How to read email headers
see also: How to analyze and read a SPAM header...
What is an email header?
The email header is the information that travels with every email, containing details about the sender, route and receiver. It is like a flight ticket: it can tell you who booked it (who sent the email), the departure information (when the email was sent), the route (from where it was sent and how did it arrive to you) and arrival details (who is the receiver and when it was received). As when you would book a flight ticket with a false identity, the same goes for emails: the sender can partially fake these details, pretending that the email was sent from a different account (common practice for spammers or viruses).
How do I see an email header?
It depends on your email client. Here is a comprehensive list of email client programs and methods to see the email headers.
How to interpret email headers?
Starting from the assumption that you want to read an email header because you want to know who really sent it, let's take an example (we will ignore the header tags that do not give precise information about the sender).
The following email was received by firstname.lastname@example.org and we want to see who the sender is. Here is the email header of the message:
As you may already noticed, there are three paragraphs starting with the Received tag: each of them was added to the email header by email servers, as the email travelled from the sender to the receiver. Since our goal is to see who sent it, we only care about the last one (the blue lines).
By reading the Receving From tag, we can notice that the email was sent via corporate2.fx.ro, which is the ISP domain of the sender, using the IP 22.214.171.124. The email was sent using SMTP ("with ESMTP id") from the mail server called mail.fx.ro.
Looking further into the message, you will see the tag called X-Originating-IP: this tag normally gives the real IP address of the sender. The X-Mailer tag says what email client was used to send the email (on our case, the email was sent using FX Webmail).
How to analyze and read a SPAM header...
Back to the Email Tips Index.