Email Headers -
How to View them and Include them in Reporting a Spam or Scam
Do you want to find out who REALLY sent that email?
Or do you want to know how to copy the email header so
that an enforcement agency can track down a spammer or
scammer? Read on for:
Internet e-mails include a "header" which usually includes (at least) the
- From: The e-mail address, and optionally name, of the sender of
- To: The e-mail address[es], and optionally name[s], of the
receiver[s] of the message
- Subject: A brief summary of the contents of the message
- Date: The local time and date when the message was originally
- Received: the route the message took when it was sent to you
(which is important to trace the real origin of the email).
Each header field has a name and a value.
Note that the "To" field in the header is not necessarily related to the
addresses to which the message is delivered. The actual delivery list is
supplied in the SMTP protocol, not extracted from the header content. The "To"
field is similar to the greeting at the top of a conventional letter which is
delivered according to the address on the outer envelope.
Also note that the "From" field does not have to be the real sender of the
e-mail message. It is very easy to fake the "From" field and let a message
seem to be from any mail address. It is possible to digitally sign e-mail, which
is much harder to fake. Some Internet service providers do not relay e-mail
claiming to come from a domain not hosted by them, but very few (if any) check
to make sure that the person or even e-mail address named in the "From" field is
the one associated with the connection. Some internet service providers apply
e-mail authentication systems to e-mail being sent through their MTA (email
system) to allow other MTAs to detect forged spam that might apparently appear
to be from them.
The "Received:" headers of any email message will tell you where the message
originated and what route it took to get to you. That's what you need to know to
be able to trace the email to it's real sender.
The Received header lists the steps in the email deliver process, in reverse
order (most recent, your pc, at the top, and the starting point at the bottom).
The the first one will be your own computer, and the last one should be the
sender. The domain names and IP addresses in "Received: headers" are those of
the actual machines that performed a portion of the delivery service. These
headers can be faked, but it's harder to do than spoofing (faking) simple "From"
Other common header fields include:
1. Cc: carbon copy
2. Bcc: Blind Carbon Copy
3. Received: Tracking information generated by mail servers that have previously
handled a message
4. Content-Type: Information about how the message has to be displayed, usually
a MIME type
The email headers are generally hidden by most email programs. To see
them requires a couple of steps, which vary depending upon the email program you
use. Here are directions for some of the more common email clients (programs):
While you are viewing the message,
- Select View
- Select Options
- Outlook Express:
- Right-click on an email message in the Inbox
- Click on Properties on the menu that pops up.
- Select the Details tab.
- Under the "To address"
- click "Details"
- Yahoo mail
- Open the email
- click on "Standard Headers" on the right side, then
- click on "Full Headers"
- Options(to the right of the "Contacts" tab)
- Mail Display Settings link under the Additional Options column.
- Message Headers.
- Select Full
- Click OK
- Go back to your Inbox and view your mail, which will now show the
- Click the "Blah Blah Blah" button.
- Select: View
- Click Headers
- Select All
- Click "View Full Headers".
Once you can see the headers, you need only highlight them with your mouse,
then copy and paste them into our feedback form.
If these directions aren't enough, Spamcop.com, a website that sells spam-blocking software (completely
unaffiliated with CFR.org), has an excellent set of visual directions to help you
see and copy the full-headers in many of the popular email programs. These links
take you to those pages:
Click on your email program:
Want More Information?
How Internet e-mail works
These websites can provide more detail about email headers, what they are and
how to read and use them!