INFORMATION SECURITY - E-MAIL HEADERS


If you have contacted support for help with a spam or other email-related issue, you may have been asked to provide full header information for the email in question.

Full headers are more than the "From" and "To" lines your email client displays at the top of your email messages. The full headers contain a lot of information, including every hop a message has taken across the Internet to get from its sender to you, its final recipient.

Full email headers look something like this:

Received: from antivirus1.its.rochester.edu (antivirus1.its.rochester.edu [128.151.57.50])
by mail.rochester.edu (8.12.8/8.12.4) with ESMTP id h2OGQs9o002563;
Mon, 24 Mar 2003 11:26:54 -0500 (EST)
Received: from antivirus1.its.rochester.edu (localhost [127.0.0.1])
by antivirus1.its.rochester.edu (8.12.8/8.12.4) with ESMTP id h2OGQrQx003450;
Mon, 24 Mar 2003 11:26:54 -0500 (EST)

Received: from galileo.cc.rochester.edu (galileo.cc.rochester.edu [128.151.224.6])
by antivirus1.its.rochester.edu (8.12.8/8.12.4) with SMTP id h2OGQrDC003447;
Mon, 24 Mar 2003 11:26:53 -0500 (EST)
Received: (from majord@localhost)
by galileo.cc.rochester.edu (8.12.8/8.12.4) id h2OGQq91029757;
Mon, 24 Mar 2003 11:26:52 -0500 (EST)
Date: Mon, 24 Mar 2003 11:26:50 -0500 (EST)
From: somesender@mail.rochester.edu
Message-Id: <200303241626.h2OGQojt002507@mail.rochester.edu>
To: someuser@its.rochester.edu
Subject: My mail message is about:

This data of where the message has actually come from can be very valuable in tracking down the real origin of an email. Email can be forged fairly easily, but every email will always be marked with the true IP address of the sending host. The trick is in getting your email client to display these lines so that you can analyze them yourself or forward them on to your support staff.

A full header does NOT look this this:

------------Example Incomplete Header------------
Date: Fri, 29 May 03 08:53:48 EST
From: MyFriend@friendly.com
Subject: NEW! 600K Hot List... No AOL
Reply-To: yourfriend@nowhere.com
----------End Example Incomplete Header----------

The following list of email clients and applicable modes of header display were borrowed from
http://www.owlriver.com .

How to display the full headers in various email programs:
Netscape 4.x for PC / MAC:
Select the message in question.
Double-click on the mail message to open it.
Click on the "View" option on the main toolbar, then select "Header," and then "Full."

Netscape 3.x for PC / MAC:
Select the message in question.
Click on the "Options" option in the main toolbar, then select "Show Headers," and then the "All."

Microsoft Outlook 97/98/200x for PC:
Open message in Full-View (you double-click on the message in the "Message Listing" pane.)
Left-click on the "View" menu and select "Options", “Internet Headers”.

Microsoft Outlook Express for PC
Select the message in question.
Click on the "File" menu and select "Properties".
Click on the "Details" tab on the top of the window.

Eudora Light / Pro 3.x for PC
Select the message in question.
Double-click on the message to open it.
Find the message button bar. This is not the main toolbar, but the button bar immediately above the message text pane of the message viewer.
Click on the "Blah Blah Blah" button on this toolbar.

Microsoft Outlook Express for MAC:
Select the message in question.
Click on the "View" option on the main toolbar.
Select the "Show Internet Headers" option.

Microsoft Mail and News for MAC:
Click on "Edit" on the main toolbar.
Select "Preferences."
Click on the "Display" option on the left-hand pane of the "Preferences" menu.
Click on the checkbox next to "Show message headers in message windows."

Eudora Light 3.x for MAC:
Select the message in question.
Double-click on the message to open it.
Find the message button bar. This is not the main toolbar, but the button bar immediately above the message text pane of the message viewer.
Click on the "Blah Blah Blah" button on this toolbar.

Pegasus Mail 2.x for MAC:
Click on "File" on the main toolbar.
Select "Preferences," and the suboption "General Preferences."
Click on the checkbox "Show all headers when reading messages."

For more information on headers and email, try these pages:
http://www.stopspam.org/email/headers/headers.html
http://spamcop.net/fom-serve/cache/19.html  
© Copyright 2014, Our Lady of the Lake University, 411 S.W. 24th St., San Antonio, TX 78207 | Tele: 210-434-6711