skip to content

IT Help and Support

University Information Services
 

The information in an email's header is invaluable when trying to investigate phishing and malware scams, so it is important that you include all this information when you report suspicious emails to the UIS Service Desk.

What is an email header?

Email headers contain meta information about the message that is not part of the actual message content. As well as the To, From and Subject, it includes lots of information about how the message was routed, such as time stamps and mail transfer agents.

Here's an example of header information, much of which isn't automatically displayed by your email client:

Ordinary header information:

Date: Mon, 19 Feb 2009 05:09:35 +0200
From: Amazon Inc. <support@amazon.com>
To: undisclosed-recipients: ;
Subject: [Notification] - Security Measure

Full header information:

Return-Path: <support@amazon1.com>
Received: from ppsw-3-intramail.csi.cam.ac.uk ([192.168.128.133])
by cyrus-22.csi.private.cam.ac.uk (Cyrus v2.1.16-HERMES)
with LMTP; Mon, 19 Feb 2009 09:09:38 +0000
X-Sieve: CMU Sieve 2.2
X-Cam-SpamScore: ssssssssssssss
X-Cam-SpamDetails: scanned, SpamAssassin-3.1.7 (score=14.288,
DNS_FROM_RFC_POST 1.44, FORGED_MUA_OUTLOOK 3.36,
FORGED_OUTLOOK_HTML 2.51, FRONTPAGE 0.81, HTML_IMAGE_ONLY_20 0.64,
HTML_MESSAGE 0.00, HTML_SHORT_LINK_IMG_3 0.52, MIME_HTML_ONLY 0.00,
RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_RANGE_E4_51_100 1.50,
RAZOR2_CF_RANGE_E8_51_100 1.50, RAZOR2_CHECK 0.50,
UNDISC_RECIPS 0.88, X_PRIORITY_HIGH 0.12)
X-Cam-AntiVirus: Not scanned
X-Cam-ScannerInfo: http://www.cam.ac.uk/cs/email/scanner/
Received: from 10.30.3.213.fix.bluewin.ch ([213.3.30.10]:22949
helo=mailserver.druckereimaier.ch)
by ppsw-3.csi.cam.ac.uk (mx.cam.ac.uk [131.111.8.143]:25)
with esmtp (csa=unknown) id 1HJ4WY-0007mP-Aa (Exim 4.63) for
cert@cam.ac.uk
(return-path <support@amazon.com>); Mon, 19 Feb 2009 09:09:35 +0000
Received: from localhost (localhost [127.0.0.1])
by mailserver.druckereimaier.ch (Postfix) with ESMTP id B71FD152CBC;
Mon, 19 Feb 2009 06:29:17 +0100 (CET)
Received: from mailserver.druckereimaier.ch ([127.0.0.1])
by localhost (mailserver.druckereimaier.ch [127.0.0.1]) (amavisd-new,
port 10024)
with ESMTP id 09114-05; Mon, 19 Feb 2009 06:29:17 +0100 (CET)
Received: from User (unknown [89.33.91.51])
by mailserver.druckereimaier.ch (Postfix) with ESMTP id 4950114E2E7;
Mon, 19 Feb 2009 04:09:32 +0100 (CET)
Reply-To: <support@amazon1.com>
From: "Amazon Inc." <support@amazon.com>
Subject: [Notification] - Security Measure
Date: Mon, 19 Feb 2009 05:09:35 +0200
MIME-Version: 1.0
Content-Type: text/html;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 1
X-MSMail-Priority: High
X-Mailer: Microsoft Outlook Express 6.00.2800.1081
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081
Message-Id: <20090219030932.4950114E2E7@mailserver.druckereimaier.ch>
To: undisclosed-recipients: ;
X-Virus-Scanned: by amavisd-new at druckereimaier.ch

 

Displaying full headers in your email client

For email clients not listed below, see Spamcop for instructions.

UIS Service Desk

UIS Service Status

Phone padded  Service status line: (01223 7)67999
Website  Sign up for SMS/email status alerts
Website  Read major IT incident reports

UIS bITe-size bulletin

A regular newsletter aimed at the University's IT community, highlighting service and project news from UIS.

Sign up >

Latest news

Beware fake NHS 'Covid vaccine passport' emails

3 August 2021

We’re aware that University email accounts are currently receiving phishing emails that appear to be from the NHS encouraging people to apply for a ‘Covid vaccine passport’ or mentioning other Covid-related issues. What to do if you are suspicious of an email Don’t click on the email or any of the links. Follow the advice...

New digital certificate service launched

30 July 2021

We've launched a new digital certificate service, and are now onboarding institutions and IT staff. The new Jisc-based service enables IT staff to create and manage a broader range of certificates (TLS, client and code signing) in minutes and at no cost to their institution. Comparing the old and new certificate services...

Moodle maintenance Tuesday 3 August 07:00-09:00

28 July 2021

The Moodle service will be subject to interruption on Tuesday 3 August 07:00–09:00 due to essential maintenance. While Moodle is unavailable, users will not be able to log in to the Panopto cloud service. Panopto recordings can still be made offline for later upload. If you have any questions, please contact the Moodle...