How do I view full headers in my email to determine if an email is a scam or virus?

smueller2
2014-10-14 20:45

If you are trying to find out if an e-mail that you received is a scam or a virus, etc., you can look at the full headers of the e-mail as explained below:

  1. Log into Gmail.
  2. Open the message (don't open any attachments). 
  3. Click the down arrow in the upper right corner of the message where you would normally select “Reply to All,” etc. 
  4. Click “Show Original.” This will show you the full header of the actual message, including extensive info about where the e-mail is really from. 

See the example shown below:

Delivered-To: user@carthage.edu
Received: by 10.151.26.16 with SMTP id d16cs664780ybj
Tue, 6 Oct 2009 04:01:50 -0700 (PDT)
Received: by 10.224.63.218 with SMTP id c26mr1098124qai.92.1254826909643;
Tue, 06 Oct 2009 04:01:49 -0700 (PDT)
Return-Path:
Received: from psmtp.com (na3sys009amx260.postini.com [74.125.149.144])
by mx.google.com with SMTP id 34si6822493yxe.83.2009.10.06.04.01.47;
Tue, 06 Oct 2009 04:01:48 -0700 (PDT)
Received-SPF: error (google.com: error in processing during lookup of kodak0555@se.onet.pl: DNS timeout) client-ip=195.57.2.125;
Authentication-Results: mx.google.com; spf=temperror (google.com: error in processing during lookup of
kodak0555@se.onet.pl: DNS timeout) smtp.mail=kodak0555@se.onet.pl
Received: from source ([195.57.2.125]) by na3sys009amx260.postini.com ([74.125.148.11]) with SMTP;
Tue, 06 Oct 2009 11:01:46 GMT
Received: from 195.57.2.125 by poczta.onet.pl; Tue, 6 Oct 2009 12:59:54 +0100
From: "DHL Delivery Services"
To:
Subject: DHL Delivery Problem Number 16585
Date: Tue, 6 Oct 2009 12:59:54 +0100
Message-ID: <000d01ca4674$22a48b40$6400a8c0@kodak0555>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_000E_01CA4674.22A48B40"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
X-MimeOLE: Produced By Microsoft MimeOLE V4.71.2244.8
Importance: Normal
X-pstn-neptune: 85/78/0.92/77
X-pstn-levels:(S: 0.81915/99.86600 CV:99.9000 FC:95.5390
LC:95.5390 R:95.9108 P:95.9108 M:97.0282 C:98.6951 )
This is a multi-part message in MIME format.

Sometimes, the info is pretty cryptic and requires a system administrator to make sense of it, but often, any user can see that it's not from who it says it is. Note the bolded "From:" in the middle of the contents shows that the sender was ostensibly delivery@dhl-usa.com, but the "Return-path:" shows the address as kodak0555@se.onet.pl, which is from Poland. That address is also stated elsewhere in the header.

Tags: email, Google
Average rating: 0 (0 Votes)

You cannot comment on this entry