Home → Email → Email Issues → How To Display Full E-mail Header Information
Have you ever received an e-mail from someone you know, but the subject looks suspicious or have you received an e-mail from someone you know didn't send it? There is a way to determine the origin of the e-mail.
To do this you need the full header information. The header is the section of code that contains where the e-mail came from how it reached you. The header information will provide the originating IP address and/or the computer the originator was using. Given an IP address and a time stamp, most providers or sites can find the end user who was using the IP address at the specific time.
If you follow the instructions on extracting headers you should be able to identify the origin from various e-mail clients and programs.
Entourage 2004 or Outlook Express for Mac OS
In the main Entourage window, open the e-mail you wish to view the header information in a new window.
Entourage 2008
In the main Entourage window, select the e-mail you wish to view the header information. You don't have open the message in a new window, but doing so will also work.
Here is an example:
Microsoft Mail Internet Headers Version 2.0
Received: from exmail01.bsu.edu ([10.192.24.33]) by EMAIL7.bsu.edu with Microsoft SMTPSVC(5.0.2195.5329);
Tue, 2 Mar 2004 02:43:55 -0500
Received: from ibmail01.bsu.edu ([10.192.24.35]) by exmail01.bsu.edu with Microsoft SMTPSVC(5.0.2195.6713);
Tue, 2 Mar 2004 02:43:54 -0500
Received: from p5224-ipad32funabasi.chiba.ocn.ne.jp ([221.189.137.224])
by ibmail01.bsu.edu (SAVSMTP 3.1.2.35) with SMTP id M2004030202434510609
; Tue, 02 Mar 2004 02:43:50 -0500
Received: from 124.192.108.71 by 221.189.137.224; Tue, 02 Mar 2004 10:43:44 +0300
Message-ID: BXHPFKQEIYYCGSKXQPKHAOCDI@yahoo.com
From: "Olga George" podpdpiezoflk@yahoo.com
Reply-To: "Olga George" podpdpiezoflk@yahoo.com
To: xyz (actual address has been changed)
Subject: Lower your monthly payments
Date: Tue, 02 Mar 2004 10:42:44 +0300
X-Mailer: Microsoft Outlook Express 5.50.4522.1220
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="--42501322956449316"
X-Priority: 3
X-MSMail-Priority: Normal
Return-Path: podpdpiezoflk@yahoo.com
X-OriginalArrivalTime: 02 Mar 2004 07:43:54.0799 (UTC) FILETIME=[1CFA03F0:01C4002A]
----42501322956449316
Content-Type: text/html;
Content-Transfer-Encoding: quoted-printable
Usually the IP address that should be traced is close to the bottom of the stack, nearer to the actual body of the message. In this example it is 124.192.108.71. It should be noted that the source IP address will not resolve on the internet as it is within a block of IP addresses that are "reserved" private IP addresses. They are used behind corporate firewalls and proxy servers. They access the outside world through a Network Address Translation (NAT) service.
EXCERPT FROM: http://www.bsu.edu/security/article/0,1384,86674-5031-19683,00.html