The information in an email's header is invaluable when trying to investigate phishing and malware scams, so it is important that you include all this information when you report suspicious emails to the UIS Service Desk.
What is an email header?
Email headers contain meta information about the message that is not part of the actual message content. As well as the To, From and Subject, it includes lots of information about how the message was routed, such as time stamps and mail transfer agents.
Here's an example of header information, much of which isn't automatically displayed by your email client:
Ordinary header information:
Date: Mon, 19 Feb 2009 05:09:35 +0200 From: Amazon Inc. <support@amazon.com> To: undisclosed-recipients: ; Subject: [Notification] - Security Measure
Full header information:
Return-Path: <support@amazon1.com>
Received: from ppsw-3-intramail.csi.cam.ac.uk ([192.168.128.133])
by cyrus-22.csi.private.cam.ac.uk (Cyrus v2.1.16-HERMES)
with LMTP; Mon, 19 Feb 2009 09:09:38 +0000
X-Sieve: CMU Sieve 2.2
X-Cam-SpamScore: ssssssssssssss
X-Cam-SpamDetails: scanned, SpamAssassin-3.1.7 (score=14.288,
DNS_FROM_RFC_POST 1.44, FORGED_MUA_OUTLOOK 3.36,
FORGED_OUTLOOK_HTML 2.51, FRONTPAGE 0.81, HTML_IMAGE_ONLY_20 0.64,
HTML_MESSAGE 0.00, HTML_SHORT_LINK_IMG_3 0.52, MIME_HTML_ONLY 0.00,
RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_RANGE_E4_51_100 1.50,
RAZOR2_CF_RANGE_E8_51_100 1.50, RAZOR2_CHECK 0.50,
UNDISC_RECIPS 0.88, X_PRIORITY_HIGH 0.12)
X-Cam-AntiVirus: Not scanned
X-Cam-ScannerInfo: http://www.cam.ac.uk/cs/email/scanner/
Received: from 10.30.3.213.fix.bluewin.ch ([213.3.30.10]:22949
helo=mailserver.druckereimaier.ch)
by ppsw-3.csi.cam.ac.uk (mx.cam.ac.uk [131.111.8.143]:25)
with esmtp (csa=unknown) id 1HJ4WY-0007mP-Aa (Exim 4.63) for
cert@cam.ac.uk
(return-path <support@amazon.com>); Mon, 19 Feb 2009 09:09:35 +0000
Received: from localhost (localhost [127.0.0.1])
by mailserver.druckereimaier.ch (Postfix) with ESMTP id B71FD152CBC;
Mon, 19 Feb 2009 06:29:17 +0100 (CET)
Received: from mailserver.druckereimaier.ch ([127.0.0.1])
by localhost (mailserver.druckereimaier.ch [127.0.0.1]) (amavisd-new,
port 10024)
with ESMTP id 09114-05; Mon, 19 Feb 2009 06:29:17 +0100 (CET)
Received: from User (unknown [89.33.91.51])
by mailserver.druckereimaier.ch (Postfix) with ESMTP id 4950114E2E7;
Mon, 19 Feb 2009 04:09:32 +0100 (CET)
Reply-To: <support@amazon1.com>
From: "Amazon Inc." <support@amazon.com>
Subject: [Notification] - Security Measure
Date: Mon, 19 Feb 2009 05:09:35 +0200
MIME-Version: 1.0
Content-Type: text/html;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 1
X-MSMail-Priority: High
X-Mailer: Microsoft Outlook Express 6.00.2800.1081
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081
Message-Id: <20090219030932.4950114E2E7@mailserver.druckereimaier.ch>
To: undisclosed-recipients: ;
X-Virus-Scanned: by amavisd-new at druckereimaier.ch
Displaying full headers in your email client
For email clients not listed below, see Spamcop for instructions.