What is Email Header?

Definition of Email Header

A header is the section of code

attached to each email, containing

information about; from where the e-

mail came and how the message

reached its destination.

Preview of Email Header

Types of Email Header

1. Partial Header.

2. Full Header.

What is Partial Header?

Partial header is the most eminent in our daily

task, such header contains:-

i. From address.

ii. To address.

iii. Subject.

iv. Date and time.

v. reply to Add.

vi. CC & BCC.

What is Full Header?

Compared to a partial header, a full header there is more

technical information that a user can check in their email

with:

Different email program revealing extended headers.

HaltAbuse.org (the utility website used to catch

unauthorized header)

Goal of Email Header Analysis

Blocking spammers.

Solving problems related to message delivery or receipt.

Surpassing troubleshoot issue invoking fake

“from” address.

Contents of an Email Header

1. MSG ID:-Automatic generated field and prevent multiple

delivery.

2. In-Reply To Msg:-Used to link related message together.

3. To:-It is a part of the email header plus depicting the

recipient.

4. Subject:-A brief summary of the message topic.

5. BCC:-Blind carbon copy, address added to the SMTP

delivery list but not listed in the message data and

invisible to others.

6. CC:- Many email clients will mark email in one inbox

differently depending on whether they are in the To:

or CC list.

7. Content Type:-Information about how message is

displayed.

Usually MIME type.

8. SMTP:-Defines the trace information of a message which is also

saved in the header by using these field.

i) Received-When an SMTP server accepts a message it inserts

in the trace record at the top of header.

ii) Return-Path-When the delivery of SMTP server makes the

final delivery of message, it inserts this field at the top of the

header.

9. Precedence:-To prevent vacation(junk) notice from being

sent to all other subscribers of a mailing list.

10. Reply To:-Address that should be used to reply to the

message.

11. Sender:-Address of the actual sender acting on behalf of

the author listed in the form file(secretary, list manager, etc).

12. Archived:-A direct link to the archived, from an

individual email message.

Role of Email Header for Email Investigator

Investigate possible spoofing and determine the source of

the forensic image.

Analyze timestamp along with the delivery route and identify

the source of any delay.

Examine any of the mail servers in the path to see if they

are on a blacklist.

Review spam assassin score.

Conclusion

Whenever user receives an email, they typically pay

attention on from address, subject line and body of the

message, there are a number of information available

“under the hood” of each email. For depth analysis

regarding email header Try MailXaminer