how to view email headers?
Most mail clients allow access to the message header. The following list contains a few popular mail and web mail clients.
Please refer to the manual of your mail client if your mail client is not included in this list.
Please refer to the manual of your mail client if your mail client is not included in this list.
- View the Message Header in Google Mail (GMail) Webmail:
Login to your account on the webpage and open the message (click on it). Click on the "down-arrow" on the top-right of the message and select "Show Original". Now you will see the complete message source. - View the Message Header in Yahoo! Mail Webmail:
Login to your account on the webpage and open the message (click on it).
Click on "Actions" and select "View Full Header". - View the Message Header in Hotmail Webmail:
Login to your account on the webpage and go to the message list.
Right-click on the message and select "View Message Source". - View the Message Header in MS Outlook 2010:
Open the message in MS Outlook. Now go to "View" and select "Message Options" - or "File" -> "Info" -> "Properties".
Look at "Intenet Headers". - View the Message Header in MS Outlook:
Select the message in the list, right-click and select "Options" or "Properties".
Look at "Intenet Headers". - View the Message Header in Thunderbird:
Open the message, then click on "View" and select "Message Source". - View the Message Header in MS Windows Mail (and MS Outlook Express):
Select the message in the list, right-click on it and select "Properties" and go to "Details.
Standard Message Header Fields
Sample Message Header:
Return-path: <[email protected]>
Delivery-date: Wed, 13 Apr 2011 00:31:13 +0200
(3)Received: from mailexchanger.recipientdomain.tld([ccc.ccc.ccc.ccc])
by mailserver.recipientdomain.tld running ExIM with esmtp
id xxxxxx-xxxxxx-xxx; Wed, 13 Apr 2011 01:39:23 +0200
(2)Received: from mailserver.senderdomain.tld ([bbb.bbb.bbb.bbb] helo=mailserver.senderdomain.tld)
by mailexchanger.recipientdomain.tld with esmtp id xxxxxx-xxxxxx-xx
for [email protected]; Wed, 13 Apr 2011 01:39:23 +0200
(1)Received: from senderhostname [aaa.aaa.aaa.aaa] (helo=[senderhostname])
by mailserver.senderdomain.tld with esmtpa (Exim x.xx)
(envelope-from <[email protected]) id xxxxx-xxxxxx-xxxx
for [email protected]; Tue, 12 Apr 2011 20:36:08 -0100
Message-ID: <[email protected]>
Date: Tue, 12 Apr 2011 20:36:01 -0100
X-Mailer: Mail Client
From: Sender Name <[email protected]>
To: Recipient Name <[email protected]>
Subject: Message Subject
Return Path: The email address which should be used for bounces. The mailserver will send a message to the specified email address if the message cannot be delivered
Delivery-date: The data the message was delivered
Date: The date the message was sent
Message-ID: The ID of the message
X-Mailer: The mail client (mail program) used to send the message
From: The message sender in the format: "Friendly Name" <[email protected]>
To: The message recipient in the format: "Friendly Name" <[email protected]>
Subject: The message subject
The From: line, which contains the sender of the message could be faked easily, so you should not rely on this information.
The lines in green contain the routing information, from the senders computer to the recipients mailserver.
Lets take a closer look at these lines:
Received: from senderhostname [aaa.aaa.aaa.aaa] (helo=[ senderhostname])
by mailserver.senderdomain.tld with esmtpa (Exim x.xx)
(envelope-from <[email protected]) id xxxxx-xxxxxx-xxxx
for [email protected]; Tue, 12 Apr 2011 20:36:08 -0100
The message was sent from the senders computer with the IP address aaa.aaa.aaa.aaa to the mailserver of the sender. In many cases the sender IP aaa.aaa.aaa.aaa is a dynamic IP address, e.g. DSL. The IP address gives many informations about the sender, the location of the sender and the provider.
Received: from mailserver.senderdomain.tld ([bbb.bbb.bbb.bbb] helo=mailserver.senderdomain.tld)
by mailexchanger.recipientdomain.tld with esmtp
id xxxxxx-xxxxxx-xx
The message was transfered from the senders mailserver with the IP address bbb.bbb.bbb.bbb to the recipients mailexchanger. The mailexchanger is the mailserver, which accepts incoming messages for a domain.
Received: from mailexchanger.recipientdomain.tld([ccc.ccc.ccc.ccc])
by mailserver.recipientdomain.tld running ExIM with esmtp
id xxxxxx-xxxxxx-xxx; Wed, 13 Apr 2011 01:39:23 +0200
The message was finally received by the recipients mailserver from the the recipients mailexchanger ccc.ccc.ccc.ccc.
This is only a sample, which should show the principles. The message routing can contain much more steps, depending on the used mailprovider. It should always be possible to see the sender computer IP address aaa.aaa.aaa.aaa and the sender mailserver bbb.bbb.bbb.bbb if the message was sent from a mail client and a client computer. If the message was sent from a webmail client, then the real IP address of the sender is not included - in this case aaa.aaa.aaa.aaa (if any) will be the IP address of the webmail.
Some might try to fake the routing information, but your mailserver should give you a warning that something is not correct during the transfer from the sender mailserver bbb.bbb.bbb.bbb to the recipient mailexchanger ccc.ccc.ccc.ccc.
Return-path: <[email protected]>
Delivery-date: Wed, 13 Apr 2011 00:31:13 +0200
(3)Received: from mailexchanger.recipientdomain.tld([ccc.ccc.ccc.ccc])
by mailserver.recipientdomain.tld running ExIM with esmtp
id xxxxxx-xxxxxx-xxx; Wed, 13 Apr 2011 01:39:23 +0200
(2)Received: from mailserver.senderdomain.tld ([bbb.bbb.bbb.bbb] helo=mailserver.senderdomain.tld)
by mailexchanger.recipientdomain.tld with esmtp id xxxxxx-xxxxxx-xx
for [email protected]; Wed, 13 Apr 2011 01:39:23 +0200
(1)Received: from senderhostname [aaa.aaa.aaa.aaa] (helo=[senderhostname])
by mailserver.senderdomain.tld with esmtpa (Exim x.xx)
(envelope-from <[email protected]) id xxxxx-xxxxxx-xxxx
for [email protected]; Tue, 12 Apr 2011 20:36:08 -0100
Message-ID: <[email protected]>
Date: Tue, 12 Apr 2011 20:36:01 -0100
X-Mailer: Mail Client
From: Sender Name <[email protected]>
To: Recipient Name <[email protected]>
Subject: Message Subject
Return Path: The email address which should be used for bounces. The mailserver will send a message to the specified email address if the message cannot be delivered
Delivery-date: The data the message was delivered
Date: The date the message was sent
Message-ID: The ID of the message
X-Mailer: The mail client (mail program) used to send the message
From: The message sender in the format: "Friendly Name" <[email protected]>
To: The message recipient in the format: "Friendly Name" <[email protected]>
Subject: The message subject
The From: line, which contains the sender of the message could be faked easily, so you should not rely on this information.
The lines in green contain the routing information, from the senders computer to the recipients mailserver.
Lets take a closer look at these lines:
Received: from senderhostname [aaa.aaa.aaa.aaa] (helo=[ senderhostname])
by mailserver.senderdomain.tld with esmtpa (Exim x.xx)
(envelope-from <[email protected]) id xxxxx-xxxxxx-xxxx
for [email protected]; Tue, 12 Apr 2011 20:36:08 -0100
The message was sent from the senders computer with the IP address aaa.aaa.aaa.aaa to the mailserver of the sender. In many cases the sender IP aaa.aaa.aaa.aaa is a dynamic IP address, e.g. DSL. The IP address gives many informations about the sender, the location of the sender and the provider.
Received: from mailserver.senderdomain.tld ([bbb.bbb.bbb.bbb] helo=mailserver.senderdomain.tld)
by mailexchanger.recipientdomain.tld with esmtp
id xxxxxx-xxxxxx-xx
The message was transfered from the senders mailserver with the IP address bbb.bbb.bbb.bbb to the recipients mailexchanger. The mailexchanger is the mailserver, which accepts incoming messages for a domain.
Received: from mailexchanger.recipientdomain.tld([ccc.ccc.ccc.ccc])
by mailserver.recipientdomain.tld running ExIM with esmtp
id xxxxxx-xxxxxx-xxx; Wed, 13 Apr 2011 01:39:23 +0200
The message was finally received by the recipients mailserver from the the recipients mailexchanger ccc.ccc.ccc.ccc.
This is only a sample, which should show the principles. The message routing can contain much more steps, depending on the used mailprovider. It should always be possible to see the sender computer IP address aaa.aaa.aaa.aaa and the sender mailserver bbb.bbb.bbb.bbb if the message was sent from a mail client and a client computer. If the message was sent from a webmail client, then the real IP address of the sender is not included - in this case aaa.aaa.aaa.aaa (if any) will be the IP address of the webmail.
Some might try to fake the routing information, but your mailserver should give you a warning that something is not correct during the transfer from the sender mailserver bbb.bbb.bbb.bbb to the recipient mailexchanger ccc.ccc.ccc.ccc.