Stop guessing if a sender is safe. This automation checks Outlook emails or raw headers from a webhook and returns a clear security report. It helps IT and support teams screen new messages fast and with confidence.

Under the hood, it listens for new emails in a chosen Outlook folder or accepts a POST to a webhook. It pulls full headers with Microsoft Graph, keeps the most recent Received line, and extracts the public sender IP. It then checks IP reputation with IPQualityScore and adds location and network data from IP API. It also looks for Authentication Results, SPF, DKIM, and DMARC, sets each to pass, fail, neutral, error, or not found, and merges everything into one JSON response for your system.

Setup is simple. Connect Outlook with OAuth, add your IPQualityScore API key, and activate the webhook. Teams cut manual header checks from many minutes to under one minute per message. Use it for security triage, fraud review in support, and screening cold outreach before it reaches your CRM.

• Monitors a selected Outlook folder and detects new emails every minute.
• Accepts POST requests to a webhook for header analysis from third party systems.
• Retrieves full internet headers via Microsoft Graph for each email.
• Finds the latest Received header and extracts the public sender IP while skipping private ranges.
• Checks IP reputation and risk with IPQualityScore and adds location and network data from IP API.
• Parses Authentication Results and also checks SPF DKIM and DMARC headers directly.
• Classifies each auth result as pass fail neutral error or not found.
• Merges all findings into a clean JSON payload for downstream apps.
• Sends a structured response back to the caller through Respond to Webhook.

• Reduce manual header review from 15 minutes to under 1 minute per email
• Automate over 90 percent of repetitive sender checks
• Improve decision accuracy by using SPF DKIM DMARC and IP reputation
• Handle 10 times more inbound messages without extra staff
• Connect Outlook with reputation and geo data in one flow

1. Import the template into n8n: Create a new workflow in n8n > Click the three dots menu > Select 'Import from File' > Choose the downloaded JSON file.
2. You will need accounts with Microsoft Outlook, IPQualityScore and IP API. See the Tools Required section above for links to create accounts with these services.
3. In the n8n credentials manager, create a Microsoft Outlook OAuth credential. If unsure, double click the Outlook nodes and in the Credential to connect with menu choose Create new credential and follow the on screen steps.
4. Open the Trigger on New Email node. Choose the Outlook credential, select the target mailbox folder, and keep the polling interval set to every minute.
5. Open Retrieve Headers of Email and confirm it uses the same Outlook credential. The request should return internetMessageHeaders.
6. Create an IPQualityScore API key in your IPQualityScore account. In n8n, open the Query IP Quality Score API node and add the API key to the URL or credential field as required.
7. No key is required for IP API. Ensure the Query IP API node points to the default http endpoint with the sender IP variable.
8. Open the Webhook node and copy the Production URL. Activate the workflow so the webhook can receive requests.
9. Send a test email into the monitored Outlook folder. Check the execution to verify headers were retrieved and the sender IP was extracted.
10. Test the webhook by posting a JSON body that includes a headers array. You can use Postman or any tool that can send HTTP requests.
11. Confirm the output from Respond to Webhook includes SPF DKIM DMARC results, IP reputation, and geo data. Adjust folder filters or regex in the Extract Original From IP step if no public IP is found.
12. If results are missing, verify the email actually contains Authentication Results or SPF DKIM DMARC headers. Some forwarded emails strip headers, so test with direct messages first.