About the importance of Email, it is in everyone’s knowledge the role it plays in our daily life. Imagine a world where there is no tool like Email. It would be horrifying and painstaking job to communicate what we do, presently with a simple click.
We all understand the utility factor attached to the Email. It is one of the fastest, reliable and personalized modes of communication. But it has been found very few understand the nuts and bolts of this communication. We merely compose, or attached what we want to communicate and send it. That’s what it has been found.
At this time when Email is progressively used for business and for many purposes, not to mention it is being used for phishing and other malicious intentions. It is of utmost priority to understand the other “messages” besides what has been sent or received by you.
Every email comes with a “Header” which is one part of an e-mail structure; call it DNA of the mail. It carries the basic fundamental information such as from whom the email comes, to whom it is addressed, date/time it was sent and the subject of the email. It is similar to an electronic postSeptemberk. Moreover, it also carries other detailed information which we usually don’t see.
This basic information comes in all brief/basic headers that most email programs automatically shows. This detail technical information can be viewed in a full header. All email programs can be set to show only brief header or full header and it is up to the users to set the program whether to view only “brief header” or “full header”.
Full header carries the information of the mail server’s name that the email passed through on its way to the recipient, and sender’s IP address and even the name of the email program and its version used.
Knowledge of this information is essential for analysis and investigation purposes on cases involving email abuse, spamming, harassment, forgeries and mail-bombing. It is worth mentioning, understanding of this tool would definitely help people to counter these attacks, and save themselves from unwarranted consequences. Well, this information could not be found in a brief header.
Here we will take the case of Google mail and Yahoo mail to find out the full header.
Google Mail.
Using your id/password, login to Gmail.
Open the mail for which you wish to find the full header of the sender.
Click on the inverted triangle placed just next to Reply.
You will get something like this…
Delivered-To: [email protected]
Received: by 10.36.81.3 with SMTP id e3cs239nzb; Tue, 12 September 2007 15:11:47 -0800 (PST)
Return-Path:
Received: from mail.emailprovider.com (mail.emailprovider.com [111.111.11.111]) by mx.gmail.com with SMTP id h19si826631rnb.2007.03.12.15.11.46; Tue, 12 September 2007 15:11:47 -0800 (PST)
Message-ID:
Received: from [11.11.111.111] by mail.emailprovider.com via HTTP; Tue, 12 September 2007 15:11:45 PST
Date: Tue, 12 September 2007 15:11:45 -0800 (PST)
From: Mr Jones
Subject: Hello
To: Mr Rakesh
In the example, headers are added to the message three times:
1. When Mr. Jones composes the email
Date: Tue, 12 September 2007 15:11:45 -0800 (PST)
From: Mr Jones
Subject: Hello
To: Mr Rakesh
2. When the email is sent through the servers of Mr. Jones’ email provider, mail.emailprovider.com
Message-ID:
Received: from [11.11.111.111] by mail.emailprovider.com via HTTP; Tue, 12 September 2007 15:11:45 PST
3.When the message transfers from Mr. Jones’ email provider to Mr. Rakesh’s Gmail account
Delivered-To: [email protected]
Received: by 10.36.81.3 with SMTP id e3cs239nzb;Tue, 12 September 2007 15:11:47 -0800 (PST)
Return-Path: [email protected]
Received: from mail.emailprovider.com (mail.emailprovider.com [111.111.11.111]) by mx.gmail.com with SMTP id h19si826631rnb; Tue, 12 September 2007 15:11:47 -0800 (PST)
Below is a description of each section of the email header:
Delivered-To: [email protected]
The email address the message will be delivered to.
Received: by 10.36.81.3 with SMTP id e3cs239nzb;
Tue, 29 Mar 2005 15:11:47 -0800 (PST)
The time the message reached Gmail’s servers.
Return-Path:
The address from which the message was sent.
Received: from mail.emailprovider.com
(mail.emailprovider.com [111.111.11.111])
by mx.gmail.com with SMTP id h19si826631rnb.2005.03.29.15.11.46;
Tue, 29 Mar 2005 15:11:47 -0800 (PST)
The message was received from mail.emailprovider.com, by a Gmail server on March 29, 2005 at approximately 3 pm.
Message-ID: [email protected]
A unique number assigned by mail.emailprovider.com to identify the message.
Received: from [11.11.111.111] by mail.emailprovider.com via HTTP;
Tue, 29 Mar 2005 15:11:45 PST
Mr. Jones used an email composition program to write the message, and it was then received by the email servers of mail.emailprovider.com.
Date: Tue, 29 Mar 2005 15:11:45 -0800 (PST)
From: Mr Jones
Subject: Hello
To: Mr Rakesh
The date, sender, subject, and destination — Mr. Jones entered this information (except for the date) when he composed the email.
And for IP, look for Received:from followed by the IP within square brackets [ ] e.g.
Received: from [11.11.111.111] by mail.emailprovider.com via HTTP; Tue, 12
Also importantly, there are times when you might find multiple Received: from entries, in that case, please select the last one as the valid choice.
Yahoo Mail… Read