How to view full e-mail headers in order to track where a message has been and where it’s going.


In Outlook Express, highlight the message. Then choose File and Properties from the menu (or hit Alt-Enter in Windows). You will see at least two tabs: General and Details. Select the Details tab. This will give you the raw e-mail headers for that message. It will look SIMILAR to this example:

Return-Path: 
Delivered-To: wingnet.net-somename@wingnet.net
Received: (qmail 91724 invoked by uid 89); 8 Jan 2004 17:42:52 -0000
Delivered-To: wingnet.net-manager@wingnet.net
Received: (qmail 91722 invoked by uid 3848); 8 Jan 2004 17:42:52 -0000
Received: from someaddress@msn.com by chortos.wingnet.net by uid 1003 with qmail-scanner-1.20rc3 
 (clamuko: 0.60.  Clear:RC:0:. 
 Processed in 0.082751 secs); 08 Jan 2004 17:42:52 -0000
X-Qmail-Scanner-Mail-From: someaddress@msn.com via chortos.wingnet.net
X-Qmail-Scanner: 1.20rc3 (Clear:RC:0:. Processed in 0.082751 secs)
Received: from bay4-dav108.bay4.hotmail.com (HELO hotmail.com) (65.54.171.138)
  by chortos.wingnet.net with SMTP; 8 Jan 2004 17:42:51 -0000
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Thu, 8 Jan 2004 09:42:50 -0800
Received: from 65.54.98.11 by bay4-dav108.bay4.hotmail.com with DAV;
	Thu, 08 Jan 2004 17:42:50 +0000
X-Originating-IP: [65.54.98.11]
X-Originating-Email: [someaddress@msn.com]
X-Sender: someaddress@msn.com
From: "Someone You Know" 
To: "Your Name" 
References: 
Subject: Some interesting subject line
Date: Thu, 8 Jan 2004 12:42:46 -0500
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0006_01C3D5E4.EACA4490"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: MSN 9
Seal-Send-Time: Thu, 8 Jan 2004 12:42:46 -0500
X-MimeOLE: Produced By MSN MimeOLE V9.00.0011.1200
Message-ID: 
X-OriginalArrivalTime: 08 Jan 2004 17:42:50.0357 (UTC) FILETIME=[D5EE8250:01C3D60E]

Typically, the top headers are the ones that are the most important. In fact, almost everything about a mail header can be forged. The only thing that cannot be forged (easily) is the last hop to your ISP’s mail server. This is contained in the very FIRST Received-From line at the top.