Schedule a Call
Schedule a Call

← Back to All Workflows

Analyze Outlook Email Headers with n8n Automation

This workflow automates the analysis of Outlook email headers to identify sender IP, check SPF, DKIM, and DMARC authentication results, and assess IP reputation. It helps detect spam and verify email legitimacy efficiently.
microsoftOutlookTrigger
httpRequest
code
+9
Workflow Identifier: 1132
NODES in Use: microsoftOutlookTrigger, httpRequest, code, limit, set, if, merge, aggregate, noOp, respondToWebhook, webhook, stickyNote

Press CTRL+F5 if the workflow didn't load.

BULDRR AI
Learn how to Build this Workflow with AI:

Visit through Desktop for Best experience

What This Workflow Does

This workflow looks at email headers from Outlook emails. It finds the original sender’s IP address and checks if the IP is safe or risky. It also checks if the email passed security tests like SPF, DKIM, and DMARC. The final result shows clear info about the email’s origin and security status. This helps users find bad emails faster and easier.

Who Should Use This Workflow

This is good for anyone who wants to check emails deeply without doing slow manual work. It is especially useful for users who get many suspicious emails and want faster, better detection of phishing risks. It helps people working with Outlook who need clear reports on sender IP and email security checks.

Tools and Services Used

  • Microsoft Outlook OAuth Credentials: To access emails and headers via Microsoft Graph API.
  • n8n Automation Platform: Builds and runs the workflow logic.
  • IP Quality Score API: Checks IP addresses for fraud and spam risk.
  • IPAPI HTTP API: Gives location and organization info of IP addresses.
  • Microsoft Graph API: Gets email headers from Outlook.

Beginner Step-by-Step: How To Use This Workflow in n8n

Import the Workflow

  1. Download the workflow file using the Download button on this page.
  2. Open the n8n editor where workflows are created.
  3. Click “Import from File” and select the workflow file.

Setup Required Credentials and IDs

  1. Add Microsoft Outlook OAuth credentials under n8n Credentials section.
  2. Enter the IP Quality Score API Key in the relevant HTTP Request node URL.
  3. If needed, update email folder IDs, emails, or webhook URLs in the nodes.

Test and Activate

  1. Run the workflow once by triggering or calling the webhook to confirm it works.
  2. Check outputs to see if IPs and authentication data are correct.
  3. When happy, activate the workflow for ongoing use.

These simple steps let users deploy the workflow quickly. Adjustments are minimal and easy to do.

For users running n8n on their own system, check self-host n8n resources to support smooth operation.

Inputs, Processing Steps, and Output

Inputs

  • New email arrives in Outlook folder (optional trigger).
  • Email ID pulled from trigger or webhook call.

Processing Steps

  • Call Microsoft Graph API to get full email headers.
  • Extract the headers array and filter to find all “Received” headers.
  • Keep only the last “Received” header which has the originating IP.
  • Use regex to find an external IP address, skip internal/private IPs.
  • Check if an IP was found; if not, stop processing.
  • Call IP Quality Score API for fraud and spam risk info about the IP.
  • Call IPAPI to get location and company data of the IP.
  • Check if “Authentication-Results” header is present to get SPF, DKIM, DMARC results.
  • If missing, check “Received-SPF”, “DKIM-Signature”, and DMARC headers separately.
  • Parse the headers to set pass/fail or missing statuses for SPF, DKIM, DMARC.
  • Combine all info into a structured JSON object.

Output

  • JSON object showing:
  • Sender IP address.
  • IP organization, city, country.
  • IP risk scores (fraud, spam, abuse).
  • SPF, DKIM, DMARC pass/fail status.
  • Ready for use by other apps via webhook.

Edge Cases and Failures

  • If no “Received” header with external IP is found, the process stops early.
  • IP extraction fails if regex does not match uncommon IP formats.
  • Missing “Authentication-Results” header triggers fallback to checking individual authentication headers.
  • API errors or rate limits may cause missing reputation or location data.
  • Webhook does not reply if the workflow is not active.

Users should test with multiple example emails to catch these cases.

Customization Ideas

  • Change Outlook folder in the trigger node for different email sources.
  • Adjust IP Quality Score API parameters for more or less strict risk assessments.
  • Add parsing for other custom email authentication headers if needed.
  • Edit the output JSON format node to match target API or reporting tools.
  • Enable the Outlook trigger node for automated checks instead of only webhooks.

Summary

✓ Checks Outlook email headers deeply.
✓ Extracts original sender IP and filters private IPs.
✓ Queries IP reputation and location data.
✓ Reads SPF, DKIM, and DMARC authentication status.
✓ Outputs clear structured JSON for easy use.
✓ Saves time and reduces manual email checks.
✓ Easy to import and start with minimal setup.

Frequently Asked Questions

The workflow gets the full email headers via Microsoft Graph API and filters for the last “Received” header. It uses a regex to extract the first external IP address while ignoring private IPs.
The workflow checks other headers like “Received-SPF”, “DKIM-Signature”, and DMARC headers separately to determine authentication status when Authentication-Results header is missing.
Yes, by enabling the Trigger on New Email node with correct Outlook folder and OAuth credentials, the workflow runs automatically for each new email.
The workflow requires valid Microsoft Outlook OAuth credentials and an IP Quality Score API Key for IP reputation checks.

2 Months of Sales Navigator 👉 FREE

50+ InMails. Advanced Lead search. First 2 Users only

Get Access

10,000+ n8n Workflows to Download & Learn Building

There’s no automation you can’t learn to build with BULDRR AI.

Start Learning

Automate your LinkedIn Posts

Your posts. Your brand. Fully automated.

📅 Book a Meeting

1:1 - Meeting FREE

I'll show how you can implement AI AGENTS to take over repetitive tasks.

📅 Book a Meeting

Get Self-Host n8n

Why Pay $20/month, When you can Self Host n8n @ $3.99 only

Get +20% Discount

Promoted by BULDRR AI

Learn by Category

Sales →
Productivity →
Social →
Finance →
Marketing →
Content→
Recruitment →
Security →
SEO →
CRM →
Development →
Ecommerce →

Related Workflows

Automate Viral UGC Video Creation Using n8n + Degaus (Beginner-Friendly Guide)

Learn how to automate viral UGC video creation using n8n, AI prompts, and Degaus. This beginner-friendly guide shows how to import, configure, and run the workflow without technical complexity.
Form Trigger
Google Sheets
Gmail
+37
Free

AI SEO Blog Writer Automation Workflows in n8n

A complete beginner guide to building an AI SEO blog writer automation using n8n.
AI Agent
Google Sheets
httpRequest
+5
Free

Automate CrowdStrike Alerts with VirusTotal, Jira & Slack

This workflow automates processing of CrowdStrike detections by enriching threat data via VirusTotal, creating Jira tickets for incident tracking, and notifying teams on Slack for quick response. Save hours daily by transforming complex threat data into actionable alerts effortlessly.
scheduleTrigger
httpRequest
jira
+5
Free

Automate Telegram Invoices to Notion with AI Summaries & Reports

Save hours on financial tracking by automating invoice extraction from Telegram photos to Notion using Google Gemini AI. This workflow extracts data, records transactions, and generates detailed spending reports with charts sent on schedule via Telegram.
lmChatGoogleGemini
telegramTrigger
notion
+9
Free

Automate Email Replies with n8n and AI-Powered Summarization

Save hours managing your inbox with this n8n workflow that uses IMAP email triggers, AI summarization, and vector search to draft concise replies requiring minimal review. Automate business email processing efficiently with AI guidance and Gmail integration.
emailReadImap
vectorStoreQdrant
emailSend
+12
Free

Automate Email Campaigns Using n8n with Gmail & Google Sheets

This n8n workflow automates personalized email outreach campaigns by integrating Gmail and Google Sheets, saving hours of manual follow-up work and reducing errors in email sequences. It ensures timely follow-ups based on previous email interactions, optimizing communication efficiency.
googleSheets
gmail
code
+5
Free
Load More

Browse by Apps

Google Sheets
Chatbot
Airtable
Google Drive
Slack
Notion
Web Scrapping
CRM
Telegram
Calendar
GitHub
Notifications
Messaging
Wordpress
Hubspot
Gmail
Image Generation
File Management
Webhook
SEO
Jira
API Integration
Data Entry
PDF
Linkedin
eCommerce
Outreach