How to learn RFC's and how internet email work

techdrive used Ask the Experts™
Hi I have worked in the capacity of  Microsoft Exchange server and AD for sometime, but recently have received additional duties and one of them is reading email headers. For example making a determination of why an email was blocked, tagged etc.. on firewall appliance. Any guidance on where I can receive resources to learn RFC's and how internet email work. I don't see a lot of material but only unix resources like postfix and sendmail. I I have been kind of winging it and using google but would like some more formal information about this stuff.
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Software Engineer
Distinguished Expert 2018
RFC's are public readable specifications.
RFC 1 sets some guidlines.

RFC's can be found here:
just change the number.

There is quite some specific language used, so read a few RFC's for things you know.
Mail starts with RFC 821:
but is superceeded as you can find.

Mailheader reading is more than just RFC's.., Those only specify How those work, the actual content is determined in part by mailers involved. (besides teh ones mandated by RFC's).

Here is more on mail headers also providing some help analyzing them.

This might help on DIY
Distinguished Expert 2017

Noci kindly covered the RFC related part of your question which actually has no relation to the additional duties you gave directly.

The main point of the SMTP rfc 822, 2822.. Deals with the requirement that each mailserver accepting a message must add their marker atop the message header.
Received: from name [ip]
                By receiving server, ip time stamp

The duties you have relate more to your setup, I.e. Based on what criteria your server assesses, SPF, DomainKeys, Exchange version anti-spam, virus.

Often, the mail flow logs should convey the reason the message was routed into the spam folder.

Whether your filtering add header  entries to convey the reason for ..... includes a blacklist ref. In the event your system uses/includes rules to reject messages from "known spam" sources based on one or several DNS black lists.
David FavorFractional CTO
Distinguished Expert 2018

You said, "For example making a determination of why an email was blocked, tagged etc.. on firewall appliance."

This has little to do with any RFCs (potentially) + everything to do with your firewall appliance.

There is no RFC about how to block email, only how email delivers.

Also keep in mind the blocks you're seeing may be generated upstream by a Provider (Gmail/Hotmail/Yahoo/etc...) + simply pass through to your firewall appliance.

Best to analyze the exact reason for the block (no RFC for this either), by reading the SMTP response code + tracking back up the entire chain till you find where the response code was actually generated.

This type of debugging can leave you muttering in dark corners pulling at your hair.

If you get stumped, best engage someone who does type type of debugging all day long.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial