 |
 |
 |
 |
 |
 | ||||
Japanese schoolgirls driving the toy rev... Score on the field; rock the hous... Video game for next millennium ... Here's what you should ask Santa fo... New web site drives quick deals on wheel... Prune your backyard doodlings into shap... Bank from home and stay aliv... Mini notes break into the top of the mob... Rand's recovery cuts prices... |
BOFFIN'S CORNERQUALCOMM's Eudora e-mail client is a worldwide favourite, especially since the "lite" version is free. One of the many things Qualcomm got right in its product was the option of showing e-mail headers. Today, this is a standard feature on most clients.
Despite that fact, few people know what the header is for and how it can help you. Headers contain a great deal of information, mostly about how the message found its way to your mailbox. te the messages took simply doesn't matter. E-mail packages, whether stand-alone or part of a browser suite, hide most header information by default. If you want to see every last ugly bit of header, simply choose that option in the program's preferences.
Apart from the fact that headers are interesting from a technological point of view, they can also help you find the owners of "ghost" e-mail addresses (which are normally used to send spam or hate mail). In addition, having this information can help you track problems with your account, your provider or the electronic path through the Internet to your computer. Essentially, a mail header shows exactly how the message travelled across the Internet - where it started, which nodes it passed through and how it got to your mail server. The path is rarely the same for any two messages, since part of the Internet's original design specification was that it should be able to withstand a concentrated nuclear attack, so there are more paths from A to B than threads in a spider's web. Here's a fairly simple mail header: Received: from FGJHB1EXCH1.ms.aforbes.co.za ([196.6.150.25]) by afjhb1exch2.ms.aforbes.co.za with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2232.9) id VC0XSK9K; Tue, 20 Oct 1998 06:53:53 +0200 Received: from avocet.prod.itd.earthlink.NET ([207.217.120.50]) by fgjhb1exch1.ms.aforbes.co.za with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2232.9) id VAZA07SS; Tue, 20 Oct 1998 06:53:34 +0200 Received: from mccortney (1Cust54.tnt2.lexington.ky.da.uu.net [208.254.113.54]) by avocet.prod.itd.earthlink.net (8.8.7/8.8.5) with SMTP id UAA26912; Mon, 19 Oct 1998 20:06:17 -0700 (PDT) Message-Id: 4.0.1.19981019224341.00f2be50@mail.earthlink .net X-Sender: mccortney@mail.earthlink.net (Unverified) X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0.1 Date: Mon, 19 Oct 1998 22:45:13 -0400 To: (Recipient list suppressed) From: Life Devotion Ministries devotions@lifedevot.org Subject: 10-20-98 Life Devotion Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"
The first header on an e-mail message is "Received:", which shows the last mail host through which the message passed before being placed in a mailbox. In this case, the last leg of the message was from the machine named fgjhb1exch1.ms.aforbes.co.za, the IP number of which is 196.6.150.25, to fgjhb1exch2.ms.aforbes.co.za. The message made its way via an SMTP service (Simple Mail Transport Protocol). The SMTP service has an ID of VCOXSK9K. The message ID identifies the message on this particular server. Note the message is not actually annotated as finding its way to the recipient, maitlandd@aforbes.co.za. That's because my mail is stored on fgjhb1exch1.ms.aforbes.co.za and I read it on that machine. The second header is also "Received:", which shows the earlier path of the message. The second "Received:" header shows that avocet.prod.itd.earthlink.net received the message from the mccortney machine, which has the name 1Cust54.tnt2.lexington.ky.da.uu.net, and the IP 208.254.113.54 on the Internet provider UUNet. This is the machine that originated the message. The SMTP ID in this case is UAA26912. The "Received:" header is appended to the start of the message when the server receives it. Occasionally, other headers will appear above the last "Received:" header. If, however, you see a header such as "Delivered to:" or "Return-path:", it will be above the final "Received:" header. If you don't see the headers in that order, there's a good chance the header has been forged by someone and then sent on to you. The forgery makes it impossible for you to reply to the message by using your package's usual reply feature. Spam messages often have forged headers which contain misleading information usually produced either manually or through tampering with the SMTP server. The header "Message-ID:" shows the unique ID number initially given to the message by the original STMP server - in this case, mail.earthlink.net. Again, this is a logging and tracking mechanism. Next comes the header "X-Sender:", which shows the e-mail address of the person sending the mail. Then you will find the heading "X-Mailer:", where you can see which e-mail program the writer used to compose and send the message. The next header is "Date:", which shows the date, time, and time zone from which the message was sent. The "From:", "To:", and "Subject:" lines are normally the only parts of the header you see, since most packages extract this information and put it in the main window. The client, in determining what was in the message and how to extract any attachments, uses "Mime-Version:" and "Content-Type:". This is by no means exhaustive, but it should help you understand better what happens to your messages - and may just help you nail that elusive spammer!
|