Track Messages in Office 365

At times, you may need to find out what happened to an email that was processed by your Office 365 service. Exchange Online provides the ability to trace messages for up to 90 days from the date they were processed.

To perform message traces, you will need to have either the Help Desk, Compliance Management or Organization Management roles or greater.

Start a Message Trace

Message traces can be started in the Security & Compliance Center for your Office 365 service.

Log into your Office 365 Security & Compliance Center: https://protection.office.com
Go to ‘Mail Flow > Message trace’

Select Start a trace

Select the conditions for search you want to perform:

By these people – the email address or user that sent the email
To these people – The email address(es) or user(s) who received the emails
Within this time range – The timescale to perform the search against

Press Search

Note: If you attempt to perform a search that goes back past 10 days, your trace will be requested and you will need to return back to download it once it has completed. An email notification will be sent to confirm once this has completed.

Understanding Message Traces

Message traces can show a lot of information about an email. Some of the information that may not be immediately obvious is described below.

Message Status

Status	Meaning
Delivered	The email was delivered to the specified mailbox or recipient server
Pending	The email has not yet been delivered – The delivery will be re-attempted
Expanded	The email was sent to a group and was distributed to that group’s members
Failed	The email was not delivered – The Message Events will show more information
Filtered as Spam	The email was handled as spam – Depending on your settings, this will either routed to Junk or rejected
Quarantined	The email is held by the Exchange Online Quarantine service and is pending release
Getting Status	The email is still being processed by Office 365, the status will be updated shortly – The email may have already been delivered

Message Events

Event	Meaning
Receive	The email was received for processing by the Exchange Online service
Send	The email was sent on by the Exchange Online service
Fail	The email could not be passed on to the next step – An error message will confirm the reason for this
Deliver	The email was delivered to the recipient mailbox
Expand	The email was sent to a group and was distributed to that group’s members
Defer	The email delivery was delayed – An error message will show the reason for the delay
Resolved	The recipient address was updated – Generally occurs when an email is sent to an alias

More Information

Field	Meaning
Message ID	A unique identifier for the email
From IP	The IP address of the source of the email as it is passed to Office 365
To IP	The IP address of the next hop the email was passed to

Start a Message Trace

Understanding Message Traces

Message Status

Message Events

More Information

Related Articles Domain Authentication in Office 365 Manage Groups in Office 365 Change Email Size Restrictions in Office 365 Add Shared Mailboxes in Office 365 Apply Mailbox Forwarding in Office 365 Was this article helpful? Thank you for your feedback!

Related Articles

Domain Authentication in Office 365

Manage Groups in Office 365

Change Email Size Restrictions in Office 365

Add Shared Mailboxes in Office 365

Apply Mailbox Forwarding in Office 365

Was this article helpful?

Thank you for your feedback!