University of Rochester
 

Security and Policy Home

How we protect you

Protect your computer

Protect your data

Protect yourself

Protect your community

Report an Incident

University IT Home

IT Notices

IT Policy

About Us

PMR

Leaders

Contact Us

Security and Policy

 

Interpretting E-mail Headers

If you have contacted support for help with a spam or other e-mail-related issue, you may have been asked to provide full header information for the e-mail in question.

 

What is a full header?

Full headers are more than the "From" and "To" lines your email client displays at the top of your email messages. The full headers contain a lot of information, including every hop a message has taken across the Internet to get from its sender to you, its final recipient. This data of where the message has actually come from can be very valuable in tracking down the real origin of an email. Email can be forged fairly easily, but every email will always be marked with the true IP address of the sending host. The trick is in getting your email client to display these lines so that you can analyze them yourself or forward them on to your support staff.

Full e-mail headers look something like this: 




Received: from antivirus1.its.rochester.edu (antivirus1.its.rochester.edu [128.151.57.50])



        by mail.rochester.edu (8.12.8/8.12.4) with ESMTP id h2OGQs9o002563;



        Mon, 24 Mar 2003 11:26:54 -0500 (EST)



Received: from antivirus1.its.rochester.edu (localhost [127.0.0.1])



        by antivirus1.its.rochester.edu (8.12.8/8.12.4) with ESMTP id h2OGQrQx003450;



        Mon, 24 Mar 2003 11:26:54 -0500 (EST)



Received: from galileo.cc.rochester.edu (galileo.cc.rochester.edu [128.151.224.6])



        by antivirus1.its.rochester.edu (8.12.8/8.12.4) with SMTP id h2OGQrDC003447;



        Mon, 24 Mar 2003 11:26:53 -0500 (EST)



Received: (from majord@localhost)



        by galileo.cc.rochester.edu (8.12.8/8.12.4) id h2OGQq91029757;



	Mon, 24 Mar 2003 11:26:52 -0500 (EST)



Date: Mon, 24 Mar 2003 11:26:50 -0500 (EST)



From: somesender@mail.rochester.edu



Message-Id: <200303241626.h2OGQojt002507@mail.rochester.edu>



To: someuser@its.rochester.edu



Subject: My mail message is about:

A full header does NOT look like this:




------------Example Incomplete Header------------



Date: Fri, 29 May 03 08:53:48 EST



From: MyFriend@friendly.com



Subject: NEW! 600K Hot List... No AOL



Reply-To: yourfriend@nowhere.com



----------End Example Incomplete Header----------



How to display the full headers in various email programs

The following list of email clients and applicable modes of header display were borrowed from http://www.owlriver.com.

Netscape 4.x for PC / MAC:

  1. Select the message in question.
  2. Double-click on the mail message to open it.
  3. Click on the "View" option on the main toolbar, then select "Header," and then "Full."
Netscape 3.x for PC / MAC:
  1. Select the message in question.
  2. Click on the "Options" option in the main toolbar, then select "Show Headers," and then the "All."
Microsoft Outlook 97/98 for PC:
  1. Open message in Full-View (you double-click on the message in the "Message Listing" pane.)
  2. Left-click on the "View" menu and select "Options".
Microsoft Outlook Express for PC
  1. Select the message in question.
  2. Click on the "File" menu and select "Properties".
  3. Click on the "Details" tab on the top of the window.
Eudora Light / Pro 3.x for PC
  1. Select the message in question.
  2. Double-click on the message to open it.
  3. Find the message button bar.  This is not the main toolbar, but the button bar immediately above the message text pane of the message viewer.
  4. Click on the "Blah Blah Blah" button on this toolbar.
Microsoft Outlook Express for MAC:
  1. Select the message in question.
  2. Click on the "View" option on the main toolbar.
  3. Select the "Show Internet Headers" option.
Microsoft Mail and News for MAC:
  1. Click on "Edit" on the main toolbar.
  2. Select "Preferences."
  3. Click on the "Display" option on the left-hand pane of the "Preferences" menu.
  4. Click on the checkbox next to "Show message headers in message windows."
Eudora Light 3.x for MAC:
  1. Select the message in question.
  2. Double-click on the message to open it.
  3. Find  the message button bar.  This is not the main toolbar, but the button bar immediately above the message text pane of the message viewer.
  4. Click on the "Blah Blah Blah" button on this toolbar.
Pegasus Mail 2.x for MAC:
  1. Click on "File" on the main toolbar.
  2. Select "Preferences," and the suboption "General Preferences."
  3. Click on the checkbox "Show all headers when reading messages."
Pine:
  1. Enable the full header command. (NOTE: This step only needs to be done once. The change is permanent.)
    1. Type 's' for Setup
    2. Type 'c' for Config.
    3. Scroll down the list of features until you find enable-full-header-cmd, and type 'x' until you see an 'X' in the checkbox.
    4. Type 'e' to Exit.
    5. Answer with yes (by hitting 'y') when it asks you to replace settings.
  2. Select the message in question.
  3. Press the [Enter] key to view it.
  4. Press 'h' to display the full header.

 

For more information

 

Related Topics

 

up arrow Back to top

       

Text | Directory | Index | Contact | Calendar | News | Giving

©Copyright 1999 -- 2006 University of Rochester

Last modified: Tuesday, 25-Sep-2007 09:38:35 EDT