ALL about Email Header | Detailed Analysis.

Many people open there inbox inorder to check their mail or send a mail and then signout but there are indeed lot of things are carried out when we simply send or receive a mail.There is a detail report/history of all those things  that are carried out and are attached with the mail.Yes, I am talking about email headers.They are kept hidden from normal user but we can certainly view it.These headers comes very handy when tracing email,filtering spams,recording the Ip address of the sender etc.So,lets see what email header is all about.

What is an Email Header?
It is a record/report/history of  the email which covers the path from the sender to the receiver and also contains the vital information about the mail servers that it has encountered in its path.Few emails also contain digital signature to detect the tampering of the mail in the path.

What information we can get from Email headers?
As i mentioned above we can get the history of the mail and the information on the path the mail has traveled to reach us.Lets see what information we can get from it.....
                               
            1.When the sender has composed the message(Date,Time)
            2.When the email was sent from the sender's PC to the mail server.(Date,Time)
            3.When the email was sent from the mail server to the intended receiver.(Date,Time)
            4.The type of protocol used in the entire path.
            5.The PC of the sender can be identified from the Header.
            6.The IP address of the sender but not always.
            7.The type and the number of digital signatures on the mail I mean the type of algorithm.
            8.What type of email-client the sender has used to send the mail
            9.The ISP of the sender. 
           10.If any third party is using any tracking means.

How to view Header of an Email?

Here I have listed out not all but few of the web mail providers and email client.

Web mail providers:

1.Gmail: Login in a standard version >Open mail of your choice >Click the down arrow next to reply >Then select show original.

2.Yahoo: Login >Select the desired mail >Click on action drop down menu >Select view full header.

3.Hotmail: Login >Select Inbox >Right click on the desired mail >Select view message source.

Email Desktop Clients:

1.Outlook Express: Open it >Select  the desired mail from Inbox >Right click on it and select Properties >Details.

2.Mozilla:Open it >Open the desired mail > Click view menu >Message source.

Details on Email Header.

Here I have taken the example of my Gmail account to explain.As mentioned above we first need to open up the header of  any desired mail as shown below.
(Click on the image to zoom it.)
 This is what you will get in a new window as shown below.
(Click on the image to zoom it.)
As you can see i have divided the whole header into 3 sections.It is worth mentioning that a header is always analyzed in bottom to top approach.This is because most of the vital informations about the sender is there at the bottom.You can say in the above image section1 is for destination mostly and section3 is for source mostly.

Section 3:
(Click on the image to zoom it.)
MIME-Version:1.0:MIME stands for Multipurpose Internet Mail Extension. It tells about the types of attachments in the email.It allows to send sound,graphics etc.Here the Mime-Version field shows that it is currently in 1.0.

Received:by :It show the time and date the email reached the Gmail server.

In-Reply-to: and References : Both are same,as the name shows it means whether the sender has sent an reply to the past message or is a direct new message.If it is a reply message then it contains the reference of the past message.This is an unique number.

Message-ID:This show the system from which the email has originated,I mean the senders's PC.It can be changed or forged easily.This is also a unique number.

To: and From: It gives the sender's and receivers email-id.

Content type:What type of content is there in the email ie. text or image or anything else.

Section 2:
(Click on the image to zoom it.)
What is DKIM-Signature?

DKIM(DomainKeys Identified Mail) is a digital signature put on every mail we send or receive through mail servers.It is used because the mails cannot be tampered or altered in its path.This mechanism is also used in spam filters as spam do not have any digital signature.

In the above image there are certain values let me explain.
                  v=Version
                  a=The algorithm used by Sender or Originating Web mail provider.
                  c=canonicalization algorithm of header and body.
                  d=Sender or Originating Web mail provider.
                  s=Selector
                  h=Contains the list of all the digital signature done on this email.
                  bh=Body hash
                  b=Digital signature of header and body.

Section 1:

Delivered-To:It contains the email-id of the receiver.

Received:by : You can see there is a  2 second difference in time between the "received by:" in section 3 and section 2.It shows the time and date the mail reaches the gmail server.

Return-Path: The sender's email-id.

Received :from :Specifies the Ip address of the sender generally in "[ ]" but in gmail it is masked by the gamil server address.

If you find this post worth reading then do drop a comment,it will be appreciated.
Suggest Article

Subscribe to Posts....

Enter your Email-ID and get "Security Tips and Hacking Tutorials"alert in your inbox,we promise to keep your email private and safe.

comment 10 comments:

RicardoBR on September 17, 2010 at 5:11 PM said...

nice blog! Love it.
Good stuff for email

Sathish @ TechieMania on September 17, 2010 at 6:51 PM said...

Hi Satyajit,

Nice write up bro. Email headers can help us to get lot more informations than we think. Thanks for writing an useful post.

Sathish

Shekhar Sahu on September 18, 2010 at 2:53 PM said...

Very Informative!

Satyajit (Admins,a.k.a Satosys) said...

@all Thanks :)

Vikash on September 20, 2010 at 4:53 PM said...

nice info..thanks

TechGopal on September 22, 2010 at 11:45 AM said...

really well explained info...

Anonymous said...

nice work lad:)

Sandeep Bhatti on July 21, 2011 at 1:48 PM said...

nice....gud info and explanation ...

ajit on October 25, 2011 at 11:46 AM said...

nice one and very rich........but if it deal how to know detail of each that can be better.

Anonymous said...

Good job dude! Thanks for this article.

Post a Comment

This blog is "DoFollow",Use a "Real Name" rather than using "Keywords" otherwise comment will be rejected.

Delete this element to display blogger navbar

 
© 2013 SecurityHunk All Rights Reserved and Template by Fresh Blogger Templates