Protect Yourself and Report the Latest Frauds, Scams, Spams, Fakes, Identify Theft Hacks and Hoaxes
Do you want to find out who REALLY sent that email? Or do you want to know how to copy the email header so that an enforcement agency can track down a spammer or scammer? Read on for:
Internet e-mails include a "header" which usually includes (at least) the following:
Each header field has a name and a value.
Note that the "To" field in the header is not necessarily related to the addresses to which the message is delivered. The actual delivery list is supplied in the SMTP protocol, not extracted from the header content. The "To" field is similar to the greeting at the top of a conventional letter which is delivered according to the address on the outer envelope.
Also note that the "From" field does not have to be the real sender of the e-mail message. It is very easy to fake the "From" field and let a message seem to be from any mail address. It is possible to digitally sign e-mail, which is much harder to fake. Some Internet service providers do not relay e-mail claiming to come from a domain not hosted by them, but very few (if any) check to make sure that the person or even e-mail address named in the "From" field is the one associated with the connection. Some internet service providers apply e-mail authentication systems to e-mail being sent through their MTA (email system) to allow other MTAs to detect forged spam that might apparently appear to be from them.
The "Received:" headers of any email message will tell you where the message originated and what route it took to get to you. That's what you need to know to be able to trace the email to it's real sender.
The Received header lists the steps in the email deliver process, in reverse order (most recent, your pc, at the top, and the starting point at the bottom). The the first one will be your own computer, and the last one should be the sender. The domain names and IP addresses in "Received: headers" are those of the actual machines that performed a portion of the delivery service. These headers can be faked, but it's harder to do than spoofing (faking) simple "From" addresses.
1. Cc: carbon copy
2. Bcc: Blind Carbon Copy
3. Received: Tracking information generated by mail servers that have previously handled a message
4. Content-Type: Information about how the message has to be displayed, usually a MIME type
The email headers are generally hidden by most email programs. To see them requires a couple of steps, which vary depending upon the email program you use. Here are directions for some of the more common email clients (programs):
While you are viewing the message,
Once you can see the headers, you need only highlight them with your mouse, then copy and paste them into our feedback form.
If these directions aren't enough, Spamcop.com, a website that sells spam-blocking software (completely
unaffiliated with CFR.org), has an excellent set of visual directions to help you
see and copy the full-headers in many of the popular email programs. These links
take you to those pages:
Click on your email program:
These websites can provide more detail about email headers, what they are and how to read and use them!
Reading Email Headers