Understanding Email Headers - Secure your Email

Every email message consists of two parts – the body and the header, used by servers on the Internet as they deliver the message, however the actual sending of the emails does not depend on headers, they are for our convenience.

The header could be understood as the envelope of a letter containing the address of the sender and the recipient and also any other information. The body is the actual text message the sender types, along with any attachments. The e-mail headers tell us where the email is coming from, which route it has come through and name of the different route points and so on. This information can help us track down the origin of spam and much more.

In some email clients, header information is partially or not even displayed. It is possible to instruct most email programs to display the full headers of the messages we receive. Most email programs display the header information that we always see which includes:

From: Usually the from information is set to the sender’s address, for example fish4us2009@yahoo.com, so that you may know who the message sender is and so can send a reply easily. Spammers often insert fictitious email addresses in the From because they don’t want you to know who they are.

Subject: It is a one line text that the sender types in to be a topic, theme, focus of the email.

To: This is usually the email address of the recipient. Note that the information in To field is not necessarily the address where the email was sent. Example: "Justin Langton" <JustLangton59@hotmail.com>

Date: This is a local time and date when the e-mail message was originally sent. Example: Date: 4 Nov 2008 22:49:20 -0000

CC: Carbon copy of the message. This could be considered as an extension of the To field. It contains email address of other people to keep informed.When other people receive the message, they also see who other recipients of the message are.

BCC: Blind carbon copy, secretly informing other people. Same as CC but the other recipients of the email can not see the name/e-mail address of other people the message has been sent to.

Reply-To: Email address added by the sender to direct replies, could be left blank and the default one is used. Not all email programs allow user to change Reply-To address. It looks like this: Return-Path: <grant_smith@anydomain.com>

Priority/Importance: This is used to influence speed and delivery and also to make the recipient to open the message soon, it can be set to high or low importance by the email sender. Example: Importance: Normal

The following header information is not displayed to you on the email program. The process of viewing this information will be slightly different, depending on the mail program being used.

Received: The header of every email message also contains Received line, which is not usually displayed by email programs, but this can be helpful in detecting a scam because it is a trace/log of the message from its origin to your mail server. It tells when the email was sent, where it came from, the route it took and where it was forwarded to before arriving to your email address, etc. It also tells the server name and IP address of the system the server received the message from.

There might me two or more Received headers. Note that we read the Received headers in reverse order, which means the first Received header is furthest down in the header and the last Received is on the top . Received line example: Received: from [67.61.123.200] by web41013.mail.yahoo.com via HTTP; Sat, 24 Apr 2008 23:13:34 EST

DomainKey-Signature: It is a cryptographic signature that tell, when checked, that the message was sent from a particular email service provider, e.g. Yahoo!.

X-Mailer: Tells what MUA (mail user agent) composed the message, for example Microsoft Outlook, Hotmail, etc.

X-MS-Has-Attach: Tells whether the e-mail has an attached document with it or not. Example: X-MS-Has-Attach: yes

X-Accept-Language: It tells the receiving server that it should use a specified language e.g. English, if it has to send an email back.Example: X-Accept-Language: en

X-UID: There's no imaginable use for this header but some spammers add one for some unknown reason.

Content-Type: It specifies the nature of the data in the message by giving type and subtype identifiers. The type/subtype can be audio, video, text or other format. It tells how MIME compliant mail programs should interpret the content of the message. For example:Content-Type: text/plain; charset="Windows-1252", Content-Type: text/plain; charset="us-ascii"

MIMI-Version: This one just specifies the version of the MIME protocol that was used by the sender.

Message-Id: A unique ID for every e-mail message, usually by the first mail server the message encounter. Any message ID without a @ sign or has an empty string is probably a forgery

While e-mail headers could be used to get basic information about the email, it can also be used to detect whether an email is a spam or not. Please check back on Bright Hub soon to get more information on e-mail headers, email header spoofing, detecting spam with the help of headers and much more.