Understanding the information in an email header


Below is an example of what a header may look like.


Delivered-To: support@isheriff.com

Received: by 1.1.1.1 with SMTP id g2cs974866bue;

Sun, 21 Jan 2007 10:40:50 -0800 (PST)

Received: by 1.1.1.1 with SMTP id o6mr53068agc.11694048335;

Sun, 21 Jan 2007 10:40:49 -0800 (PST)

Return-Path: <fakemail@yahoo.com>

Received: from web58308.mail.re3.yahoo.com (web58308.mail.re3.yahoo.com [1.1.1.1])

by mx.isheriff.com with SMTP id 9si5512040agc.2007.01.21.10.40.48;

Sun, 21 Jan 2007 10:40:49 -0800 (PST)

Received-SPF: pass (isheriff.com: domain of fakemail@yahoo.com designates 1.1.1.1 as permitted sender)

DomainKey-Status: good (test mode)

Received: (isheriff 52644 invoked by uid 60001); 21 Jan 2007 18:40:48 -0000

DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;

s=s1024; d=yahoo.com;

h=X-YMail-OSG:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID;

b=efbVrw8c8wqr4eSQzCeW7649jwVofY/e5lXFywYad7Q/Tns7dS5p/OZCKCZA=;

X-YMail-OSG: JF41QboVM1mJ19dW6KPDoUWVXm.95cEcw-

Received: from [1.1.1.1] by web58308.mail.re3.yahoo.com via HTTP; Sun, 21 Jan 2007 10:40:48 PST

Date: Sun, 21 Jan 2007 10:40:48 -0800 (PST)

From: Fake Mail <fakemail@yahoo.com>

Subject: Re: preeminenc zuk

To: support@isheriff.com

MIME-Version: 1.0

Content-Type: multipart/related; boundary="0-842682536-1169404848=:50690"

Content-Transfer-Encoding: 8bit

Message-ID: <112261.50690.qm@web58308.mail.re3.yahoo.com>

--0-842682536-1169404848=:50690

Content-Type: multipart/alternative; boundary="0-1777241646-1169404848=:50690"

--0-1777241646-1169404848=:50690

Content-Type: text/plain; charset=iso-8859-1

Content-Transfer-Encoding: 8bit


Apparently-To, Delivered-To, and To:

The lines that begin with Delivered-To and To: contain the e-mail address of who the e-mail is being sent to.


From:

The line that begins with From: is who sent the e-mail.


In-Reply-To:

Although not displayed on the above example (even though the subject contains Re:) the lines beginning with In-Reply-To: contains the message id of what the e-mail is being replied to. Not all e-mail servers will use this feature.


Cc:

The line beginning with Cc: contains any e-mail address that was sent a carbon copy of the message.


Bcc:

Lines that begin with Bcc: is any Blind Carbon Copy (BCC) e-mails that were also send the e-mail. Although not all e-mail programs display this information because of privacy concerns, there are several programs that will.


Subject:

The Subject: line contains the subject of the e-mail.


Return-Path:

The line beginning with Return-Path: is what e-mail should be used if an error is encountered while the e-mail is being sent.


Received:

Lines beginning with Received: contain each of the mail servers that the e-mail has passed through to get to your Inbox. This section of the header is useful during troubleshooting e-mails that are not getting to destination because the line contains the e-mail server and IP address information, the date sent, and other useful information.

In addition to troubleshooting this is also a good indication of who sent the e-mail. Often the first Received: (the lowest on the list) is the mail server that originated the e-mail. However, it is also easy for spammers to create a fake (spoof) received making it appear that a mail passed through their server and that they are not the origin of the e-mail.


Message-ID:

The line starting with Message-ID: is the assignment given to the e-mail message from the first e-mail server.


Lines beginning with X-: 

Anything beginning with X- is extra data that is not contained in any standard and is often used by the e-mail server or clients to provide additional information that can used with the sending and delivery of an e-mail. Below is a short list of some common X- lines you may see while viewing an e-mail header.

· X-Complaints-To: - Where to direct your complaints you have about an e-mail you received.

· X-Confirm-Reading-To: - Create an automatic response for read messages.

· X-Errors-To: The address to send an e-mail to for any errors encountered.

· X-Mailer: - Program used to send the e-mail.

· X-PMFLAGS: - Additional information used with Pegasus Mail.

· X-Priority: - Priority of e-mail being sent.

· X-Sender: - Additional information about the sender of the e-mail.

· X-Spam-zzz: - Where zzz is any number of different spam tags relating to the Spam filter on the e-mail server. Some of these include: Checker-Version, Level, Report, and Status.

· X-UIDL: - Used with e-mails distributed over POP.


Content-Type, Content-Transfer-Encoding, MIME-version:

Used by MIME to know how to understand and display the e-mail in the e-mail program.