|
Every email message contains two types of headers. You're probably familiar with the partial headers that contain the most basic information (sender, recipient, and subject). If you want to know more, you'll have to view the extended headers.
To read an email header, first you must find it. Different email clients hide headers in different ways.
View headers in Outlook and Outlook Express
Click File.
Choose Properties.
Select the Details tab.
View headers in Outlook 98
Click View menu
Select Options.
Extended headers will be under Internet Headers.
View headers in Netscape Mail
Click View.
Choose Headers.
Select All.
View headers in Eudora
Click Tools.
Choose Options.
Select Fonts & Display.
Make sure the Show All Headers box is checked.
In newer versions of Eudora just click the BLAH button on your toolbar.
From top to bottom, here's what your email header means.
Return-Path: larry@aol.com
The sender's address.
Received: from
This header contain the sender's name and the reverse-DNS lookup of the sender's IP address. A new "received: from" is added at each place the message passes along the way.
If I send a message to you, it will contain information from my machine, my mail server's machine, your mail server's machine, your machine, and any machine it visited in between. The newest received line is always placed on top. Follow this path to learn more about where your message has been.
Spammers can forge some of these headers, but it's pretty tough to forge all of them. If you think you're the victim of a forgery, check for discrepancies. The bottom line will usually be the real origination.
with SMTP id KAA10292
This means that the system uses Simple Mail Transfer Protocol to send messages. Most email systems use
SMPT. The machine uses the id number to track messages. Network administrators use this id number to find messages in the log files.
Fri, 20 Oct 2000 10:36:53 -0700 (PDT)
This is the time when the servers communicated with one another.
X-Sender or X-Mailer
These headers represent more layers of authentication. Since these features are optional and are added by the user, spammers and hackers can tamper with them.
Mime-Version: 1.0
Mime stands for Multipurpose Internet Mail Extensions. It lets you exchange audio, video, images, and other attachments via email.
Content-type: text/plain; charset=us-ascii
This part of the header tells you what kind of attachments the message contains. The example above means I've sent an ASCII attachment.
Everything I listed above can be forged, but not as easily as simply forging your email's return address.
Good luck with your detective work.
|
