X mailer

Rating: 0 / 5 (0)

Email Header

How to Read and Analyze the Email Header Fields
and Information about SPF, DKIM, SpamAssassin

How to access the Message Header

Most mail clients allow access to the message header. The following list contains a few popular mail and web mail clients.
Please refer to the manual of your mail client if your mail client is not included in this list.

View the Message Header in Google Mail (GMail) Webmail:

Login to your account on the webpage and open the message (click on it). Click on the "down-arrow" on the top-right of the message and select "Show Original". Now you will see the complete message source.

View the Message Header in Yahoo! Mail Webmail:

Login to your account on the webpage and open the message (click on it).
Click on "Actions" and select "View Full Header".

View the Message Header in Hotmail Webmail:

Login to your account on the webpage and go to the message list.
Right-click on the message and select "View Message Source".

View the Message Header in MS Outlook:

Open the message in MS Outlook. Now go to "View" and select "Message Options" - or "File" -> "Info" -> "Properties".
Look at "Internet Headers".

View the Message Header in Thunderbird:

Open the message, then click on "View" and select "Message Source".

View the Message Header in MS Windows Mail (and MS Outlook Express):

Email Marketing and Newsletters made easy .

Arclab® MailList Controller is the complete solution for newsletter mailings and email marketing campaigns.
Test drive MailList Controller for Windows or use the free version as long as you want.

Standard Message Header Fields

Sample Message Header:

Delivery-date: Wed, 13 Apr 2011 00:31:13 +0200
(3)Received: from mailexchanger.recipientdomain.tld([ccc.ccc.ccc.ccc])
by mailserver.recipientdomain.tld running ExIM with esmtp
id xxxxxx-xxxxxx-xxx, Wed, 13 Apr 2011 01:39:23 +0200
(2)Received: from mailserver.senderdomain.tld ([bbb.bbb.bbb.bbb] helo=mailserver.senderdomain.tld)
by mailexchanger.recipientdomain.tld with esmtp id xxxxxx-xxxxxx-xx
for recipient@recipientdomain.tld, Wed, 13 Apr 2011 01:39:23 +0200
(1)Received: from senderhostname [aaa.aaa.aaa.aaa] (helo=[senderhostname])
by mailserver.senderdomain.tld with esmtpa (Exim x.xx)
Date: Tue, 12 Apr 2011 20:36:01 -0100
X-Mailer: Mail Client
From: Sender Name
To: Recipient Name
Subject: Message Subject

  • Return Path: The email address which should be used for bounces.
    The mail server will send a message to the specified email address if the message cannot be delivered
  • Delivery-date: The data the message was delivered
  • Date: The date the message was sent
  • Message-ID: The ID of the message
  • X-Mailer: The mail client (mail program) used to send the message
  • From: The message sender in the format: "Friendly Name"
  • To: The message recipient in the format: "Friendly Name"
  • Subject: The message subject

The From: line, which contains the sender of the message could be faked easily, so you should not rely on this information.

The lines in green contain the routing information , from the senders computer to the recipients mail server.

Let's take a closer look at the routing information:

(3) Received: from senderhostname [aaa.aaa.aaa.aaa] (helo=[ senderhostname])
by mailserver.senderdomain.tld with esmtpa (Exim x.xx)
(envelope-from 5 probably spam and >15 spam. Spam might get deleted immediately or moved to the junk mail folder. Some systems add [SPAM] to the subject, so that these messages could be moved to the junk folder in the mail client using a rule.

This sample shows a clean message, with a negative spam rating! It includes a SPF-pass and the message is DKIM signed.

SpamAssasin does not only check the message sender, it also checks the format and the content of the message.

Here is a sample of a spam-message, which should illustrate it:

x-Spam-Level: ++++++++++++++++++++++++++++++++++
X-Spam-Score: 34.7
X-Spam-Report: Content analysis details: (34.7 points)
pts rule name description
---- ---------------------- --------------------------------------------------
2.9 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
0.5 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
1.6 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist
2.1 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist
2.9 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
2.5 URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist
0.9 URIBL_RHS_DOB Contains an URI of a new domain (Day Old Bread)
0.0 MISSING_DATE Missing Date: header
0.1 HTML_MESSAGE BODY: HTML included in message
2.4 HTML_IMAGE_ONLY_08 BODY: HTML: images with 400-800 bytes of words
0.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
1.1 HTML_SHORT_LINK_IMG_1 HTML is very short with a linked image

This message has a horrible spam-rating of 34.7. It's definitely a spam message.

  • It was received via a relay (mail server), listed on a blacklist.
  • It contains a URL in the message-body, listed in several blocklists
  • The message format has errors

As you can see, the rules have different scores (spam rating), e.g. HTML_MESSAGE has only 0.1, because any rich-text (html) message would match this rule. HTML_IMAGE_ONLY_08 has a higher score of 2.4, because it indicates an "image message", where the sender tries to avoid the content filter by using an image instead of text.

©1997-2018 Arclab®. All other trademarks and brand names are the property of their respective owners.

X mailer

Best Antivirus News: X mailer

Searching the link, please, wait:
Thank you for waiting, the link:
Menu:  Best Antivirus Software  Free Antivirus Download  Best Android Antivirus  News  Download McAfee Mobile  Download Microsoft Security Essentials  Download ESET NOD32 Antivirus PC  Download 360 Total Security  Download PC Tools AntiVirus Free  Download Ad-Aware Free Antivirus+