cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Need clarification around source IP in O365 email headers

Vikram316
Copper Contributor

‎Nov 01 2023 11:10 PM

‎Nov 01 2023 11:10 PM

Need clarification around source IP in O365 email headers

I want to understand how O365 shows the source IP and originating country in its email headers. I see two similar headers in the email source - X-MS-Exchange-Organization-OriginalClientIPAddress and X-MS-Exchange-Organization-ConnectingIP. Both contain the same values. What is the difference between them and why is Microsoft sharing the same information in both places ?

 

For originating country, O365 is showing this header - X-MS-Exchange-Organization-Originating-Country. Which of the above two IPs is it referring to while showing the originating country - is it the OriginalClientIPAddress or ConnectingIP ? There is also CTRY inside X-Forefront-Antispam-Report, is it the same data that is spread across multiple headers ?

 

A follow-up question - How do I find the reverse DNS of the source IP ? Can I use the header X-MS-Exchange-Organization-PtrDomains ? Or PTR: inside X-Forefront-Antispam-Report ?

 

 

 

241 Views
0 Likes
3 Replies
Reply
3 Replies
TAE YOUN ANN

‎Nov 01 2023 11:23 PM

‎Nov 01 2023 11:23 PM

Re: Need clarification around source IP in O365 email headers

@Vikram316 

X-MS-Exchange-Organization-OriginalClientIPAddress is for identifying and tracking the origin of a message,
and X-MS-Exchange-Organization-ConnectingIP is for indicating the IP address used while the message is traveling between servers.

0 Likes
Reply
Vikram316

‎Nov 01 2023 11:37 PM

‎Nov 01 2023 11:37 PM

Re: Need clarification around source IP in O365 email headers

@TaeYounAnn
Thanks for your swift response.
Could you explain when can they be different ? From what I see, it's the same IP in both the headers in all cases.

Also could you help on my other two questions on the Originating country and reverse DNS lookup ?
0 Likes
Reply
TAE YOUN ANN

‎Nov 01 2023 11:56 PM

‎Nov 01 2023 11:56 PM

Re: Need clarification around source IP in O365 email headers

Although their intended purpose requires the two headers to contain different information, in certain Exchange configurations these settings can be configured to return the same IP address.

For example, if your mail server is configured through a firewall, proxy server, or load balancer, the IP address of the incoming connections to the mail server and the mail delivery connection may be the same.

you can use the following command in a command prompt.
nslookup -type=PTR <IP address>
0 Likes
Reply