Domain Detective

API Reference

Class

MessageHeaderAnalysis

Namespace DomainDetective
Assembly DomainDetective
Implements

Represents the results from parsing message headers.

Inheritance

  • Object
  • MessageHeaderAnalysis

Usage

This type appears in these public API surfaces even when no hand-authored example is attached directly to the page.

Accepted by parameters

Constructors

Methods

public Void CompareExpectedMx(IEnumerable<String> expectedMxHosts, InternalLogger logger = null) #
Returns: Void

Compares the observed message path with expected public MX host names.

Parameters

expectedMxHosts System.Collections.Generic.IEnumerable{System.String} requiredposition: 0
Public MX host names expected to process inbound mail first.
logger DomainDetective.InternalLogger = null optionalposition: 1
Optional logger used to attach expected-MX route findings to assessments.
public Void Parse(String rawHeaders, InternalLogger logger = null) #
Returns: Void

Parses rawHeaders into strongly typed properties.

Parameters

rawHeaders System.String requiredposition: 0
Unparsed header text.
logger DomainDetective.InternalLogger = null optionalposition: 1
Logger used for diagnostics.

Properties

public String RawHeaders { get; set; } #

Raw headers supplied for parsing.

public Dictionary<String, String> Headers { get; } #

All parsed headers keyed by header name.

public Dictionary<String, List<String>> DuplicateHeaders { get; } #

Duplicate header values keyed by header name.

public List<ReceivedHop> ReceivedHops { get; } #

List of parsed Received header hops. Use HeaderIndex for original header order.

public Nullable<TimeSpan> TotalTransitTime { get; set; } #

Total message transit time across all hops.

public Nullable<TimeSpan> MaxHopDelay { get; set; } #

Maximum delay between consecutive hops.

public Nullable<TimeSpan> MinHopDelay { get; set; } #

Minimum delay between consecutive hops.

public String From { get; set; } #

Value of the From header.

public String To { get; set; } #

Value of the To header.

public String Subject { get; set; } #

Value of the Subject header.

public Nullable<DateTimeOffset> Date { get; set; } #

Date of the message if present.

public String DkimResult { get; set; } #

DKIM authentication result.

public String SpfResult { get; set; } #

SPF authentication result.

public String DmarcResult { get; set; } #

DMARC authentication result.

public String ArcResult { get; set; } #

ARC authentication result.

public Dictionary<String, String> SpamHeaders { get; } #

Optional spam related headers.

public List<String> InvalidDkimSignatures { get; } #

Ignored DKIM-Signature headers with invalid signature values.

public List<MessageHeaderIssue> Issues { get; } #

Collection of detected issues.

public virtual List<Assessment> Assessments { get; } #

Gets the assessments value.

public IReadOnlyList<RecommendationAdvice> Recommendations { get; } #

Represents the recommendations value.

public String MessageId { get; set; } #

Value of the Message-ID header.

public String NetworkMessageId { get; set; } #

Microsoft network message identifier when present.

public String CrossTenantNetworkMessageId { get; set; } #

Microsoft cross-tenant network message identifier when present.

public String ExchangeAuthAs { get; set; } #

Authentication attribution reported by Exchange Online.

public String CrossTenantAuthAs { get; set; } #

Cross-tenant authentication attribution reported by Exchange Online.

public Nullable<Int32> Scl { get; set; } #

Spam confidence level reported by Exchange Online.

public String MailboxDestination { get; set; } #

Mailbox destination parsed from Microsoft anti-spam delivery headers.

public String ForefrontSourceIp { get; set; } #

Connecting IP parsed from X-Forefront-Antispam-Report.

public String ForefrontHost { get; set; } #

Source host parsed from X-Forefront-Antispam-Report.

public String ForefrontSfv { get; set; } #

Spam filtering verdict parsed from X-Forefront-Antispam-Report.

public String ExternalInOutlookResult { get; set; } #

External sender tagging result reported by Outlook/Exchange Online.

public Boolean SeenMicrosoftEop { get; set; } #

Indicates that Microsoft Exchange Online Protection headers or hops were observed.

public Boolean SeenProofpoint { get; set; } #

Indicates that Proofpoint headers or hops were observed.

public Boolean DirectToExchangeOnlineObserved { get; set; } #

Indicates that the message appears to have entered Exchange Online directly.

public Boolean DeliveredToInbox { get; set; } #

Indicates that Microsoft classified the delivered destination as Inbox.

public Boolean DmarcFailed { get; set; } #

Indicates that DMARC failed or did not produce a pass result.

public Boolean DkimMissingOrFailed { get; set; } #

Indicates that DKIM was missing, failed, or did not produce a pass result.

public Boolean SpfFailedOrSoftFailed { get; set; } #

Indicates that SPF failed, soft-failed, or did not produce a pass result.

public Boolean SameDomainSelfSpoof { get; set; } #

Indicates that From and To use the same address domain.

public Boolean RedirectedToProofpoint { get; set; } #

Indicates that Microsoft headers show routing toward Proofpoint after Exchange Online.

public Boolean ReceivedFromProofpoint { get; set; } #

Indicates that Microsoft headers show a message returning from Proofpoint.

public Boolean GatewayLoopDetected { get; set; } #

Indicates a likely EOP to gateway to EOP processing loop.

public Boolean AuthenticationFailedDeliveredToInbox { get; set; } #

Indicates failed authentication on a message that still reached Inbox.

public Boolean SelfSpoofDeliveredToInbox { get; set; } #

Indicates same-domain self-spoofing on a message that still reached Inbox.

public List<String> ExpectedMxHosts { get; } #

Expected public MX hosts supplied by the caller for route comparison.

public Boolean ExpectedMxObserved { get; set; } #

Indicates that at least one expected public MX host appears in the observed route.

public Boolean ExpectedMxBypassed { get; set; } #

Indicates that expected MX hosts were not observed while direct Exchange Online ingress was observed.

public String SourceIp { get; } #

First likely external source IP from structured Microsoft headers or Received hops.

{{ include "footer" }}