Search code examples
microsoft-graph-apimicrosoft-graph-mail

How to get Sender IP using Microsoft Graph API?


I have been trying to get Sender IP from the response provided by the following :-

GET https://graph.microsoft.com/v1.0/me/messages/AAMkADhAAAW-VPeAAA=/?$select=internetMessageHeaders.

The response which I get has multiple Receiver tags as shown below :-

{
    "@odata.context":"<some-value>",
    "@odata.etag":"<some-value>",
    "id":"<some-value>",
    "internetMessageHeaders":[
        {
            "name":"MIME-Version",
            "value":"1.0"
        },
        {
            "name":"Content-Type",
            "value":"multipart/report"
        },
        {
            "name":"x-custom-header-group-name",
            "value":"Washington"
        },
        {
            "name":"x-custom-header-group-id",
            "value":"WA001"
        },
        {
            "name":"Receiver",
            "value":"<some-ip>"
        },
        {
            "name":"Receiver",
            "value":"<some-ip>"
        },

    ]
}

How do I get the actual origin Sender IP of the Mail using Graph API?

Is there any other way of getting the Sender IP using Graph API apart from the method mentioned above?


Solution

  • The Graph API response looks something similar to the following and the Authentication-Results gives me the relevant origin Sender IP -

    {
        "@odata.context":"<some-value>",
        "@odata.etag":"<some-value>",
        "id":"<some-value>",
        "internetMessageHeaders":[
            {
                "name":"MIME-Version",
                "value":"1.0"
            },
            {
                "name":"Content-Type",
                "value":"multipart/report"
            },
            {
                "name":"x-custom-header-group-name",
                "value":"Washington"
            },
            {
                "name":"x-custom-header-group-id",
                "value":"WA001"
            },
            {
                "name":"Receiver",
                "value":"<some-ip>"
            },
            {
                "name":"Receiver",
                "value":"<some-ip>"
            },
            {
                "name":"Authentication-Results",
                "value":"spf=pass (sender ip is <some-ip>)...,"       
            }
        ]
    }
    

    Now, all you need is a regex to extract -

    1. Get the value present in Authentication-Results
    2. Use the Regex - \d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3} to extract IP, use the first occurence of the match with regex.