((F) (O) (A) (D))

[Report Fun Ball]EMAIL HEADERS
Tips for spoofees.

 Main   Links   Return to Reports Index 

What is a "Header"?

The header is the crap that SMTP adds to your email messages to keep track of where it came from and where it's supposed to go. Header fields start with a field name (Like "Received") followed by a colon, then the stuff that the field consists of (like an email address or two, for instance). The header contains many other fascinating attributes that affect what the system does to your mail, but we aren't interested in those right now. Right now we're interested in finding out where your email REALLY came from.

Reading Headers


1. Look at it.

The first step towards reading a header is looking at it. This seems pretty obvious. Many people do not know how to view the entire header. Many of these people use Windows '95, and Eudora. In Eudora, there is a little button in the window of a message that looks like this: [blah blah blah] hitting that button toggles between displaying an abbreviated header, and the big ugly entire thing.

If you use PINE, the equivalent command is "H", invoked while on the message text screen. If that doesn't work, try going to the (S)etup (C)onfiguration from the main screen and find a line that says "enable-full-header-command". Place the cursor on the line and then hit "X". The "H" command should be enabled.


2. Note unusual features.

An email header usually looks something like this:

Return-Path: mikes@gstis.net
Received: from pdx-dhcp106.gstis.net (pdx-dhcp106.gstis.net [204.201.176.234]) by svr1.gstis.net (8.8.5/8.6.10) with SMTP id LAA18342 for <or.staff@gstis.net>; Mon, 9 Jun 1997 11:05:29 -0700 (PDT)
Received: by pdx-dhcp106.gstis.net with Microsoft Mail
     id <01BC74C5.8E82B000@pdx-dhcp106.gstis.net>; Mon, 9 Jun 1997 11:09:10 -0700
Message-ID: <01BC74C5.8E82B000@pdx-dhcp106.gstis.net>
From: Mike Shkolnik <mikes@gstis.net>
To: "'or.staff@gstis.net'" <or.staff@gstis.net>
Subject: Sandle Castle Festival Highlights
Date: Mon, 9 Jun 1997 11:09:08 -0700
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-UIDL: 56de27ef17b5a73c238cec985657d282
Status: RO
X-Status:

Usually the field names go in this order. They don't HAVE to, but if they don't [FOAD []]