What is Email Header?
Jul 13, 2015
What is Email Header?
Definition of Email Header
A header is the section of code
attached to each email, containing
information about; from where the e-
mail came and how the message
reached its destination.
Preview of Email Header
Types of Email Header
1. Partial Header.
2. Full Header.
What is Partial Header?
Partial header is the most eminent in our daily
task, such header contains:-
i. From address.
ii. To address.
iii. Subject.
iv. Date and time.
v. reply to Add.
vi. CC & BCC.
What is Full Header?
Compared to a partial header, a full header there is more
technical information that a user can check in their email
with:
Different email program revealing extended headers.
HaltAbuse.org (the utility website used to catch
unauthorized header)
Goal of Email Header Analysis
Blocking spammers.
Solving problems related to message delivery or receipt.
Surpassing troubleshoot issue invoking fake
“from” address.
Contents of an Email Header
1. MSG ID:-Automatic generated field and prevent multiple
delivery.
2. In-Reply To Msg:-Used to link related message together.
3. To:-It is a part of the email header plus depicting the
recipient.
4. Subject:-A brief summary of the message topic.
5. BCC:-Blind carbon copy, address added to the SMTP
delivery list but not listed in the message data and
invisible to others.
6. CC:- Many email clients will mark email in one inbox
differently depending on whether they are in the To:
or CC list.
7. Content Type:-Information about how message is
displayed.
Usually MIME type.
8. SMTP:-Defines the trace information of a message which is also
saved in the header by using these field.
i) Received-When an SMTP server accepts a message it inserts
in the trace record at the top of header.
ii) Return-Path-When the delivery of SMTP server makes the
final delivery of message, it inserts this field at the top of the
header.
9. Precedence:-To prevent vacation(junk) notice from being
sent to all other subscribers of a mailing list.
10. Reply To:-Address that should be used to reply to the
message.
11. Sender:-Address of the actual sender acting on behalf of
the author listed in the form file(secretary, list manager, etc).
12. Archived:-A direct link to the archived, from an
individual email message.
Role of Email Header for Email Investigator
Investigate possible spoofing and determine the source of
the forensic image.
Analyze timestamp along with the delivery route and identify
the source of any delay.
Examine any of the mail servers in the path to see if they
are on a blacklist.
Review spam assassin score.
Conclusion
Whenever user receives an email, they typically pay
attention on from address, subject line and body of the
message, there are a number of information available
“under the hood” of each email. For depth analysis
regarding email header Try MailXaminer