In my line of work, I am constantly requesting message samples from organizations so that I can analyze the headers. Whether an end user has received a message that they believe should have been marked as spam, or they receive a message that was marked as spam that should not have been, step one of the troubleshooting starts with asking for the original message. Forwarding a sample message does not work as the original headers are destroyed.
Less known by most people is that forwarding a sample as an attachment is also problematic.
When a message is forwarded in this way the Outlook desktop application will compress the attachment to reduce the sending size. The problem with this is that headers in the original message will be stripped, and quite often the EOP headers that we are looking for will be gone.
To guarantee that the original message along with its' headers are forwarded intact, the message first needs to be saved to your desktop, then compressed (I recommend adding the message to a .zip archive), and then sending the compressed file as an attachment. The Outlook Desktop client will not modify a message in a zip file, and this will ensure the complete message with all headers intact will arrive at the destination.
Let’s look at an example. I have a sample message that I have sent to myself twice. The first time the message was attached using the “Forward as Attachment” button in the Outlook desktop client. The second time it was first added to a .zip file, and than that compressed file was attached to the email. Here are the resulting headers from each send.
The header on the left is from the message that was sent in a .zip file. The header on the right is from the message that was attached directly to a sent message. The text highlighted in red on the left is absent in the header on the right. It looks like Outlook removed half of the headers from the original message!
Headers play such a crucial role in troubleshooting messages and it is imperative that they remain intact when sending them to other people. Moral of this story, always add a message to an archive first before sending it to me.