Tracing the edges of your email, hiding from untrained eyes, are the fingerprints of Simple Mail Transfer Protocol ... the headers. Email headers contain quite a bit of information about a message that is not apparent at first glance. I can't guarantee that you'll be in there with the experts, but if you would like to learn a little more about where your email has been, and who really sent it, allow me to show you the basics of what your email headers may contain.

Basic Mail Headers The following is a simple message header, the address label of an email message. It only contains the most basic information of an email message: who the message is from, to whom the message was sent, possibly a subject line indicating what the message is about, and the time-stamp of when the message was written.

Date: Mon, 24 Feb 1997 19:30:34 -0500 (EST) To: MindSpring Technical Support Desk support@mindspring.com From: mailbox@mindspring.com Subject: Reading Mail Headers Cc: mailbox@mindspring.com
 

Date: Mon, 24 Feb 1997 19:30:34 -0500(EST)
 

Like most basic email headers, this one is pretty self-explanatory. It just indicates when the message was written. But what you may not know is that the information in the Date: line is supplied by the time on the sender's computer, which may or may not be set correctly. Also, the Date: line does not normally indicate when the message was sent, but only when it was written. In this example, the email message from which this header was taken was written on Monday, February 24th 1997, at approximately 7:30pm Eastern Standard Time (EST). The format of this line will vary depending on which email client the sender uses to compose the message.
 

To: MindSpring Technical Support Desk<support@mindspring.com>
 

The To: line is used to indicate the primary person or persons the mail message is intended for. Usually a name will precede the actual address, though this is certainly not required. The To: line may also contain more than one address, each separated by commas. In this case, the mail will be delivered to each address listed in this line, as well as the Cc: line and the otherwise invisible Bcc: line (see Cc: and Bcc:) There really is no functional difference between an address contained in the Cc: or To: lines of an email message.
 

From: mailbox@mindspring.com
 

The From: line indicates who the message is from. Pretty simple.
 

Subject: Reading Mail Headers
 

The Subject: line is used to provide a short description of what the message is about.
 

Cc: mailbox@mindspring.com
 

The Cc: , or Carbon Copy, line of an email message is used to list all of the people who were sent a copy of the mail message. This line may contain one or more addresses, each separated by a comma. Or, it may not contain anything at all. In this example, the Cc: line contains the same address as the From: -- I just wanted to send a copy of the mail to myself for my own records.
 

(Bcc:)
 

If this message had been Bcc' d to another address, you would not know it from the headers of the received message. This is because Bcc stands for Blind Carbon Copy -- the mail server actually removes this header line right before it delivers it. So if you ever get a message delivered to your mailbox, but do not see your address anywhere in either the To: or the Cc: lines, it was probably sent to you via a Blind Carbon Copy. This is common way of sending mail to large numbers of recipients without showing everyone who the message was actually sent to or to keep the headers from scrolling on for pages and pages on your screen.

Extended Mail headers Sample "extended" email header
 

Return-Path: mailbox@mindspring.com Received: from mailmule0.mindspring.com (mailmule0.mindspring.com [204.180.128.191]) by mailgrunt1.mindspring.com (8.7.4/8.7.3) with ESMTP id TAA09377 for <mailbox@mindspring.com>; Mon, 24 Feb 1997 19:30:43 -0500 (EST) Received: from LOCALNAME (user-37kb512.dialup.mindspring.com [207.69.148.34]) by mailmule0.mindspring.com (8.8.4/8.8.4) with SMTP id TAA00875; Mon, 24 Feb 1997 19:30:34 -0500 (EST) Date: Mon, 24 Feb 1997 19:30:34 -0500 (EST) Message-Id: 1.5.4.16.19970224193529.22e79a46@pop.mindspring.com X-Sender: mailbox@pop.mindspring.com X-Mailer: Windows Eudora Light Version 1.5.4 (16) Organization: MindSpring Enterprises Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" To: MindSpring Technical Support Desk <support@mindspring.com> From: mailbox@mindspring.com Subject: Reading Mail Headers Cc: mailbox@mindspring.com
 

Return-Path: mailbox@mindspring.com
 

Your email client will automatically refer to this header line to determine which address to use when replying, or by the mail server when bouncing back undeliverable mail messages or mailer-daemon error messages. Some mail clients will use variations which might include: Return-Errors-To: or Reply-To:
 

Received: frommailmule0.mindspring.com (mailmule0.mindspring.com [204.180.128.191]) bymailgrunt1.mindspring.com (8.7.4/8.7.3) with ESMTP id TAA09377 for mailbox@mindspring.com; Mon, 24 Feb 1997 19:30:43 -0500 (EST)
 

A section is added to this field by each host service that relays the message. Received: lines are read from bottom to top, the higher received lines being the most recent to have been added. While not terribly interesting to the casual user, the information in the Received: field can be quite useful for tracing mail routing problems. The names of the sending and receiving hosts and time-of-receipt may be specified.
 

The example above shows four pieces of useful information (reading from back to front, in order of decreasing reliability):
 

The host that added the Received line - mailgrunt1.mindspring.com
 

The host/IP address of the incoming SMTP connection - mailmule0.mindspring.com
 

The reverse-DNS lookup of that IP address - 204.180.128.191
 

The name the sender used in the SMTP HELO command when they connected - mailmule0.mindspring.com
 

In short, mailmule0.mindspring.com passed the mail on to mailgrunt1.mindspring.com for final delivery to <mailbox@mindspring.com> at approximately 5:30 pm EST on Monday, February 24th.
 

Received: from LOCALNAME (user-37kb512.dialup.mindspring.com [207.69.148.34]) by mailmule0.mindspring.com (8.8.4/8.8.4) with SMTP id TAA00875; Mon, 24 Feb 1997 19:30:34 -0500 (EST)
 

This is actually the first Received: line. It indicates that the mail message originated from a MindSpring dial-up PPP account with IP address 207.69.148.34. The mail server that eventually accepted the message was mailmule0.mindspring.com , which was using SendMail version 8.8.4, a UNIX mail delivery agent. The mail server also stamped the header with the actual time it received the message. Note that the time indicated is a few seconds before the header line above it.
 

Organization: MindSpring Enterprises
 

This line is used to identify the organization (or lack there of!) of the sender. Typically the default configuration for your mail settings is going to be "MindSpring Enterprises" but you can easily change this to something more personal to your family or specific to your business.
 

Message-Id: 1.5.4.16.19970224193529.22e79a46@pop.mindspring.com
 

Every mail message is assigned a unique Message-Id which helps your email client, as well as mail server, to keep track of the status of a message, and thought it looks like an email address, it really isn't. Generally this information is of no use to you and only matters to the mail server. For example, if you have Eudora configured to leave a copy of your email on the mail server, the next time you check your mail, your email client will first compare the message id's to determine if it has already seen a message, and if it should download another copy of it or just skip it. Message-Id's are also logged in special mail logs which can be called on by your system administrators (in this case "postmasters") when trying to troubleshoot technical issues like mail loops or forged mail messages.
 

X-Sender: mailbox@pop.mindspring.com
 

Some email clients will include a X-Sender header to add another layer of authentication to a mail message. In the example, Eudora uses information supplied in its configurations settings. X- headers may be thought of as "X-tra" information and are more or less X-traneous comments. They do not impact the normal delivery process of the mail.
 

X-Mailer: Windows Eudora Light Version 1.5.4 (16)
 

Some email clients will add this header line to indicate the make and version of the software used to send the message. In this case, the mailer used was the 16 bit version 1.5.4 of Eudora Light for Windows, the email client MindSpring currently ships with its software. If I had sent the mail from Netscape's Mozilla mail program, the X-Mailer might have looked something like this:
 

X-Mailer: Mozilla 3.01 (Win95; I)
 

Not all email clients include an X-Mailer header.
 

Mime-Version: 1.0
 

MIME-compatible email clients look for this line when first determining what to do with attachment files-- if MIME attachments are included, email clients first be sure they understand compatible MIME types. For those of you obsessed with acronyms, MIME stands for Multipurpose Internet Mail Extensions. It is an Internet standard for transferring non-textual data through email. MIME is what makes it possible to exchange graphic documents and multimedia files across systems.
 

Content-Type: text/plain;charset="us-ascii"
 

This line tells the receiving email client exactly what MIME type or types are included in the mail message. As long as the MIME-type referenced is compatible with the mail program it should have no problems automatically decoding the attachments. In the example above, [text/plain; charset="us-ascii"] just tells us that the message contains a regular ASCII text message.

Resources Well, that about covers the basics of reading email headers. Those of you who are curious about the messy details of mail and news headers might be interested in the following World Wide Web sites:

"Figuring Out Fake Email & News Posts" (AKA "The Spam FAQ") Information on deciphering the origins of unwanted email...
 

http://www.cis.ohio-state.edu/hypertext/faq/usenet/net-abuse-faq/spam-faq/faq.html

"Standard for the Format of ARPA Internet Text Messages" (RFC 822) Request for Comments-- official documentation of Internet Protocols and Standards
 

http://noc.ucsc.edu/cie/RFC/822/index.htm
 

© 2000 EarthLink, Inc.