not the MIME sender. The MIME sender is shown in Outlook, and the SMTP sender is shown in SMTPReceive .TXT logs produced by Exchange. Between these two items, there is no way to link an e-mail together other than guessing using timestamps. There's a much more reliable way: use the Message-ID. You'll find it in the message headers, in the message tracking logs, and in the SMTP protocol logs. >My question is: How in Outlook (if at all possible) OL2010? With the message open, click the little arrow in the lower right-hand corder of the "Tags" part of the ribbon. OL2007? It's in the message properties. >and how in EMC is it possible to view the SMTP sender of an e-mail? It isn't. Exchange doesn't record what's in the RFC822 headr because it doesn't us that to deliver the message. >I'm curious to see the whole picture of some of these junk e-mails. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

On Mon, 11 Jun 2012 21:02:53 +0000, Mini Button wrote: >Having an increase in messages where the SMTP sender is not the MIME sender. The MIME sender is shown in Outlook, and the SMTP sender is shown in SMTPReceive .TXT logs produced by Exchange. Between these two items, there is no way to link an e-mail together other than guessing using timestamps. There's a much more reliable way: use the Message-ID. You'll find it in the message headers, in the message tracking logs, and in the SMTP protocol logs. >My question is: How in Outlook (if at all possible) OL2010? With the message open, click the little arrow in the lower right-hand corder of the "Tags" part of the ribbon. OL2007? It's in the message properties. >and how in EMC is it possible to view the SMTP sender of an e-mail? It isn't. Exchange doesn't record what's in the RFC822 headr because it doesn't us that to deliver the message. >I'm curious to see the whole picture of some of these junk e-mails. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

On Mon, 11 Jun 2012 21:42:49 +0000, Mini Button wrote: >So, in Outlook, looking at internet headers, will show you the MIME sender. The message needn't be MIME for the headers to be there. Thi headers are described in a different RFC to MIME's RFCs. >The SMTP sender (which you can also refer to as the envelope sender) is what appears in Exchange logs. That's correct. >I want to be able to associate these two, per message. Of course unauthenticated e-mail is never reliable. No, but unless the Message-ID is duplicated you can use that to find all you need to know. >This information is helpful for various reasons, even if untrustworthy. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP