• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

TechLila

Bleeding Edge, Always

  • Home
  • About
  • Contact
  • Deals and Offers
Techlila Logo
Share
Tweet
Share
Pin
Secure Wi Fi Network
Up Next

How to Secure Your WiFi Network

Email Header Information

TechLila Security

How to Understand Email Header Information?

Avatar of Alexa Jackson Alexa Jackson
Last updated on: June 21, 2018

Emails are the digital messages which can be sent over a network. There can be a sender and multiple receivers. Email use the store and forward model for sending packets. Certain protocols are followed while sending or receiving emails. SMTP is for sending an email and POP/IMAP is for receiving the emails. The mails can be accessed by mail clients or using web browser.

Email Header Information
Image Credit: e-mail symbol via Shutterstock.

Emails send from one computer to another is carried by MTA (Message Transfer Agent). Each time when mail is sent or forwarded the MTA attaches a timestamp along with date and time to the message. Mail server can receive, store, deliver and forward the messages.

See Also: Techniques and Tools for Forensic Investigation of Email

An email is composed of three components message envelope, message header and message body. Message Envelope is the wrapping around the Email content and is used for routing the packets. Message body contains the actual content of the mail and the attachments. Message header consists of information like sender, receiver, date, time, etc.

Explore Header Information

An Email header consists of vital information like sender, receiver, return path, subject, CC, date, Message-ID, Content-Type etc. Here is an example of email header with common attributes in it.

[html]
Return-Path: [email protected]
Received: from abcabc (Unknown [192.168.2.67])
by email1.xyz.in with ESMTPA
; Mon, 13 Jul 2015 18:04:33 +0530
From: “ABC “<[email protected]>
To: <[email protected]>,
<[email protected]>,
Cc: <[email protected]>,
<[email protected]>,
Subject: Schedule Sheet July 14 2015 Tuesday
Date: Mon, 13 Jul 2015 18:06:36 +0530
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary=”—-=_NextPart_000_00B5_01D0BD96.A902C720″
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AdC9aHd9Jc+d/OIUTWOX3WVE85ug1w==
Content-Language: en-us
[/html]

  • Return path: When final delivery of the message is done by the SMTP server this information is inserted at the top of the header message.
  • Received: This is the track record of the message inserted by the SMTP server and it is also in the top of the header part.
  • From: The email address and the name of the sender. The name is optional.
  • To: The recipients of the email along with their email addresses.
  • Cc (Carbon Copy): They are the secondary recipients of the email.
  • Subject: It is the brief description about the contents in the message.
  • Date: The local date and time at which the email was created by the sender.
  • Message-ID: This is an automatic generated code for preventing the multiple delivery of messages and is unique for every message.
  • MIME Version: The version of MIME used and here it is Version 1.0.
  • X-Mailer: The name along with the version of the mail client used for emailing. Here it is Microsoft Outlook 15.0.
  • Thread Index: This is an exclusive entry in email header by Microsoft Outlook to track the messages.
  • Content Language: The language used, here it is US English.

SEE ALSO: Outlook vs Gmail

These are the common attributes in an email header. Some more fields such as Message-ID, ENVID, List-ID, DKIM Signature, etc. can be found. The DKIM signature contained in the header holds all the header and key fetching data. It includes messages and domain signatures. The ENVID (Envelope Identifier) is the identifier to message content and transfer. Various identity fields are included in the email header which can serve the deep analysis of an email.

Reading Email header information from the bottom to up makes a clear idea about the email. The received field shows the name and IP address of the sender so that the complete details can be traced from IP. The tracking of email header can prevent Spam messages. Email Tracer tools are available to analyze the email header. The vivid information held by the email header makes it valuable for an email investigator.

Share
Tweet
Share
Pin

Disclosure: Content published on TechLila is reader-supported. We may receive a commission for purchases made through our affiliate links at no extra cost to you. Read our Disclaimer page to know more about our funding, editorial policies, and ways to support us.

Sharing is Caring

Share
Tweet
Share
Pin
Avatar of Alexa Jackson

Alexa Jackson

    Alexa is a Digital Forensic Investigator who does forensics investigation in the global scale. She has extensive experience in Email analysis. She has been a trainer and researcher in the field of email forensics for many years. She is an expertise to analyze the forged email headers from the chunks of emails.

    Category

    • Security

    Tags

    Online Security

    Reader Interactions

    What people are saying

    1. Avatar of SurajSuraj

      Hi,

      I have one question. If we send the mail, IP address and timestamp are sent via MTA (Message Transfer Agent), but there are some fake mail sender where IP is not sent how we can track them?

      Reply
      • Avatar of JulienJulien

        The original sender IP is not required in mail headers. It is added by messaging softwares or MTAs. Making your own SMTP request will not include your IP.
        In my country, the main ISP (Orange) MTA add an X-Originating-IP in every mail sent. But this their MTA behavior, to avoid spammers.
        For this reason I never use their SMTP and prefer install my own dedicated postfix environment. Then my own IP is never shown, only my VPS outgoing IP, event if the mail was relayed 2-3-4-… times before by MX backups

        In addition, if you want to drop some headers on the fly by using a postfix relay on a VPS, you can use the postfix header checks directive to remove crap like :
        /^Received: from 127.0.0.1/ IGNORE
        /^Received: from localhost.localdomain/ IGNORE
        /^Received: from localhost/ IGNORE
        /^X-Originating-IP: / IGNORE
        /^X-Mailer: / IGNORE
        …

        Reply
      • Avatar of Alexa JacksonAlexa Jackson

        Hi,

        To track the emails sent by fake mailers, you need to dig in the message – id; an attribute that is available inside the email headers.

        Regards

        Reply
    2. Avatar of BhumiBhumi

      Thanks for sharing. very informative.

      Reply
    3. Avatar of TeresaTeresa

      My husband and I share an email address, I noticed that I was not getting some of the emails on my laptop that he gets on his phone, like local dating sites and other social media email.how and why would that be?

      Reply
      • Avatar of Rajesh NamaseRajesh Namase

        Might be he is deleting those emails immediately.

        Reply

    Add Your Comment Cancel reply

    Your email address will not be published. Required fields are marked *

    Primary Sidebar

    Popular

    How to Increase Broadband Speed on Windows

    10 Best Android Launchers of 2021

    Things to Do After Installing Windows 10 – Windows 10 Tips and Tricks

    Top 10 Search Engines You Can Use to Search the Web Privately

    55 Interesting Computer Facts That Will Blow Your Mind

    What to Look for When Buying a Laptop – A Laptop Buying Guide

    Fusion Drive Vs SSD – Things Nobody Tells you About Fusion vs SSD Storage

    Useful Tools

    • Grammarly – Free Grammar Checker
    • SEMrush – The Best SEO Tool Trusted by Experts
    • Setapp – One-stop subscription for Mac and iOS

    Trending Topics

    • Android
    • Internet
    • iPhone
    • Linux
    • Macintosh
    • Security
    • Social Media
    • Technology
    • Windows

    Worth Checking

    10 Best Sound Equalizer for Windows 10 (2022 Edition!)

    14 Best VLC Skins that are Highly Recommended and Free

    Footer Logo Footer Text Logo

    Footer

    About

    Hello and welcome to TechLila, the famous technology blog where you can find resourceful articles for mastering the basics and beyond.

    At TechLila, our main goal is to provide unique information, such as quality tips and tricks, tutorials, how-to guides on Windows, Macintosh, Linux, Android, iPhone, Security and a few miscellaneous sub-topics such as reviews.

    Links

    • About
    • Contact Us
    • Disclaimer
    • Privacy Policy
    • Terms

    Follow

    Custom Theme Using Genesis Framework

    Cloud hosting by Cloudways

    Language

    en English
    bg Българскиzh-CN 简体中文nl Nederlandsen Englishtl Filipinofr Françaisde Deutschid Bahasa Indonesiait Italianoja 日本語pl Polskipt Portuguêsro Românăru Русскийsr Српски језикes Españolsv Svenskatr Türkçeuk Українськаvi Tiếng Việt

    © Copyright  2012–2023 TechLila. All Rights Reserved.