FastDomain - What Is An Email Header? Difference Between Full & Partial Headers
 

FastDomain Web Hosting Help

What Is An Email Header? Difference Between Full & Partial Headers

What is the value of the Internet Email Header?

Here are few reasons it may be necessary to review the headers:

  • Investigate possible Spoofing and determine the source of the message.
  • Analyze timestamps along the delivery route and identify the source of any delay.
  • Test any of the mail servers in the path to see if they are on a blacklist.
  • Review Spam Assassin score.
  • Determine if the message was routed through the Postini filtering server prior to arrival.

While you may think reviewing email header information is too technical, Internet investigations are NOT rocket science. As with most detective work, you know what has happened and to whom. All you need to do now is find out who or what happened by reviewing the contents of the Email header.

What is a header?

The header is a section of code that contains information about from where the e-mail came and how the message reached its destination. Headers will contain the e-mail address of the originator and/or the computer the perpetrator/sender was using.

Here is what the typical Internet email header looks like. What you are looking for in the header is the IP address, sometimes conveniently identified as the "Originating IP". We can trace to the Internet service provider (ISP) with the date and time of the offending e-mail using the IP address of the sender's computer. The IP addresses in the example below are shown in bold font.

            Return-path: 
            Envelope-to: john@example.com
            Delivery-date: Wed, 02 Apr 2014 15:06:11 -0600
            Received: from [46.165.209.232] (port=36531 helo=delivery.antispamcloud.com)
            	by fast309.FastDomain.com with esmtps (TLSv1:RC4-SHA:128)
            	(Exim 4.82)
            	(envelope-from )
            	id 1WVSMM-0003oR-Ny
            	for john@example.com; Wed, 02 Apr 2014 15:06:10 -0600
            Received: from mail-ig0-f195.google.com ([209.85.213.195])
            	by mx7.antispamcloud.com with esmtps (TLSv1:RC4-SHA:128)
            	(Exim 4.82)
            	(envelope-from )
            	id 1WVSMJ-00049k-3X
            	for john@example.com; Wed, 02 Apr 2014 23:06:10 +0200
            Received: by mail-ig0-f195.google.com with SMTP id uq10so212231igb.2
                    for ; Wed, 02 Apr 2014 14:06:02 -0700 (PDT)
            DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
                    d=gmail.com; s=20120113;
                    h=mime-version:date:message-id:subject:from:to:content-type;
                   fdbhovkRL3Im017b5m7rMRTWVa1olgzE1U+yr8FXykLSM=;
                    b=I9n1lRLh2EbEic44CPWv6doKf6m9+z1G9tVmowbugj99p5jn5ImorW2oBqZ1BRbOFD
                     3CnQkj7koUZfajma0Q0bbjJFB27CHfIMKvFLzOeWjeLP2bu3Z5X/d+lmCdFMSG8FQBoO
                     c2Pz5n0d85zQyxkzy4lvL4D5kVevuJ5n+s7y6nCZTpYw1iwtQciGgr8XO77wGJq0S2FY
                     WZC7jqB5c3CmpT8EytMEJwsH3UQAD7hxYq3FZHL7Ici89x8vDG/ZNQOla9TsfSrmC9qO
                     mMLFWCZs1A1Hfe2gwOxBpRXgAqxf1/hlFfAf0CIIRTcD/03kSaWB7L/lPy++CTvkzpbB
                     Ro4A==
            MIME-Version: 1.0
            X-Received: by 10.42.107.67 with SMTP id c3mr2836464icp.28.1396472762166; Wed,
             02 Apr 2014 14:06:02 -0700 (PDT)
            Received: by 10.50.216.193 with HTTP; Wed, 2 Apr 2014 14:06:02 -0700 (PDT)
            Date: Wed, 2 Apr 2014 15:06:02 -0600
            Message-ID: 
            Subject: I can haz headers
            From: FastDomain Tutorials
            To: john@example.com
            Content-Type: multipart/alternative; boundary=20cf302075e4ed71d604f615a6cd
            Received-SPF: pass (mx7.antispamcloud.com: domain of gmail.com designates 209.85.213.195 as permitted sender) client-ip=209.85.213.195; envelope-from=fastdomaintutorials@gmail.com; helo=mail-ig0-f195.google.com;
            X-SPF-Result: mx7.antispamcloud.com: domain of gmail.com designates 209.85.213.195 as permitted sender
            X-Filter-ID: XtLePq6GTMn8G68F0EmQveOvoFo7+04sHaU+aQGjobYi0opp2x9AytcIxrAv/iEuaWmMHd4i6wCz
             ASsx7ILyBvmrHcqsgpX6d4SIG6yP47bDMFgiN2el8cbE99y5VERdERWeKKG4PAQYNyavp7c49C7S
             5JHQ4xOsiG8cGbGY8Ju2qts0ILWtXEEZmkE2vLlbG/45LuYWJsWNKzGzAznZ/oq+Kj8XsfH6M1iC
             r9Pl7cS2FeLaw8TKFNoyhNvcmkCU2LIKoGx11NpkPoCtYTihVFvHjmVhGT2LR+SRHRnJSjexOaDD
             7DhwsYoQmALxTDsg5YE5enyccp7RH4WQio3uGcdGxQ6d5hivGO7oPpIBNraJdlCnvQ+khpxZdnh3
             Rg+eq6FYx9JcxaWalMnLitersKkGD1ysZpHhKaUh/7HiGlCtDNmfymkhdU0FFLdsJzH+bncTWq+l
             t2yLUdZkS4XDsBY2SdcAejSFbwPMuc/8+8bnfBK8XMz156Rrx4gJt1rfVwqJrV8TZUiWxNy0V2Qu
             LFYFvf25LVONYbYifH5OzZDcKP8EIfERgwZdrj+yX3bZ9HVqUY3tkBcsuKQ2aA7N/8zfymEUbuPk
             n06aNthuTeE=
            Authentication-Results: antispamcloud.com; spf=pass smtp.mailfrom=fastdomaintutorials@gmail.com
            Authentication-Results: antispamcloud.com; dkim=pass header.i=gmail.com
            X-Spampanel-Class: unsure
            X-Spampanel-Evidence: Combined (0.15)
            X-Recommended-Action: accept
            X-Identified-User: {0000:fast309.FastDomain.com:local:local} {sentby:Delivered locally}
            

Which of the IP addresses above should you trace? Usually, the originating IP (in this case, 209.85.210.177) is either called that, and/or is closer to the bottom of the stack, nearer to the actual body of the message.

It is important to note that this source IP address (209.85.210.177) will not resolve on the Internet as it is within a block of IP addresses that are "reserved" private IP addresses. They are used behind corporate firewalls and proxy servers. They access the outside world through a NAT service, which stands for Network Address Translation. To find where this IP address is located, you will have to contact the network administrator responsible for the IP address 64.18.2.187, which is a legitimate internet IP address and through which this private IP address passes on its way to the internet.

RFC 1918 describes IP addressing guidelines for private networks and for which IANA (Internet Assigned Numbers Authority) has reserved for private networks. There are three sets of reserved private numbers, one respectively for each IP network Class A, B & C. They are:

  • 10.0.0.0 to 10.255.255.255
  • 172.16.0.0 to 172.31.255.255
  • 192.168.00 to 192.168.255.255

The difference between Full and Partial Headers

Partial Headers:

This is what you normally look at in your emails. The partial headers are the most important to your daily tasks. Such headers are the From Address, To Address, Subject, Date and Time, Reply To Address, CC, and BCC.

Full Headers:

The full headers are simply more technical information than you normally see when you check your email. Sometimes we need those extra headers to solve a problem.

Here is a few links which guides you to turn on Full Headers for whichever mail program you use:



Was this resource helpful?

Did this resolve your issue?


Please add any other comments or suggestions about this content:





Recommended Help Content

How do I display the Internet email header?
Knowledgebase Article 547,102 views tags: email header mail

What is an IP address?
Knowledgebase Article 165,718 views tags: ip

Why do scripted e-mails come from < username@fast###.FastDomain.com > when I have specified otherwise?
Knowledgebase Article 469,544 views tags: email forms header php script scripted sendmail

Related Help Content

How do I redirect users to another page using PHP?
Knowledgebase Article 935,828 views tags: header location php redirect redirects

Is your email being delayed? This article can help you find the source of the problem.
Knowledgebase Article 139,781 views tags: delay delayed delays email slow time

Explanation of how to recognize spoof mail and what can be done to prevent it
Knowledgebase Article 322,716 views tags: email spam spoof spoofing

What is the difference between a Shared & Dedicated IP? How do I get Port Access? What type of SSL Certificate is right for me?
Knowledgebase Article 499,968 views tags: ip port secure

So, you want to access your email, eh? You're going to need an email client for that. But what is an email client? Email clients come in two varieties: webmail and email applications.
Knowledgebase Article 470,343 views tags: email horde imap mail pop roundcube webmail

I am having problems with being spammed. I believe that my email address has been harvested (taken off my site and sold to spammers). Can I hide my email address, but still have people email me?
Knowledgebase Article 275,349 views tags: address bots email hiding porn spam spammers spiders

Email is not being received when forwarded to free email services such as Gmail, Yahoo, or Hotmail and other ISP's that provide email service such as AOL, Comcast, Cox, etc. It can show completed in t
Knowledgebase Article 326,766 views tags: email forward

How to set up an email account on an Android-based device.
Getting Started Article 1,448,915 views tags: android email google phone