If you are trying to find out if an e-mail that you received is a scam or a virus, etc., you can look at the full headers of the e-mail as explained below:
- Log into Gmail.
- Open the message (don't open any attachments).
- Click the down arrow in the upper right corner of the message where you would normally select “Reply to All,” etc.
- Click “Show Original.” This will show you the full header of the actual message, including extensive info about where the e-mail is really from.
See the example shown below:
Received: by 10.151.26.16 with SMTP id d16cs664780ybj
Tue, 6 Oct 2009 04:01:50 -0700 (PDT)
Received: by 10.224.63.218 with SMTP id c26mr1098124qai.92.1254826909643;
Tue, 06 Oct 2009 04:01:49 -0700 (PDT)
Received: from psmtp.com (na3sys009amx260.postini.com [184.108.40.206])
by mx.google.com with SMTP id 34si6822493yxe.83.2009.10.06.04.01.47;
Tue, 06 Oct 2009 04:01:48 -0700 (PDT)
Received-SPF: error (google.com: error in processing during lookup of email@example.com: DNS timeout) client-ip=220.127.116.11;
Authentication-Results: mx.google.com; spf=temperror (google.com: error in processing during lookup of
firstname.lastname@example.org: DNS timeout) email@example.com
Received: from source ([18.104.22.168]) by na3sys009amx260.postini.com ([22.214.171.124]) with SMTP;
Tue, 06 Oct 2009 11:01:46 GMT
Received: from 126.96.36.199 by poczta.onet.pl; Tue, 6 Oct 2009 12:59:54 +0100
From: "DHL Delivery Services"
Subject: DHL Delivery Problem Number 16585
Date: Tue, 6 Oct 2009 12:59:54 +0100
X-Priority: 3 (Normal)
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
X-MimeOLE: Produced By Microsoft MimeOLE V4.71.2244.8
X-pstn-levels:(S: 0.81915/99.86600 CV:99.9000 FC:95.5390
LC:95.5390 R:95.9108 P:95.9108 M:97.0282 C:98.6951 )
This is a multi-part message in MIME format.
Sometimes, the info is pretty cryptic and requires a system administrator to make sense of it, but often, any user can see that it's not from who it says it is. Note the bolded "From:" in the middle of the contents shows that the sender was ostensibly firstname.lastname@example.org, but the "Return-path:" shows the address as email@example.com, which is from Poland. That address is also stated elsewhere in the header.Tags: email, Google