Usually when a message is displayed the headers (the information at the top of the message) contains information such as the date, who the mail was addressed to, who it is from and the subject. People sending junk or offensive mail often disguise or fake this information, but the message also contains more detailed information that is more difficult to fake. To see this information, you will need to turn on 'full headers' in your mail program.
You do not need to understand everything in the headers in the examples shown below, the person investigating your complaint will understand them.
This page contains an example of ordinary headers and full headers and then some instructions for various email programs.
Ordinary header information:
Date: Mon, 19 Feb 2009 05:09:35 +0200 From: Amazon Inc. <firstname.lastname@example.org> To: undisclosed-recipients: ; Subject: [Notification] - Security Measure
Full header information:
Return-Path: <email@example.com> Received: from ppsw-3-intramail.csi.cam.ac.uk ([192.168.128.133]) by cyrus-22.csi.private.cam.ac.uk (Cyrus v2.1.16-HERMES) with LMTP; Mon, 19 Feb 2009 09:09:38 +0000 X-Sieve: CMU Sieve 2.2 X-Cam-SpamScore: ssssssssssssss X-Cam-SpamDetails: scanned, SpamAssassin-3.1.7 (score=14.288, DNS_FROM_RFC_POST 1.44, FORGED_MUA_OUTLOOK 3.36, FORGED_OUTLOOK_HTML 2.51, FRONTPAGE 0.81, HTML_IMAGE_ONLY_20 0.64, HTML_MESSAGE 0.00, HTML_SHORT_LINK_IMG_3 0.52, MIME_HTML_ONLY 0.00, RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_RANGE_E4_51_100 1.50, RAZOR2_CF_RANGE_E8_51_100 1.50, RAZOR2_CHECK 0.50, UNDISC_RECIPS 0.88, X_PRIORITY_HIGH 0.12) X-Cam-AntiVirus: Not scanned X-Cam-ScannerInfo: http://www.cam.ac.uk/cs/email/scanner/ Received: from 10.30.3.213.fix.bluewin.ch ([18.104.22.168]:22949 helo=mailserver.druckereimaier.ch) by ppsw-3.csi.cam.ac.uk (mx.cam.ac.uk [22.214.171.124]:25) with esmtp (csa=unknown) id 1HJ4WY-0007mP-Aa (Exim 4.63) for firstname.lastname@example.org (return-path <email@example.com>); Mon, 19 Feb 2009 09:09:35 +0000 Received: from localhost (localhost [127.0.0.1]) by mailserver.druckereimaier.ch (Postfix) with ESMTP id B71FD152CBC; Mon, 19 Feb 2009 06:29:17 +0100 (CET) Received: from mailserver.druckereimaier.ch ([127.0.0.1]) by localhost (mailserver.druckereimaier.ch [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 09114-05; Mon, 19 Feb 2009 06:29:17 +0100 (CET) Received: from User (unknown [126.96.36.199]) by mailserver.druckereimaier.ch (Postfix) with ESMTP id 4950114E2E7; Mon, 19 Feb 2009 04:09:32 +0100 (CET) Reply-To: <firstname.lastname@example.org> From: "Amazon Inc." <email@example.com> Subject: [Notification] - Security Measure Date: Mon, 19 Feb 2009 05:09:35 +0200 MIME-Version: 1.0 Content-Type: text/html; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 1 X-MSMail-Priority: High X-Mailer: Microsoft Outlook Express 6.00.2800.1081 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 Message-Id: <20090219030932.4950114E2E7@mailserver.druckereimaier.ch> To: undisclosed-recipients: ; X-Virus-Scanned: by amavisd-new at druckereimaier.ch
Displaying full headers with Hermes Webmail
Open the message in the usual way, then select the Show Hdrs link. Note that once you have selected this the option changes to Hide Hdrs and the full headers are shown for every message until you select Hide Hdrs.
Displaying full headers with Alpine or Pine
If you have not configured Alpine/Pine to show full headers before:
- go to the main menu and select setup
- choose config; you will have a lot of options to choose:
- go to the feature list and turn 'enable-full-header-cmd' on (pressing return will do it). If it is already selected (i.e. there is a cross by the item), then do nothing.
- Exit setup
You have now configured Alpine/Pine to show you full headers whenever you need them.
To show full headers in an individual message:
- select the message in the usual way
- type H
If you want to turn off full headers for this message, press H again.
If you need to look at full headers another time you will just need to press H when the message is displayed.
If you want to forward a message with full headers you will be asked whether to include the headers as an attachment. You should answer No to this.
Displaying full headers with Apple Mail
Open the message in the usual way, then choose View then Message then All Headers.
Displaying full headers with Eudora
Open the mail message in the usual way, then click on the Blah, Blah, Blah icon to reveal full headers. To turn off full headers, click on the Blah, Blah, Blah icon again.
Displaying full headers with Mulberry
Open the mail message in the usual way then click on the header button to display full headers for an individual message.
Displaying full headers with Outlook
Outlook can not display the full headers and message body together. Outlook users will need to paste the headers into the message they are sending about a junk message.
- Open the message in a separate window (double click)
- From the View menu select Options
- Copy the text in the Internet Headers window (unfortunately it doesn't include the message itself)
Displaying full headers in Thunderbird (or Seamonkey Mail, Netscape Mail, Mozilla Mail)
Open the message in the usual way, then choose View then Message Source ("Page Source" on some versions). This works on the individual message only.
In some versions you may have to use View then Headers then All. To turn off full headers again choose View then Headers then Normal.
Displaying full headers with other Mail programs
Instructions on how to turn headers on in many mail programs and web-based mail systems can be found on a Spamcop web page.