How do I change the 'Message ID' and 'Received From' in Exchange 2013 from being the local Domain

Posted on 2016-09-15
Last Modified: 2016-09-19
As with many people (according to searches) my client is having email bounced by Microsoft because their recently introduced spam checking system is looking further down the email message Header Block and doing a reverse IP lookup on the internal name of the exchange server. This cannot be an FQDN because when the site was taken over we had to accept what had already been set up.

The scenario is (the names have been changed) that is their registered domain and all email goes out on to the internet as This has been the case for several years, but in August 2016 /.com and address started to bounce. No other email bounces.

The name for the internal domain is '' and there are 2 servers, the domain controller called DCDP and the Exchange Server called EXDP. Unfortunately '' is registered and held by someone else, suddenly trying to sell it!

When emails go out, the Message ID and Received From always have '' and what Microsoft's new system appears to be doing is looking up the IP for '' and the IP is of course not the same as where the email came from, and in addition the IP from the 'shortdomainnamesite' is blacklisted. I have an SPF record that includes '', but on this occasion that is of no use because Microsoft are looking up the IP of ''.

I have blamed Microsoft's new system, but that may not be the case. It may be that some organisation has 'sniffed out' this problem and realized that they could capitalize on my dilemma.  

I have looked up whether something can be done via a Shell cmdlet as there are TransportRuleActions for SetHeader and RemoveHeader, but I cannot truly establish whether it is safe to use these - equally I cannot locate anything that gives me the command structure.

I have found some software (that is $200) called Header-Writer, but I don't want to buy that if it only changes one element such as the Message ID - because Microsoft's system may be using the 'Received: from' for their checking.

Any assistance is greatly appreciated.
Question by:davesheppard
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 7
  • 2
LVL 49

Expert Comment

ID: 41800140
Can you share the exact bounce message ?

Author Comment

ID: 41800212
As this now includes some actual IP address, email addresses and Domain Names, please treat with respect. I trust Experts Exchange implicitly.

I am remote from the client and so the bounce message was forwarded, but it is below.  I have changed the name of the servers to match the question, but the where I was using 'shortdomainname' before, in the below you will see it as MPDP.COM, whereas (again in the below) my client is '' rejected your message to the following email addresses: (
A problem occurred while delivering this message to this email address. Try sending this message again. If the problem continues, please contact your helpdesk. gave this error:
SC-001 (SNT004-MC4F44) Unfortunately, messages from weren't sent. Please contact your Internet service provider since part of their network is on our block list. You can also refer your provider to

Diagnostic information for administrators:
Generating server:
Remote Server returned '550 SC-001 (SNT004-MC4F44) Unfortunately, messages from weren't sent. Please contact your Internet service provider since part of their network is on our block list. You can also refer your provider to'
Original message headers:
Received: from ( by
 ( with Microsoft SMTP Server (TLS) id 15.0.1156.6; Mon, 5 Sep
 2016 09:00:29 +0100
Received: from ([fe80::2922:7cf5:5d7d:4c5f]) by ([fe80::2922:7cf5:5d7d:4c5f%12]) with mapi id
 15.00.1156.000; Mon, 5 Sep 2016 09:00:29 +0100
From: Reception <>
To: "" <>
Subject: Appointment Reminder
Thread-Topic: Appointment Reminder
Thread-Index: AdIHS4q+KR1Vdss+Q4iOH32fO1DVBQ==
Date: Mon, 5 Sep 2016 08:00:27 +0000
Message-ID: <>
Accept-Language: en-GB, en-US
Content-Language: en-US
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: []
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
LVL 49

Expert Comment

ID: 41800302
I totally understand your concern, I have now copied the NDR if you wish to remove it

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 49

Expert Comment

ID: 41800322
I really doubt your issue is from the Message ID and Receive From, which you can both remove with a transport rule but I wouldn't advise to do so.

your rejection message is SC-001 which means
# 550 SC-001 Mail rejected by Microsoft  for policy reasons. Reasons for rejection may be related to content with spam-like characteristics or IP/domain reputation. If you are not an e-mail/network admin please contact your E-mail/Internet Service Provider for help.

For me, so far, it looks like a reverse DNS issue more than anything else.

is the public IP you send from Fixed ? I know it has a PTR record but it looks pretty generic to me
LVL 49

Expert Comment

ID: 41800329
Reading you NDR more carefully it clearly states "Please contact your Internet service provider since part of their network is on our block list" so even if your IP is not on any blocklist it seems that hotmail blocked the whole range of IPs...

you could contact MS and/or your ISP provider

Author Comment

ID: 41800337
Hi Akhater

It is a fixed IP and the clients only public IP.

Apologies if I did not make it clear initially, sometimes it is impossible to explain in a single go.
What happens is that Microsoft are reading down the header and picking out CDPEXDP.MPDP.COM.  They are then doing a reverse look up on the domain MPDP.COM and using the returned IP address from that lookup to check against blacklists.  So they look it up and get an address of and that is on a blacklist. I checked this with MX tools.

I just need to ensure that all of the information in the header relates to and not

I do not know how to withdraw specific information from my earlier response so I will just have to take the risk.
LVL 49

Expert Comment

ID: 41800345
Hello Dave

Your initial post is very clear however I am not convinced that this is the issue. the IP rejected is and not

anyhow you have another issue with your SPF record with has a syntax problem and the IP your sending from is not listed in it....

can I know where did you get the info that it is looking in the headers ? split dns (different names inside and outside) are a very common practice Microsoft would know better

Author Comment

ID: 41800356
My Clients ISP provided the information and when I checked my Clients IP is not on any blacklist, but is. I will check the SPF in the morning as I am out tonight and it is time to go.

Thanks so far.
LVL 49

Accepted Solution

Akhater earned 250 total points
ID: 41800362
I agree that you IP is not on the blacklist but Microsoft is blocking the whole range it seems, I do not agree with your ISP assessment but I might be wrong (wouldn't be the first time :) )

Author Comment

ID: 41800644
How do you establish that?
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 250 total points
ID: 41800657
Microsoft don't use public blacklists - they operate their own.
Therefore it is possible to be blacklisted by Microsoft and no one else. They also don't provide tools to check their blacklists.

I would have to agree with the above that checking further down the headers is a pointless exercise and Microsoft's filtering doesn't do that. There are simply too many sites out there using domains they don't own or non-resolving domains.

I expect if you were to route email via another host (such as your ISPs SMTP server) that the emails will go straight through. Although if you are using SPF then you should ensure the server is listed in the SPF record before changing. I would also encourage you to setup a DMARC record as well.

Author Comment

ID: 41800888
So two questions from these exchanges:

1. If you are both correct and my Client's IP is on a Microsoft Blacklist, how do I appeal to get it removed; and

2. What is the syntax error on my SPF record: v=spf1 a m​x ip4:5.10​.105.38 ip​4:92.27.22​8.230 ptr ​include:cm​pdpexch1.m​ in​lcude:rela​y.webhost-​ -​all

Remember that in an effort to protect confidentiality, I was amending the names of the Servers. The actual name of the exchange server is EXCH1, the actual name of the Domain Controller is CMPDP, and the name of the internal Domain is

As mentioned earlier in the question, if you do a Web Search, you will find a lot of people suggesting that organisations are using the internal DNS name in the Header as another spam checker. Of course they could all be wrong as I was just checking what my Client's ISP had said and the number of instances found from searching made be believe them.

Author Comment

ID: 41800962
Thank you Akhater and Simon for your inputs so far.

 Just a further update.

Whilst question 2 from the above still applies (SPF Syntax), I managed to find a form to complete for Microsoft to request mitigation of the IP.  Unfortunately the form only gave the USA options (.com), but hopefully they will replicate across all of their servers.

I have received an automatic email back from Microsoft stating that qualifies for conditional mitigation and that replication could take between 24-48 hours. I will retest on Monday and let you know if this had any effect.
LVL 49

Expert Comment

ID: 41800994
your SPF record is contains inlcude:relay.xxxxx instead of include it is a typo

Author Comment

ID: 41800999
So should it be

1) v=spf1 a m​x ip4:5.10​.105.38 ip​4:92.27.22​8.230 ptr ​​pdpexch1.m​ in​lcude:rela​y.webhost-​ -​all

or 2) v=spf1 a m​x ip4:5.10​.105.38 ip​4:92.27.22​8.230 ptr ​include:cm​pdpexch1.m​ in​lcude:webhost-​ -​all
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 41801469
With SPF records you want to limit the number of DNS lookups.
Therefore you need to get it optimised as much as possible.

Take a look online for SPF optimisation and validation checkers - there are a lot of them about. Have you used something to build the SPF record for you?

Author Closing Comment

ID: 41805357
Thank you both very much, I did not know that MS maintained their own Blacklists and therefore only checked the known blacklists.  With your help and assistance, I managed to find the relevant form on the MS site and completed this last Friday.  As they said it could take up to 48 hours to replicate, I could not really answer until today - when  we tested it and all looks fine.  We now have a conditional mitigation on my clients single IP.  The splitting of the points was done automatically by the EE site, I did not have a choice to allocate.

Just in case anyone else finds this question and sees this closure, the website for the form is

Once again many thanks to you both.

Featured Post

MIM Survival Guide for Service Desk Managers

Major incidents can send mastered service desk processes into disorder. Systems and tools produce the data needed to resolve these incidents, but your challenge is getting that information to the right people fast. Check out the Survival Guide and begin bringing order to chaos.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Save Exchange PowerShell Command 12 36
exchange 2007 5 39
exchange 13 24
ADFS:  Step by Step to enable MFA with ADFS 16 42
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
This article explains how to install and use the NTBackup utility that comes with Windows Server.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question