shared dedicated colocation resellers domains services support about
    order online

How to read and decipher the header of an e-mail

Headers are the e-mail's footprints in the sand, and will allow one to trace the message from its origin to destination. Each computer that the mail passes through will attach identifying information in a received line, such as where the mail came from, the machines name, date, and time the mail passed through it. There can be one received line or there can be many, the newest one is always placed on top. Since newer headers are placed on top, the first 'Received' line will usually show the message origin. Take a look at the sample header below: 

Return-Path:
Received: from mail4.sample.net (mail4.sample.net [200.197.247.2])
        by mail.pacbell.net (8.8.7/(97/09/12 5.12))
        id IAA10673; Tue, 4 Nov 1997 08:15:37 -0500 (EST)
        Errors-To:
Received: from mai1.test.com (mai1.test.com [200.238.107.3])
        by mail4.sample.net (8.8.5/8.8.5) with SMTP id IAA21240
        for ; Tue, 4 Nov 1997 08:15:35 -0500 (EST)
Message-Id:
X-Mailer: ccMail Link to SMTP R6.00.02
Date: Tue, 04 Nov 97 07:18:09 -0600
From: "Administrator"
To:
Subject: NVAM
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

The first Received line tells us that the mail was sent from (mail.test.com [200.238.107.3]) on Tue, 4 Nov 1997 08:15:35 -0500 (EST). We can check this line against forgeries by doing a NSLOOKUP on the IP address. From the UNIX shell you would type: 

     nslookup 200.238.107.3

And get the following response (Note: the domains and IP addresses used in this document are false, so you won't really get the following response): 

     Name:    mail.test.com
     Address:  200.238.107.3

The name should match what is in the Parentheses. If it does not, then that header was forged. The IP address is very difficult to forge, and will point back to the originating domain. Once you know where the e-mail came from you can file a complaint to the postmaster of the domain (postmaster@test.com). In the complaint you will need to include full header information, so the culprit can be tracked down. This method will not work 100% of the time due to forgeries, but this document should give you a basic understanding of e-mail headers. For more information, and further explanation of e-mail headers see: http://www.stopspam.org/email/headers/headers.html


Search Our Site


Enter keyword or phrase

Hosting Account Login

You can access your hosting account online 24 hours a day to manage your account details.
» Support Contacts
» Communication Blog
» Support HelpDesk
» Abuse Policies & Help
» Internet Glossary
» Control Panel Demos
» Software Downloads
» External Links & Stuff

WebMail Login

Enter your email address and press enter.

Control Panel Login

Enter your domain name without the preceding "www." and press enter.

abuse     knowledgebase     spam firewall     privacy     acceptable use     trouble tickets     merchandise     contact

©1994-2007 Global Internet Services, Inc., All Rights Reserved

Partners: Merchant Account | Domain Registration