Regarding the importance of Email, everyone knows the role it plays in our daily lives. Imagine a world where there is no tool like email. It would be a horrible and laborious job to communicate what we currently do with a simple click.

We all understand the utility factor attached to email. It is one of the fastest, most reliable and most personalized modes of communication. But it has been found that very few understand the basics of this communication. We simply write or attach what we want to communicate and send it. That is what has been found.

At this time, when email is gradually being used for business and for many purposes, not to mention being used for phishing and other malicious intent. It is of the highest priority to understand the other “messages” in addition to what you have sent or received.

Every email comes with a “Header” which is a part of the structure of an email; call it mail DNA. It carries basic essential information, such as who the email came from, who it is addressed to, the date/time it was sent, and the subject of the email. It’s similar to a September email. In addition, it also contains other detailed information that we don’t normally see.

This basic information comes in all the short/basic headers that most email programs display automatically. This detailed technical information can be viewed in a comprehensive header. All email programs can be configured to display only a short header or a full header and it is up to the users to configure the program to only display a “short header” or “full header”.

The full header contains the information of the name of the mail server through which the email passed on its way to the recipient, and the IP address of the sender and even the name of the email program and its version used.

Knowledge of this information is essential for analyzing and investigating cases involving email abuse, spam, harassment, forgery, and mail bombs. It is worth mentioning that understanding this tool would definitely help people to counter these attacks and save themselves from unwarranted consequences. Well, this information could not be found in a short header.

Here we will take the case of Google mail and Yahoo mail to find the complete header.

Google mail.

Using your ID/password, sign in to Gmail.

Open the email for which you want to find the full sender header.

Click on the inverted triangle located right next to Reply.

You will get something like this…

Delivered to: [email protected]

Received: by 10.36.81.3 with SMTP id e3cs239nzb; Tuesday, September 12, 2007 15:11:47 -0800 (PST)

Return route:

Received: from mail.emailprovider.com (mail.emailprovider.com [111.111.11.111]) by mx.gmail.com with smtp id h19si826631rnb.2007.03.12.15.11.46; Tuesday, September 12, 2007 15:11:47 -0800 (PST)

Message ID:

received from [11.11.111.111] by mail.emailprovider.com via HTTP; Tuesday, Sep 12, 2007 3:11:45 PM PST

Date: Tuesday, September 12, 2007 15:11:45 -0800 (PST)

From: Mr. Jones

Subject: hello

To: Mr. Rakesh

In the example, the headers are added to the message three times:

1. When Mr. Jones composes the email

Date: Tuesday, September 12, 2007 15:11:45 -0800 (PST)

From: Mr. Jones

Subject: hello

To: Mr. Rakesh

2. When email is sent through the servers of Mr. Jones’s email provider, mail.emailprovider.com

Message ID:

received from [11.11.111.111] by mail.emailprovider.com via HTTP; Tuesday, Sep 12, 2007 3:11:45 PM PST

3.When the message is transferred from Mr. Jones’s email provider to Mr. Rakesh’s Gmail account

Delivered to: [email protected]

Received: by 10.36.81.3 with SMTP id e3cs239nzb; Tuesday, Sep 12, 2007 15:11:47 -0800 (PST)

Return route: [email protected]

Received: from mail.emailprovider.com (mail.emailprovider.com [111.111.11.111]) by mx.gmail.com with SMTP ID h19si826631rnb; Tuesday, September 12, 2007 15:11:47 -0800 (PST)

Below is a description of each section of the email header:

Delivered to: [email protected]

The email address to which the message will be sent.

Received: by 10.36.81.3 with SMTP id e3cs239nzb;

Tuesday, March 29, 2005 15:11:47 -0800 (PST)

The time the message reached Gmail’s servers.

Return route:

The address from which the message was sent.

Received: from mail.emailprovider.com

(mail.emailprovider.com [111.111.11.111])

by mx.gmail.com with SMTP ID h19si826631rnb.2005.03.29.15.11.46;

Tuesday, March 29, 2005 15:11:47 -0800 (PST)

The message was received from mail.emailprovider.com, by a Gmail server on March 29, 2005 at approximately 3 pm.

Message ID: [email protected]

A unique number assigned by mail.emailprovider.com to identify the message.

received from [11.11.111.111] by mail.emailprovider.com via HTTP;

Tuesday, Mar 29, 2005 3:11:45 PM PST

Mr. Jones used an email composition program to write the message and it was later received by mail.emailprovider.com’s email servers.

Date: Tuesday, March 29, 2005 15:11:45 -0800 (PST)

From: Mr. Jones

Subject: hello

To: Mr. Rakesh

The date, sender, subject, and destination: Mr. Jones entered this information (except the date) when he composed the email.

And for IP, look for Received: followed by the IP in square brackets [ ] e.g

received from [11.11.111.111] by mail.emailprovider.com via HTTP; Kill, 12

It is also important that there are times when you may encounter multiple Received: entries, in which case select the latest as the valid option.

Yahoo Mail… Read