Frequently Asked Question

GEN Email Headers

Last Updated 3 days ago

GENs Adaptive Email Gateways

Provide a wealth of information and analysis in the headers for you to then route as you see fit. This goes way beyond simple spam scoring, but enables intelligent delivery to be put in place across your domains or per user.

Spam Classification

X-Virus-Scanned: GENX Maxim Enhanced Analysis - www.gen.uk
X-Spam-Flag: NO
X-Spam-Score: 1.012
X-Spam-Level: *
X-Spam-Status: No, score=1.012 tagged_above=-999 required=3
 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, JUNKY=1,
 RCVD_IN_MSPIKE_H2=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001,
 RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001,
 T_KAM_HTML_FONT_INVALID=0.01] autolearn=no autolearn_force=no

Here we can see the X-Spam-Flag: NO indicates this is likely not spam, but then we have the actual aggregate score in X-Spam-Score of 1.012. X-Spam-Status breaks down the spam score for diagnostics purposes.

Reputation Classification

Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=1.2.3.4; helo=du2pr03cu002.outbound.protection.outlook.com; envelope-from=someone@geezer.com; receiver= 
DMARC-Filter: OpenDMARC Filter v1.4.2 reliance1.gen.network CE598A8F
Authentication-Results: OpenDMARC/CE598A8F; dmarc=none (p=none dis=none) header.from=geezer.com
DKIM-Filter: OpenDKIM Filter v2.11.0 reliance1.gen.network CE598A8F
Authentication-Results: reliance1.gen.network;
    dkim=pass (1024-bit key, unprotected) header.d=zkteco.onmicrosoft.com header.i=@someone.onmicrosoft.com header.a=rsa-sha256 header.s=selector1-zkteco-onmicrosoft-com header.b=Qqx5NwP/

Here we can see the SPF result is a Pass, DKIM is also a pass, and DMARC policy is 'none'

There are detailed in the headers

X-GEN-D-SPF: pass
X-GEN-D-DKIM: pass
X-GEN-D-DMARC: pass:quarantine

Content Classification

X-GEN-D-SizeLarge: 0
X-GEN-D-Size: 3498

SizeLarge is 1 when the size of the email is considered 'Large' as in greater than 8MB which for an email IS LARGE. Of course these days spammy footers can break this boundary but they really shouldn't.

X-GEN-D-Plaintext: 1
X-GEN-D-Html: 0

Does the email have a plain text and/or a html section? Email's should ALWAYS have a plain text section and optionally a html one.

X-GEN-D-HasLinks: 0
X-GEN-D-HasRiskyLinks: 0

Does the email contain links to websites? and HasRiskyLinks detects links to unsecured sites like http://xxxxx.com which should be considered high risk. You can use this header to add warnings to the top of the body or even in the subject line.

X-GEN-D-AttachOther: 0
X-GEN-D-AttachMedia: 0

Indicates if there are attachments, and breaks these down into Media (sound, video, image) or Other (not sound media and images). It is worth considering that AttachOther brings with it far more risk than AttachMedia.

X-GEN-MDN: normal

Indicates the type of message. The following are possible types:

dsn - delivery status notification
mdn - Message disposition notification (RFC 3798)
auto_reply - RFC3834
ndr - Non delivery report (from patterns in headers)
read_receipt - from patterns in headers (less reliable)
system_message - using common patterns in the from address
bulk - using precedence headers.
delivery_confirmation - using patterns in subject lines

Route Classification

X-GEN-D-Internal: 0
X-GEN-D-External: 1
X-GEN-D-From-Domain: icloud.com
X-GEN-D-To-Domain: gen.uk
X-GEN-D-Family: 0

Internal indicates that both from and to are the same domain, this can be used to add an 'EXTERNAL' or 'OPEN WITH CARE' warning to the subject line, or the email body. The To and From domains are also provided in case you want to do smart routing based on either. Family indicates that the email is travelling two and from domains that GEN manage.

Security Classification

X-GEN-D-PGP: 0
X-GEN-D-SMIME: 0

Indicates the presence of a PGP signature and keys, or an S/MIME certificate. Can be used with other headers to do smart checks (e.g. From-Domain: geezer.com and PGP: 1 or reject)