What can email headers tell you?
This guide is provided to learn how to read and understand an email header. To understand an email header, we need to analyze the life of the email. Most of the time, it appears that email is passed directly from the sender directly to the recipient. This isn't necessarily true: A typical email passes through at least four computers. Show
To begin you will need to find your full email header. You can find instructions at: How to View Email Headers. Advanced Support can help! Need further assistance with your server? Help is available via Advanced Support, our premium services division. For more information on what Advanced Support can do for you, feel free to click here. How to view an email subheaderIn this example, the "Sender" [email protected] wants to send an email to the "Receiver" [email protected]. The sender composes the email at gmail.com, and [email protected] receives it in the email client Apple Mail. Here is the example header: From: Media Temple user ([email protected]) How to analyze an email headerCAUTION: It is important to know that when reading an email header every line can be forged, so only the Received: lines that are created by your service or computer should be completely trusted. From
Subject
Date
To
Return-Path
Envelope-To
Delivery Date
Received
Dkim-Signature & Domainkey-Signature
Message-id
Mime-Version
Content-Type
X-Spam-Status
X-Spam-Level
Message Body
Finding the Original SenderThe easiest way for finding the original sender is by looking for the X-Originating-IP header. This header is important since it tells you the IP address of the computer that had sent the email. If you cannot find the X-Originating-IP header, then you will have to sift through the Received headers to find the sender's IP address. In the example above, the originating IP Address is 10.140.188.3. Once the email sender's IP address is found, you can search for it at http://www.arin.net/. You should now be given results letting you know to which ISP (Internet Service Provider) or webhost the IP address belongs. Now, if you are tracking a spam email, you can send a complaint to the owner of the originating IP address. Be sure to include all the headers of the email when filing a complaint. What is the main advantage of viewing an email header?An email header provides information about the sender and receiver of a message. Not to mention, the message route can help users check whether or not the message is legitimate and safe. Understanding the metadata of an email header helps to avoid malicious attacks.
What is the message header and what can you learn from it?It describes the return-path of the message, where the message needs to be delivered or how one can reach the message sender. If the message is not delivered, then the mail server will send the message to the specified email address.
|