 |
GreatManuals.com |
|
| Email Internet Headers Every received email has Internet Headers. Using Microsoft Outlook as an example (other mail programs are very similar), just follow these steps to view the headers:
TIP: Right-click in the 'Internet Headers' field and click on 'Select All' in the popup menu (or type ctrl-A). Then right-click again and click on 'Copy' in the popup menu (or type ctrl-C). Finally, paste all the Internet Headers into your favorite text editor for full examination (such as 'Notepad', included with Windows). Example: What you see will be very similar to the following (with 'line numbers' added for clarity and discussion in following sections): 1: Received: from tes1a623.OneMail.com.sg ([203.127.89.129]) by visualroute.com (8.11.6) id f9CIVSk24480; Tue, 12 Oct 2004 12:31:29 -0600 (MDT) Header Line Syntax: The Internet Header Fields are just a series of text lines, where each line looks like: Header-Name : Header-Value And if a line starts with a tab or spaces, like line 4 above, that line is a continuation of the previous Header-Value line. So, the Header-Name Received in line 3 has a Header-Value that spans lines 3 and 4 Received Headers The most important header field for tracking purposes is the Received header field, which usually has a syntax similar to: Received: from ? by ? via ? with ? id ? for ? ; date-time Where from, by, via, with, id and for are all tokens with values within a single Header-Value , which may span multiple lines. Note: Some mail servers may not include all of these tokens -- or additional tokens/values may be added to this field, but now you are prepared to break it apart and understand it. Every time an email moves through a new mail server, a new Received header line (and possibly other header lines, like line 2 above) is added to the beginning of the headers list. This is similar to FedEx package tracking, when your package enters a new sorting facility and is 'swiped' through a tracking machine. This means that as you read the Received headers from top to bottom, that you are gradually moving closer to the computer/person that sent you the email. But please note that as you read through the Received header fields and get closer to the computer/person that sent you the email, you need to consider the possibility that the sender added one or more false Received header lines to the list (at the time, the senders beginning of the list) in an attempt to redirect you to another location and prevent you from finding the true sender. But, now that you know false header lines are possible, just stay alert. You will probably find it very useful to break a single Received line into multiple lines, with one token per line. Namely, the header line: Received: from tes1a623.OneMail.com.sg ([203.127.89.129]) by visualroute.com (8.11.6) id f9CIVSk24480; Tue, 12 Oct 2004 12:31:29 -0600 (MDT) is much easier to read and understand when formatted so that each token is on a new line, as in: Received: |