skip to content

IT Help and Support

University Information Services
 

The information in an email's header is invaluable when trying to investigate phishing and malware scams, so it is important that you include all this information when you report suspicious emails to the UIS Service Desk.

What is an email header?

Email headers contain meta information about the message that is not part of the actual message content. As well as the To, From and Subject, it includes lots of information about how the message was routed, such as time stamps and mail transfer agents.

Here's an example of header information, much of which isn't automatically displayed by your email client:

Ordinary header information:

Date: Mon, 19 Feb 2009 05:09:35 +0200
From: Amazon Inc. <support@amazon.com>
To: undisclosed-recipients: ;
Subject: [Notification] - Security Measure

Full header information:

Return-Path: <support@amazon1.com>
Received: from ppsw-3-intramail.csi.cam.ac.uk ([192.168.128.133])
by cyrus-22.csi.private.cam.ac.uk (Cyrus v2.1.16-HERMES)
with LMTP; Mon, 19 Feb 2009 09:09:38 +0000
X-Sieve: CMU Sieve 2.2
X-Cam-SpamScore: ssssssssssssss
X-Cam-SpamDetails: scanned, SpamAssassin-3.1.7 (score=14.288,
DNS_FROM_RFC_POST 1.44, FORGED_MUA_OUTLOOK 3.36,
FORGED_OUTLOOK_HTML 2.51, FRONTPAGE 0.81, HTML_IMAGE_ONLY_20 0.64,
HTML_MESSAGE 0.00, HTML_SHORT_LINK_IMG_3 0.52, MIME_HTML_ONLY 0.00,
RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_RANGE_E4_51_100 1.50,
RAZOR2_CF_RANGE_E8_51_100 1.50, RAZOR2_CHECK 0.50,
UNDISC_RECIPS 0.88, X_PRIORITY_HIGH 0.12)
X-Cam-AntiVirus: Not scanned
X-Cam-ScannerInfo: http://www.cam.ac.uk/cs/email/scanner/
Received: from 10.30.3.213.fix.bluewin.ch ([213.3.30.10]:22949
helo=mailserver.druckereimaier.ch)
by ppsw-3.csi.cam.ac.uk (mx.cam.ac.uk [131.111.8.143]:25)
with esmtp (csa=unknown) id 1HJ4WY-0007mP-Aa (Exim 4.63) for
cert@cam.ac.uk
(return-path <support@amazon.com>); Mon, 19 Feb 2009 09:09:35 +0000
Received: from localhost (localhost [127.0.0.1])
by mailserver.druckereimaier.ch (Postfix) with ESMTP id B71FD152CBC;
Mon, 19 Feb 2009 06:29:17 +0100 (CET)
Received: from mailserver.druckereimaier.ch ([127.0.0.1])
by localhost (mailserver.druckereimaier.ch [127.0.0.1]) (amavisd-new,
port 10024)
with ESMTP id 09114-05; Mon, 19 Feb 2009 06:29:17 +0100 (CET)
Received: from User (unknown [89.33.91.51])
by mailserver.druckereimaier.ch (Postfix) with ESMTP id 4950114E2E7;
Mon, 19 Feb 2009 04:09:32 +0100 (CET)
Reply-To: <support@amazon1.com>
From: "Amazon Inc." <support@amazon.com>
Subject: [Notification] - Security Measure
Date: Mon, 19 Feb 2009 05:09:35 +0200
MIME-Version: 1.0
Content-Type: text/html;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 1
X-MSMail-Priority: High
X-Mailer: Microsoft Outlook Express 6.00.2800.1081
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081
Message-Id: <20090219030932.4950114E2E7@mailserver.druckereimaier.ch>
To: undisclosed-recipients: ;
X-Virus-Scanned: by amavisd-new at druckereimaier.ch

 

Displaying full headers in your email client

For email clients not listed below, see Spamcop for instructions.

UIS Service Desk

Phone padded  Service status line: (01223 7)67999
Website  Sign up for SMS/email status alerts
Website  Read major IT incident reports

UIS bITe-size bulletin

A regular newsletter aimed at the University's IT community, highlighting service and project news from UIS.

Sign up >

Latest news

Jackdaw upgrade on Monday 18 July – other systems will not get updated user data

5 July 2022

Jackdaw, the University’s user information database, will be taken offline between 09:00 and 18:00 on Monday 18 July. Systems taking data from Jackdaw will not receive updates while the upgrade is happening.

Apps Anywhere (Citrix) virtual desktop service closing in September

29 June 2022

As part of our review of managed desktop provision, UIS has decided not to continue providing its Citrix-based 'Apps Anywhere' virtual desktop service. The University’s needs have changed significantly since we purchased Citrix licences 3 years ago. Widespread adoption of laptops and collaboration tools such as Microsoft...

UDN border router upgrades and IPS config changes coming in July

24 June 2022

What's happening The primary router connecting the University Data Network (UDN) to Janet will be replaced with new equipment on Tuesday, 12 July from 07:30. If we encounter problems that can’t be resolved by 08:30, we will back out the replacement and revert to the previous router. In this scenario, we will try again on...