You typically perform a message trace in the FOPE Administration Center when you want to identify problems with message routing in FOPE or to confirm successful message routing. Be aware that this does not trace message routing through Exchange Online.�
You can perform a trace for the following message routing scenarios:
- To receive messages from the Internet and to confirm delivery to an Exchange Online organization.
- To send messages from Exchange Online and to confirm delivery to the Internet.
- To send a message from an Exchange Online user to an Exchange Online user in a different organization. Mail flow travels to FOPE and then back to Exchange Online. (For example, user@contoso-A.microsoftonline.com sends mail to user@contoso-B.microsoftonline.com.)
To perform a message trace, follow these steps:
- Sign in to the FOPE Administration Center (https://admin.messaging.microsoft.com).
- On the Tools tab, click Message Trace.
- Complete the Sender address, Recipient address, Start date, and End date fields, and then click Search.
Note You can specify only the sender domain for the Senderaddress field, or only the recipient domain for the Recipientaddress field. - Check the results.
- If no results are returned, the message may not have reached the FOPE system.
- If there are results, search for the message based on the time that it was sent.
Note Contact FOPE Support if one of the following conditions is true:
- The user's domain is set to external relay in Exchange Online. In this situation, messages are not searchable in the FOPE Administration Center.
- Messages are generated by Exchange Server, such as Out-of-Office messages, automatic replies and nondelivery reports (NDRs). These messages are not searchable in the FOPE Administration Center.
Tracing notifications
The following table lists the
To addresses and the
From�addresses that are used for content such as tracing notifications, restored messages, answerbacks, encrypted messages, and quarantined messages that are released from quarantine.
| Content | From | To | Notes |
|---|
Answerbacks
(used for encrypted message account creation on the account only and not for the actual encrypted message) | hostedencryption@encryption.messaging.microsoft.com | End recipient email address | |
Archive restore
(used for messages that are restored from the archive) | restore@messaging.microsoft.com | Intended recipient | |
Custom policy rule notifications
(traceable only if a notification from address is specified)� | The customer notification address | Sender or recipient, as specified by the policy rule | |
| Deferral notifications | These seem to be untraceable by the Message Trace Tool. This information will be updated, if found otherwise. | These seem to be untraceable by using the Message Trace Tool. This information will be updated, if found otherwise. |
| Daylight saving time (DST) notifications | notifications@messaging.microsoft.com | Notification address | |
| Encrypted messages | Sender | Recipient | Two messages are displayed�(one message to the gateway and the other message to the recipient). |
| Messages that are released from quarantine | Sender's email address | Recipient's email address | - Pull the message ID from the trace details that displays the message that is being sent to quarantine.
- Enter the message ID in the Message ID field of the Message Trace Tool.
- Leave all other fields the same as in the first trace, and then click�Search.
- If two messages appear, the earlier message should show the message that is sent to quarantine and the later message should show the message that is released from quarantine.
|
| Password reset email messages (sent by using "Need Password") | exmailer@microsoft.com | Intended recipient | |
| Quarantine notifications | quarantine@messaging.microsoft.com | Intended recipient | |
Troubleshoot tracing messages
If you cannot trace a message, one or more of the following conditions may be the reason:
- The message did not come through FOPE servers.
- The Return-Path (Mail From) address differs from the�From address (Data field).
This usually occurs with spoofed messages. Obtain the headers for the message, and then try to trace the message from the Return-Path address. - The recipient is�part of a virtual domain.�
Check the recipient to determine whether the account is listed in the FOPE Administration Center. On the left side of the account page, determine whether this recipient is a part of a virtual domain. If this is the case, try to trace the message to and from the virtual domain's domain name. For example, if�user@domain.com belongs to virtual.domain.com, trace to and from user@virtual.domain.com.� - The message was generated by software, and then it was relayed through the mail server. However, the domain that the message comes from is not listed in the FOPE Administration Center.�If this is the case, contact Support.
- You made an error, such as additional spaces or a spelling error, when you entered the search criteria.
- Logs have up to a 30-minute rollover. Therefore, the message's logs may not yet be traceable. Expand the date range to a day before and a day after the message was supposed to have come through the FOPE system.