Email Receipt and Delivery Views

Document created by user.oxriBaJeN4 Employee on Sep 10, 2015Last modified by user.oxriBaJeN4 Employee on Apr 20, 2018
Version 11Show Document
  • View in full screen mode

For every inbound, outbound, or internal message processed, Mimecast provides the following views:

  • Receipt View displays information relating to when Mimecast accepted / received the message.
  • Delivery View displays information relating to when Mimecast delivered the message.

 

These views are useful when troubleshooting email delivery, or investigating a possible spam message. Both views provide the details of the sender, recipient, mail servers, dates, times, and email components. They also show an event (receipt or delivery) which ties in with how and why Mimecast either accepted the email, or delivered the email to the next mail server.

  • The receipt event is useful to determine why Mimecast accepted  a potential spam email.
  • The delivery event can be used to confirm that an email has been delivered to the next hop mail server. It also displays all the policies that matched traffic flow when the email was processed. This helps identify why an email was handled in a certain way, or when testing new policies.
Message retention information can also be accessed from these views.

Viewing the Receipt / Delivery Views

 

The receipt and delivery information is available for all messages that have been processed by Mimecast, including emails in the archive. The date the email was processed determines where the email can be viewed.

 

Non-Archived Messages

 

To view the receipt / delivery view for a non-archived message:

  1. Click the Administration | Gateway | Accepted Email menu item. A list of messages is displayed.
  2. Click on the email to open it. The email is opened in the Delivery View with the message's header and body information displayed.
  3. Click either the:
    • View | View Transmission Data menu item to display information on the message envelope, receiving remote servers, transmission information, and transmission components. The Transmission Components section shows all of the email components, including any attachments, embedded images, text and HTML components. The summary also includes the transmission size of each component.
      These details apply to the received and delivered version of the email. If any policies have been configured to link / block attachments, this is reflected in the delivery summary. To view transmission components for email receipt (prior to any policies being applied) view the Receipt information.
    • View | View Email Policies menu item to display the policies applied at transmission, and the message's preservation details. These can be specific in the Attachment Management, Content Examination, Smart Tag Assignment or Stationery Assignment groupings. This information can be useful when troubleshooting what happened to an email, or why an email has been handled in a certain way. For example if you have multiple signatures in your environment, and wanted to see why an email has a certain signature appended.
    • View | View Transmission Body menu item to return to the default header and body information view.
  4. Click on the Show Receipt button to display the Receipt View.
  5. Click on the Show Delivery button to return to the Delivery View.

 

Archived Messages

 

To view the receipt / delivery view for an archived message:

  1. Click the Administration | Archive | Archive Search menu item. A list of messages is displayed.
  2. Click on the email to open it. The email is opened in the Receipt View with the message's header and body information displayed.
  3. Click either the:
    • View | View Message Retention menu item to display information on the message's retention and audit information.
    • View | View Receipt Information menu item to display message and component information.
    • View | View Transmission Body  menu item to return to the default header and body information view.
A message that contains more than one recipient is only listed once in the archive search results. All recipients of the message are listed in the "Message To" field displayed in the Message Information section of any view.

Receipt Information

 

A message's receipt information includes the following:

 

DetailsDescription
Receipt EventDisplays how the email was received by Mimecast (e.g. Authorized IP, Permitted Sender list, Open Greylist, Auto Allow List). See the Receipt Events section below for more details.
Message Expires OnDisplays the date the message will be purged from Mimecast based on your configured content retention periods.
Message Expires InDisplays the number of days remaining before the message is purged based on your configured content retention periods.
Processing ServerDisplays the Mimecast service that processed the email.
Transmission SizeDisplays the cumulative binary size in bytes of each component of the email transmission, including encoding.
Binary Email SizeDisplays the cumulative binary size in bytes of each component of the email transmission.
Remote IPDisplays the IP address of the sending server that connected to Mimecast.
Remote HostDisplays the hostname of the sending server that connected to Mimecast.
Remote GreetingUsually displays the SMTP domain name (or IP address) of the sending server.
Receipt AcknowledgementDisplays the acknowledgement issued by Mimecast to indicate that the email was accepted.
Transmission StartedDisplays the date and exact time that the transmission of the email started.
Transmission EndedDisplays the date and exact time that the transmission of the email ended.
Transmission DurationDisplays the total email transmission time in milliseconds.
Encryption InformationDisplays whether the email was sent using TLS encryption or another method.

 

Receipt Events

 

Each message's receipt information includes a receipt event. This specifies how or why the message was received by Mimecast. These include:

 

Receipt EventDescription
Email ReceivedA generic email receipt that is no longer in use.
Email Received via WebmailThe message was sent from Mimecast Personal Portal (MPP).
Email Received via Outlook ConnectorAn obsolete event no longer used by the MTA.
Email Received via DR SMTP SubmissionThe message was sent by an Outlook connector.
File Archive Email ReceivedThe received message was a file archiving request.
Email Received via SysEmail LoopbackThe received message is a loopback notification generated by the MTA. This allows full message processing (e.g. stationery) on notifications.
Email Received via IMThe message was an IM request.
Email Received via SendToMeThe message was a SendToMe request.
Email Received via Journal ConnectorThe message was received as a journaled message.
Email Received via LFSThe received message contained a Large File Send (LFS) request.
Email Received via LFRThe received message contained a Large File Receive (LFR) request.
Journal Email Received by Journal ConnectorThe email has been received/retrieved from the journal mailbox.
Email Received via System PostmasterAn obsolete event no longer used by the MTA.
Email Received via Authorized IP AddressThe sending IP address is configured as an Authorized Outbound IP address within your Mimecast account (applies to outbound mail)
Email Received via Authorized SMTPThe message was sent through Mimecast using SMTP Authentication. Usually applies to POP3 / SMTP domains or customers that have configured SMTP authentication from the SMTP connectors on their mail server.
Email Received Through Known IP Address with Spam ChecksThe message was received from a known IP address, but it is marked as inbound.
Email Received via Validated SPF DomainThe received message was sent from a domain that has passed SPF validation.
Email Received via Permitted IP AddressThe sending IP address of the message is listed in a Permitted Senders Policy. This applies to inbound email.
Email Received via Permitted SenderA Permitted Senders Policy is configured to always bypass spam checks for the sender’s address or domain, based on the Return Address (Email Envelope From).
Email Received via Header Based Permitted SenderA Permitted Senders Policy is configured to always bypass spam checks for the sender’s address or domain, based on the Message From Address (Message Header From)
Email Received via Permitted IPAn inbound message was sent from a white listed IP address.
Email Received via Auto Allow ListThe senders email address is trusted by your Mimecast local reputation system (i.e. someone has sent a message to this address previously. This applies to inbound email.
Email Received via Auto Allow List - Sampled for Spam / VirusAn obsolete event no longer used by the MTA.
Email Received via Header Based Auto Allow ListAn Auto Allow Policy is configured to apply to the Message From Address (Message Header From).
Email Received via Manual Permitted SenderA user has added the sender’s address or domain to their Permitted Sender list, either by using the digest or select Mimecast user services.
Email Received via Header Based Manual Permitted SenderThe message was accepted based on P2 header white list checks.
Email Received via Open GreylistThe message has passed local Greylisting checks. This applies to inbound email only.
Email Received via RWL Greylist BypassThe message was not subjected to greylisting, because the server sending the message is listed in Mimecast’s global bypass list.
Email Received - Perimeter Checks Not SetThe message has passed through Mimecast, due to there being no inbound Greylisting Policy enabled, or there is a Take No Action greylisting policy applying to the address / domain.
Email Received - RBL Check Bypassed Due to Known IP AddressThe message was received from a known IP address, and the real-time blacklist checks were bypassed.
Email Received - Possible Spam (Tagged)The message is suspected to be spam and was tagged as spam.
Email Received - Possible Spam (Hold)The message is suspected to be spam and was held.
Email Received - Possible Spam (Tag and Hold)The message is suspected to be spam and was held and tagged as spam.
Email Received - Possible Junk (Tagged)The message is suspected to be junk mail and was tagged as junk.
Email Received - Possible Junk (Tag and Hold)The message is suspected to be junk mail and was held and tagged as junk.
Outbound Email Received - Possible Spam (Notify)The message is suspected to be spam, and a notification was created to alert administrators.
Outbound Email Received - Possible Spam (Hold)The message is suspected to be spam and was held.
Email Received - Possible Porn Image EmbeddedAn obsolete event no longer used by the MTA.
Email Received - Possible Spam Message and Porn Image EmbeddedAn obsolete event no longer used by the MTA.
Email Generated via Group Carbon CopyThis message is a copy of another message, that was created to be sent to a recipient specified by a Group Carbon Copy Policy.
Email Received via Open Greylist - SuspiciousThe email has passed local greylisting checks, but one of the relay servers involved in the transmission of the mail is not trusted by the Mimecast Global Reputation system (applies to inbound mail only)

 

Queue Detail Status

 

Additional information is available in the receipt Information for non-archived messages, and specifically for those that have not been successfully delivered. The Queue Detail Status field displays information about why an email has not been delivered to the intended recipient. For example it:

  • Was bounced by the next hop.
  • Is in the delivery queue.
  • Is in the hold queue based on matching a spam scanning policy (e.g. messages with the receipt event)
  • Has an Email Received via Open Greylist  event, and may still be held by Mimecast Spam Scanning Policies.

These messages are accessible in the Accepted Email view, as they have not yet reached their final state (i.e. been successfully delivered). Emails are only archived once they are released, deleted, or rejected from the hold queue.

 

Accepted_Messages_Queue_Detail_Status.png

 

Envelope From Address

 

Newsletter and marketing companies often mask the true sending address of an email. This means an email may appear to come from newsletter@domain.com, when the real address is something like cust1234-abc@mail.domain.com. This masked sending address is referred to as the Header FROM address, and the true sending address is referred to as the Envelope FROM address. Mimecast policies are by default based on the Envelope FROM address.

 

When creating policies based on external addresses (inbound email) always use the envelope FROM address or domain. You can identify this address by using the Receipt View. The Envelope FROM address is listed after the Viewing RECEIPT from text.

 

Sender Privacy Policy

 

End users can change message sensitivity levels to emails in Outlook. If the sensitivity of an email is changed from the Normal status (i.e. to Personal, Private or Confidential) and the message is submitted to Mimecast, the Sender Privacy Ppolicy is applied. This policy is not available in the Administration | Gateway | Policies menu item, but is enabled by default.

 

If the policy is applied to an email, there are two end effects:

  • The message is not replicated to Mimecast through Folder Sync.
  • The message is not displayed in delegate mailboxes.
    This policy does not apply retrospectively, but will only take effect when the message is sent through Mimecast (or uploaded through Journaling and Ingestion).

The email is still accessible to the user in their mailbox Archive Search, and to Administrators through the Administration Console Archive Search or eDiscovery Cases.

 

Delivery Information

 

Delivery information is available for inbound and outbound messages, and displays the details when Mimecast delivered the email. Each email delivered has a delivery event, that details how the message was delivered by Mimecast.

 

A message's delivery information includes the following:

 

DetailsDescription
Envelope Information
From Envelope AddressThe envelope FROM address (the sender)
To Envelope AddressThe envelope TO address (the recipient)
Message RouteHow the email was received (internal, outbound, internal)
Message Information
Delivery Event *How the email was delivered (via MX lookup, routing policy, etc.)
Message Expires OnThe date that the message will be purged from Mimecast (based on your configured content retention periods)
Message Expires InThe amount of days remaining before the message is purged  (based on your configured content retention periods)
Processing ServerThe Mimecast service that processed the email
Transmission SizeThe cumulative binary size in bytes of each component of the email transmission – including encoding
Remote IPThe IP address of the remote server where the email was delivered to
Remote HostThe hostname of the remote server that the mail was delivered to
Remote GreetingThe SMTP greeting banner that the remote server presented
Receipt AcknowledgementThe acknowledgement that the remote server issued to indicate that email delivery was accepted (Note: this information is important when proving delivery of an email)
Transmission StartedThe date and exact time that the transmission of the email started
Transmission EndedThe date and exact time that the transmission of the email ended
Transmission DurationThe total email transmission time in milliseconds
Encryption InformationDetails whether the email was sent using TLS encryption or not

 

Delivery Events

 

Each message's delivery information includes a delivery event. This specifies how or why the email was delivered by Mimecast. These include:

 

Delivery EventDescription
Email Generated by File ArchivingThe message has been processed for File Archiving.
Email Delivery AbortedAn obsolete event no longer used by the MTA.
Email Delivery Aborted - Soft BounceMimecast has attempted to deliver the message according to the retry schedule, but delivery hasn't been successful and the message has timed out.
Email Delivery Aborted - Hard BounceThe remote mail server has rejected the message with a SMTP 500 error code. See the Mimecast SMTP Error Codes page for further details.
Email Delivery Aborted - Delivery Hold DroppedAn obsolete event no longer used by the MTA.
Email Delivery Aborted - Damaged EmailThe message was marked as damaged and couldn't be exported or delivered. This may happen due to missing files, addresses, domains, etc.
Email DeliveredAn obsolete event no longer used by the MTA.
Email Delivered to MailboxThe message was delivered to the users mailbox located on the Mimecast server. Applies to POP3 domains only.
Delivered to CCM Isolation AreaA Closed Circuit Messaging (CCM) Policy was applied to an outbound message, and the message was successfully delivered using CCM.
Email Delivered to Mailbox Forwarding AddressThe message was forwarded to another mailbox in the Mimecast account. Applies to POP3 domains only.
Email Delivered via MX ResolutionThe message was delivered using the MX record of the recipient's domain.
Email Delivered to Forwarding Address via MX resolutionThe message was forwarded to another email address, and was delivered using the MX record of the recipients domain.
Email Delivered via Routing RuleThe message was delivered using a Forwarding Address Policy in the Mimecast account.
Email Delivered to Forwarding Address via Routing RuleThe message was forwarded to another email address, and was delivered using a Forwarding Address Policy in the Mimecast account.
Delivered to SpaceAn obsolete event no longer used by the MTA.
Delivered to Space CommandAn obsolete event no longer used by the MTA.
Delivered to JournalThe message was journaled and has been processed. The message isn't delivered to a remote server.
Delivery DroppedMessage delivery couldn't be completed (e.g. the recipient's server wasn't available) and we won't try delivering the message again. This usually happens after 30 retries.
LFS Delivery AcceptedLarge File Send was used to transmit a notification with the original email body, and a separate set of notifications to access the attachments
4 people found this helpful

Attachments

    Outcomes