HomeEmailEmail IssuesHow To Display Full E-mail Header Information

4.1. How To Display Full E-mail Header Information

How To Display Full E-mail Header Information

Have you ever received an e-mail from someone you know, but the subject looks suspicious or have you received an e-mail from someone you know didn't send it?  There is a way to determine the origin of the e-mail. 

To do this you need the full header information.  The header is the section of code that contains where the e-mail came from how it reached you.  The header information will provide the originating IP address and/or the computer the originator was using.  Given an IP address and a time stamp, most providers or sites can find the end user who was using the IP address at the specific time.

If you follow the instructions on extracting headers you should be able to identify the origin from various e-mail clients and programs.

Outlook for Windows: Outlook 98, 2000, 2002, and 2003

Method 1:

  1. Open the mail message.
  2. Select View from the menu options and then select Options from the drop-down menu box.
  3. The message headers are at the bottom of the window, in a box labeled "Internet Headers:" 

Method 2:

  1. Options from the menu box.
  2. The message headers are at the bottom of the window, in a box labeled "Internet Headers"


Outlook for Windows: Outlook 2007

Method 1:

  1. Open the mail message.
  2. Click on the small arrow located in the bottom right corner of the Options field, which is located on the Quick Access Toolbar.
  3. The message headers are at the bottom of the window, in a box labeled "Internet Headers:"

Method 2:

  1. Message Options from the menu box.
  2. The message headers are at the bottom of the window, in a box labeled "Internet Headers"


Outlook 2001 for Mac OS

  1. Open the mail message in a separate window
  2. File menu, select Properties….
  3. In the window that appears, click the Headers tab.  The headers will appear in the box labeled "Headers for this message.".


Microsoft Exchange (prior to Outlook)

  1. Open the mail folder containing the mail message.
  2. Right-click the mail message for which you want the headers, and select Properties.
  3. Click the Headers tab to read the full headers.


Outlook Express for Windows:

  1. Right-click the message, then select Properties. (If you have the message open, from the File menu, select Properties.)
  2. Click the Details tab.  This will display the full headers of the message.

Entourage 2004 or Outlook Express for Mac OS

In the main Entourage window, open the e-mail you wish to view the header information in a new window.

  1. Select View from the menu options and then select Internet Headers from the menu box.
  2. A dialog box will pop-up with the message headers.

 Entourage 2008

In the main Entourage window, select the e-mail you wish to view the header information. You don't have open the message in a new window, but doing so will also work.

  1. Select Message from the menu options and then select Internet Headers from the menu box.
  2. A dialog box will pop-up with the message headers.

Here is an example:
Microsoft Mail Internet Headers Version 2.0
Received: from exmail01.bsu.edu ([10.192.24.33]) by EMAIL7.bsu.edu with Microsoft SMTPSVC(5.0.2195.5329);
                  Tue, 2 Mar 2004 02:43:55 -0500
Received: from ibmail01.bsu.edu ([10.192.24.35]) by exmail01.bsu.edu with Microsoft SMTPSVC(5.0.2195.6713);
                  Tue, 2 Mar 2004 02:43:54 -0500
Received: from p5224-ipad32funabasi.chiba.ocn.ne.jp ([221.189.137.224])
  by ibmail01.bsu.edu (SAVSMTP 3.1.2.35) with SMTP id M2004030202434510609
  ; Tue, 02 Mar 2004 02:43:50 -0500
Received: from 124.192.108.71 by 221.189.137.224; Tue, 02 Mar 2004 10:43:44 +0300
Message-ID: BXHPFKQEIYYCGSKXQPKHAOCDI@yahoo.com
From: "Olga George" podpdpiezoflk@yahoo.com
Reply-To: "Olga George" podpdpiezoflk@yahoo.com
To: xyz (actual address has been changed)
Subject: Lower your monthly payments
Date: Tue, 02 Mar 2004 10:42:44 +0300
X-Mailer: Microsoft Outlook Express 5.50.4522.1220
MIME-Version: 1.0
Content-Type: multipart/alternative;
                boundary="--42501322956449316"
X-Priority: 3
X-MSMail-Priority: Normal
Return-Path: podpdpiezoflk@yahoo.com
X-OriginalArrivalTime: 02 Mar 2004 07:43:54.0799 (UTC) FILETIME=[1CFA03F0:01C4002A]

----42501322956449316
Content-Type: text/html;
Content-Transfer-Encoding: quoted-printable 

Usually the IP address that should be traced is close to the bottom of the stack, nearer to the actual body of the message.  In this example it is 124.192.108.71.  It should be noted that the source IP address will not resolve on the internet as it is within a block of IP addresses that are "reserved" private IP addresses.  They are used behind corporate firewalls and proxy servers.  They access the outside world through a Network Address Translation (NAT) service.

EXCERPT FROM: http://www.bsu.edu/security/article/0,1384,86674-5031-19683,00.html

This page was: Helpful | Not Helpful