At the top of every piece of
email, lies the
fingerprints of the
Simple Mail Transfer Protocol (
SMTP), that allows your mail to be zipped all over and about on
port 25. These lines of text contain critical information about the delivery and routing of each message. Unless you're a
postmaster, or an
abuse ninja, you probably don't spend a lot of time staring at these. They contain extended and
helpful information, especially when trying to determine the
origins of and email, or for
sorting your mail
Depending on your mail client, you may only see a very limited number of these headers, though, namely: "From", "Date", "To", "Cc", and "Subject". Because these are the most common headers displayed to end users, these (along with "Bcc"), are commonly referred to as basic mail headers.
Here is a sample basic header:
Date: Fri, 7 Sep 2001 17:30:21 -0400 (EDT)
To: announce@hq.lp.org
Subject: New Libertarian PAC!
From: Libertarian Party Announcements <owner-announce@lp.org>
Notice that it does not contain "Cc" or "Bcc" headers - these were simply never added during message creation. The only manditory basic headers are "To" and "From" (although it is true that some poorly-configured SMTP servers will accept a message with no "From" field, and most of them will add their own date stamp in the "Date" if the
client omits one). Also, as is illustrated here, the "To" header need not even indicate the recipient's address. Actual recipient is negotiated during the mail handoff between servers, allowing this field to be set to whatever is desired.
Now here's the headers that, while included in all mail, depending upon your mailer and your configuration, you may or may not normally see:
Return-Path: <owner-announce@hq.lp.org>
Received: from spf7.us4.outblaze.com (205-158-62-41.outblaze.com [205.158.62.41])
by datavortex.net (Postfix) with ESMTP id A974367C0A
for ; Fri, 7 Sep 2001 20:18:39 -0400 (EDT)
Received: from columbia.lp.org (columbia.kia.net [205.252.89.231])
by spf7.us4.outblaze.com (8.11.0/8.11.0) with ESMTP id f880I1t18446;
Sat, 8 Sep 2001 00:18:01 GMT
Message-Id: <200109072130.RAA93603@columbia.lp.org>
Let's do this
line by line
Return-Path: <owner-announce@hq.lp.org>
Email clients automatically refer to this header line to determine which address to use when replying, and also by the mail server when bouncing back
undeliverable mail messages or
mailer-daemon error messages. Some mail clients also use "Return-Errors-To" or "
Reply-To".
Received: from spf7.us4.outblaze.com (205-158-62-41.outblaze.com [205.158.62.41])
by datavortex.net (Postfix) with ESMTP id A974367C0A
for ; Fri, 7 Sep 2001 20:18:39 -0400 (EDT)
A line is added to this field by each
host or
service that relays the message. "Received" lines are read from bottom to top, the higher received lines being the most recent to have been added. While not terribly interesting to most casual
email users, the information in the "Received" field can be quite useful for tracing mail routing problems, and determining the origins of a
spam message. Let's disect, the example above shows five pieces of useful information:
There's actually a little more info in there - my
email address, and a unique
SMTP ID that the server (identifying itself in the header as
Postfix) uses for internal tracking.
Here's the quick and dirty on what this line reveals: Two days ago, around 8:30 PM in my Eastern Daylight Savings timezone, one of the US Outblaze servers handed a message to my box, who calls himself datavortex.net.
Received: from columbia.lp.org (columbia.kia.net [205.252.89.231])
by spf7.us4.outblaze.com (8.11.0/8.11.0) with ESMTP id f880I1t18446;
Sat, 8 Sep 2001 00:18:01 GMT
This is actually the first "Received" line. It indicates that the mail message originated from the server named
columbia.lp.org with IP address
205.252.89.231. The mail server that first accepted the message was
spf7.us4.outblaze.com, running
Sendmail 8.11.0. The mail server also stamped the header with the
actual time it received the message. Note that the time indicated is
a few seconds
before the header line above it (
Sat, 8 Sep 2001 00:18:01 GMT ==
Fri Sep 7 20:18:01 EDT 2001).
Message-Id: <200109072130.RAA93603@columbia.lp.org>
Every mail message is assigned a unique Message-Id by the first server to accept it. It helps your email client, as well as mail server, to keep track of the status of a message. This is very useful for
branch viewing of your mail when combined with the "In-reply-to" field, and a mailer with a good tree scheme such as
mutt for the Unix platform. Message-Id headers can be terribly useful to
system administrators trying to debug mail problems, in diagnosing mail loops, and preventing duplicate messages.
There's a great deal (in fact, infinite) number of other headers that you can insert into your mail, but none of them are necessary for the basic functionality. Some of the more common ones found today are: Organization, X-Sender, X-Mailer, Mime-Version, Content-Type, Content-Length, and Status. There are also ones commonly inserted by list management software, bulk mailers, and remailers.
Headers, like most internet traffic, can easily be forged. Servers don't check the headers that the last server appended. You can only trust the headers as much as the servers that have handed them off to you. Often spammers will forge headers in an attempt to conceal their identity in order to escape punishment from his or her ISP.
If you want your headers to be munged so that you can send mail with virtually guarnateed anonymity, check out the Mixmaster remailer.