Overview
The complete headers of an e-mail message provide much information on the origin of a message; full headers are a useful tool for tracking and stopping SPAM and virus-laden e-mail. Most e-mail readers only show the To: and From: headers, which can be easily forged. This document will explain how to find full headers, and provides a link to a document on analyzing and tracking the origin of an e-mail message, based on those headers.Full headers example
Return-Path: [fake@address.com]Received: from server.mymailhost.com (mail.mymailhost.com [126.43.75.123])
by sys01.mail.msu.edu (8.10.2/8.10.2) with ESMTP id NAA23597;
Fri, 12 Jul 2002 16:11:20 -0400 (EDT)
Received: from aol.com (127-34-56-98.dsl.mybigisp.com [127.34.56.98])
by server.mymailhost.com; Fri, 12 Jul 2002 13:09:38 -0700 (PDT)
Date: Fri, 12 Jul 2002 13:09:38 -0700 (PDT)
From: Hot Summer Deals [hot_deals@aol.com]
To: My.Friends@msu.edu
Subject: Just what you've been waiting for!!
In particular, the header lines beginning with "Received:" provide a trace of the message from its origin to your mail server. In many cases with spam and virus e-mail, not all of the information in the "Received:" headers can be trusted, but it can still provide many valuable clues as to the message source.
Full headers for Outlook
Outlook 98 - 2003Within the message, click View, then click Options. Copy and paste the section marked "Internet Headers".
Outlook Express
Within the message, click File from the pull-down menu bar. Select "Properties". Another window will open, showing two tabs. Choose the one titled "Details". Copy and paste the headers into the message you wish to forward.
Outlook 2007
When viewing the message in your Inbox , double click on it so that the message is in its own window. Look for the Message Tab in the Options block (which is the fourth block over). Click on the little button with an arrow on it. Copy and paste the section marked "Internet Headers" near the bottom.
Viewing full message headers using supported e-mail clients
Mail.msu.edu webmailIn Standard Layout while viewing the message, hover the mouse over Headers selection from the message menu at the top of the message. Click "Show All Headers". Copy and paste the headers into the message you wish to forward.
Apple Mail (Mail.app)
Within the message, click View, then click Message from the pull-down menu. Select "Long Header". The message with full headers can now be forwarded.
Entourage
Within the message, click View, then select "Internet Headers". The message with full headers can now be forwarded.
Thunderbird
Within the message, click View from the pull-down menu bar. Click Headers and select "All". The message with full headers can now be forwarded.
Gmail
Within the message, click the down arrow next to Reply at the top-right of the message and select Show Original. The message with full headers will open in a new browser window. Select all, copy, and paste the contents into a new message to forward.
In the list of messages, right-click the message you want to forward and select Properties. In the Properties window, select the Details tab. Right-click anywhere in the "Internet headers for this message" field and click Select All. Right-click again and click Copy. Close the Properties window.
Eudora
Within the message, click the "BLAH BLAH BLAH" title bar icon in the upper left hand corner of the message window (yes, there is an icon in Eudora called "BLAH BLAH BLAH"). The message with full headers can now be forwarded.
