How do I read the full headers in an email?

EQ Admin

EQ Forum Admin
Staff member
Hello,

This guide is for understanding the information in the full headers of an e-mail message.

If you are trying to find the full headers please see our How to get full email headers (message source) forum for the directions specific to your mail program.

If you are trying to do a forward or reverse email search please try our email directory lookup tool.

How do you understand the information once you have it?

The path an e-mail followed can be followed from the bottom to the top of the headers.

First, here are the full e-mail headers from an example text e-mail to myself:
Return-Path: <example@EmailQuestions.com>
Delivered-To: example@emailquestions.com
Received: (qmail 19640 invoked from network); 11 Nov 2008 15:03:14 -0000
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on holdems
X-Spam-Level:
X-Spam-Status: No, score=0.1 required=2.4 tests=RDNS_NONE autolearn=disabled
version=3.2.5
Received: from unknown (HELO hrndva-omtalb.mail.rr.com) (71.74.56.124)
by mail.discussny.com with SMTP; 11 Nov 2008 15:03:14 -0000
Received: from 007guard.com ([74.74.141.45]) by hrndva-omta01.mail.rr.com
with ESMTP
id <20081111150328.XBIS2091.hrndva-omta01.mail.rr.com@007guard.com>
for <example@emailquestions.com>; Tue, 11 Nov 2008 15:03:28 +0000
Date: Tue, 11 Nov 2008 10:03:23 -0500
From: E-Mail Questions <example@EmailQuestions.com>
Message-ID: <975585836.20081111100323@EmailQuestions.com>
To: example@emailquestions.com
Subject: Full E-Mail Headers
Now lets break this down into manageable chunks that can be easily explained.

Date: Tue, 11 Nov 2008 10:03:23 -0500
From: E-Mail Questions <example@EmailQuestions.com>
Message-ID: <975585836.20081111100323@EmailQuestions.com>
To: example@emailquestions.com
Subject: Full E-Mail Headers
First, I sent this e-mail to and from a test account that I use for this site. Please keep in mine that even though this information is To: and From: myself, and that in this case it is true, it is possible for spammers to forge this information and use values that do not belong to themselves or you.

Received: from 007guard.com ([74.74.141.45]) by hrndva-omta01.mail.rr.com
with ESMTP
id <20081111150328.XBIS2091.hrndva-omta01.mail.rr.com@007guard.com>
for <example@emailquestions.com>; Tue, 11 Nov 2008 15:03:28 +0000
This section of the headers shows that I sent the e-mail out through my ISP Time Warner rr.com smtp relay servers. The IP address of their SMTP relay that my e-mail passed through was 74.74.141.45. Again it is possible to add fake headers to an e-mail, but in this case they are true. A general rule of thumb is that you can only trust e-mail headers created by mail servers that you trust.

Received: from unknown (HELO hrndva-omtalb.mail.rr.com) (71.74.56.124)
by mail.discussny.com with SMTP; 11 Nov 2008 15:03:14 -0000
The e-mail was then received from the Time Warner smtp relay by my mail server. I trust the headers created by mail server, and since it confirms the e-mail passed through 74.74.141.45 I tend to trust the previous headers too.

Delivered-To: example@emailquestions.com
Received: (qmail 19640 invoked from network); 11 Nov 2008 15:03:14 -0000
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on holdems
X-Spam-Level:
X-Spam-Status: No, score=0.1 required=2.4 tests=RDNS_NONE
My mail server did a check for spam using SpamAssassin.

It's also worth noting that RBL checks are not recorded, but that my server also did an RBL check as the e-mail was being received before passing it on to SpamAssassin to be checked.

A reply to the message will go To: example@EmailQuestions.com.

If you suspect a forgery please see our guide on How to check the DNS of an IP Address and Hostname.

If you have any questions about understanding the full headers of an e-mail message that you received please copy and paste them into a reply to this thread and we will be more than happy to examine them for you.
 
Last edited:

Loreena

New Email
CareerBuilder's Security Team provided your link to me in order to provide them with the full header for the email below. I am suspicious because my resume already has the info that Rick is asking me for.

Thank You,

Lorena Castillo


---------- Forwarded message ----------
From: Rick Hudson <vexcorpjobs@yahoo.com>
Date: Thu, Nov 3, 2011 at 11:58 PM
Subject: Customer Service Position.
To: loreena1960@gmail.com

I am Rick Hudson, Recruitment Specialist with Vex Corp Incorporated. We have review your application for the customer service position advertised on careerbuilder.com. On behalf of the company, I'm offering you a customer service evaluator position.

Vex Corp Inc is solely responsible for hiring Customer Service Evaluators to conduct excellent Customer Service Surveys. Our clients are companies that have a network of Branches across America. Our Notable clients include:

McDonalds
Starbucks
Dunkin' Donuts
Chase Financial
Victoria's Secret
Dell America

Your position with our company is a work-from-home, part time position. You will conduct surveys at any of our client's retail outlet ASSIGNED to you. You will be patronizing their businesses and conducting a survey at the same time to evaluate the Sales Attendant. Our clients will be relying on your report in improving their business, which is the importance of the whole evaluation process. Companies use this process to continually improve on the services offered at their outlets.

Some companies employ our services when people give complaints about one or two irregularities, some clients employ our service when they feel the need to improve on their customer service. This Position is open and available Immediately, Once you confirm your Interest and availability, you will be introduced immediately to our clients. As for Pay, You will receive $200 on each survey you conduct at any time for any of our clients, and with the number of clients we currently work with, you could be conducting as much as 5-10 surveys weekly, which will earn you between $1000-$2000 weekly, meaning you'll earn about $52,000/year, part time.

No commitment is involved, no Sign Up fees.

Your confirmation, Along with your Full Name, Mailing Address and phone number will be required to draw up a contract. Once I have this Info,we'll move swiftly and introduce you to our clients.

Rick Hudson
Vex Corp Incorporated
2223 W Ball Rd # 235,
Anaheim, CA 92804

 
Last edited by a moderator:
Top