display | more...
At the top of every piece of email, lies the fingerprints of the Simple Mail Transfer Protocol (SMTP), that allows your mail to be zipped all over and about on port 25. These lines of text contain critical information about the delivery and routing of each message. Unless you're a postmaster, or an abuse ninja, you probably don't spend a lot of time staring at these. They contain extended and helpful information, especially when trying to determine the origins of and email, or for sorting your mail

Depending on your mail client, you may only see a very limited number of these headers, though, namely: "From", "Date", "To", "Cc", and "Subject". Because these are the most common headers displayed to end users, these (along with "Bcc"), are commonly referred to as basic mail headers.

Here is a sample basic header:

Date: Fri, 7 Sep 2001 17:30:21 -0400 (EDT)
To: announce@hq.lp.org
Subject: New Libertarian PAC!
From: Libertarian Party Announcements <owner-announce@lp.org>
Notice that it does not contain "Cc" or "Bcc" headers - these were simply never added during message creation. The only manditory basic headers are "To" and "From" (although it is true that some poorly-configured SMTP servers will accept a message with no "From" field, and most of them will add their own date stamp in the "Date" if the client omits one). Also, as is illustrated here, the "To" header need not even indicate the recipient's address. Actual recipient is negotiated during the mail handoff between servers, allowing this field to be set to whatever is desired.

Now here's the headers that, while included in all mail, depending upon your mailer and your configuration, you may or may not normally see:

Return-Path: <owner-announce@hq.lp.org>
Received: from spf7.us4.outblaze.com (205-158-62-41.outblaze.com [205.158.62.41])
        by datavortex.net (Postfix) with ESMTP id A974367C0A
        for ; Fri,  7 Sep 2001 20:18:39 -0400 (EDT)
Received: from columbia.lp.org (columbia.kia.net [205.252.89.231])
        by spf7.us4.outblaze.com (8.11.0/8.11.0) with ESMTP id f880I1t18446;
        Sat, 8 Sep 2001 00:18:01 GMT
Message-Id: <200109072130.RAA93603@columbia.lp.org>
Let's do this line by line
Return-Path: <owner-announce@hq.lp.org>
Email clients automatically refer to this header line to determine which address to use when replying, and also by the mail server when bouncing back undeliverable mail messages or mailer-daemon error messages. Some mail clients also use "Return-Errors-To" or "Reply-To".
Received: from spf7.us4.outblaze.com (205-158-62-41.outblaze.com [205.158.62.41])
by datavortex.net (Postfix) with ESMTP id A974367C0A
for ; Fri,  7 Sep 2001 20:18:39 -0400 (EDT)
A line is added to this field by each host or service that relays the message. "Received" lines are read from bottom to top, the higher received lines being the most recent to have been added. While not terribly interesting to most casual email users, the information in the "Received" field can be quite useful for tracing mail routing problems, and determining the origins of a spam message. Let's disect, the example above shows five pieces of useful information:
  • The host that added the Received line -
    datavortex.net
  • The IP address of the machine initiated the SMTP connection, and handed off the mail -
    205.158.62.41
  • The reverse-DNS lookup of that IP -
    205-158-62-41.outblaze.com
  • The name that the host used when passing off the mail -
    spf7.us4.outblaze.com
  • A standard-format Unix timestamp showing when the handoff happened -
    Fri,  7 Sep 2001 20:18:39 -0400 (EDT)
There's actually a little more info in there - my email address, and a unique SMTP ID that the server (identifying itself in the header as Postfix) uses for internal tracking.

Here's the quick and dirty on what this line reveals: Two days ago, around 8:30 PM in my Eastern Daylight Savings timezone, one of the US Outblaze servers handed a message to my box, who calls himself datavortex.net.

Received: from columbia.lp.org (columbia.kia.net [205.252.89.231])
        by spf7.us4.outblaze.com (8.11.0/8.11.0) with ESMTP id f880I1t18446;
        Sat, 8 Sep 2001 00:18:01 GMT
This is actually the first "Received" line. It indicates that the mail message originated from the server named columbia.lp.org with IP address 205.252.89.231. The mail server that first accepted the message was spf7.us4.outblaze.com, running Sendmail 8.11.0. The mail server also stamped the header with the actual time it received the message. Note that the time indicated is a few seconds before the header line above it (Sat, 8 Sep 2001 00:18:01 GMT == Fri Sep 7 20:18:01 EDT 2001).
Message-Id: <200109072130.RAA93603@columbia.lp.org>
Every mail message is assigned a unique Message-Id by the first server to accept it. It helps your email client, as well as mail server, to keep track of the status of a message. This is very useful for branch viewing of your mail when combined with the "In-reply-to" field, and a mailer with a good tree scheme such as mutt for the Unix platform. Message-Id headers can be terribly useful to system administrators trying to debug mail problems, in diagnosing mail loops, and preventing duplicate messages.

There's a great deal (in fact, infinite) number of other headers that you can insert into your mail, but none of them are necessary for the basic functionality. Some of the more common ones found today are: Organization, X-Sender, X-Mailer, Mime-Version, Content-Type, Content-Length, and Status. There are also ones commonly inserted by list management software, bulk mailers, and remailers.

Headers, like most internet traffic, can easily be forged. Servers don't check the headers that the last server appended. You can only trust the headers as much as the servers that have handed them off to you. Often spammers will forge headers in an attempt to conceal their identity in order to escape punishment from his or her ISP.

If you want your headers to be munged so that you can send mail with virtually guarnateed anonymity, check out the Mixmaster remailer.

Log in or register to write something here or to contact authors.