Search This Blog

Tuesday, June 21, 2011

What are e-mail headers? How to extract e-mail headers?



Most of the times the the victim do not know how to extract the headers from the e-mail. Following is the description of the extraction of e-mail headers

Hotmail 
• Log into Hotmail.
• Click on "Options" tab on the top navigation bar.
• Click on the "Mail Display Settings" link. 
• Change the "Message Headers" option to "Full".
• Click the "OK" button.
Yahoo Mail 
• Log into your Yahoo! Mail account.
• Click the "Options" link on the navigation bar.
• Click the "General Preferences" link.
• Go to the paragraph titled Messages and Locate the Show Headers heading and select  "All."
• Click the "Save" button to put your new settings into effect. 
Once this setting is saved, go back and open your email and you should view the headers
AOL Mail

If the email is sent from anywhere OTHER then AOL, and you are receiving it in AOL, then open the email you want to trace, or have your client open the email, and look for the link Details. This link is usually just below the To:email  in the email message.  If the email is sent from an AOL user to another AOL user then our Reverse AOL Screenname search can get you the sender’s information.

Gmail
1. Log into your Gmail Account
2. open the Email whose headers you want to view
3. Click on the more options link in the message next to the date of the email.     If the link says hide options then do not worry u have already
clicked on the more options link.
4. Now click the link called show original.
5. This will bring up a new window
with headers and the body of the message.
Thunderbird (Firefox – Mozilla)
To view email headers,
Go to "View"
Then go to Headers
and select "All" to  view email headers
XtraMail

• Log into XtraMail
• Click on "Options" in the Left-hand navigation bar.
• Click the "Display" button.
• Change the "Message Headers" option to "Full". 
• Click the "OK" button.
Outlook Express 4, 5 and 6
Start by opening the message in its own window (or when viewing the message in the preview pane). Then:
With the keyboard:
1.     CTRL-F3 (Message Source Window) 
2.     CTRL-A (select all) 
3.     CTRL-C (copy) 
4.     ALT-F4 (close) 
With the mouse:
1.     Click the "File" menu 
2.     Click "Properties" 
3.     Click the "Details" tab 
4.     Click "Message Source" 
5.     Highlight, copy and paste everything from this window (Ctrl-A, Ctrl-C) 
With viruses, worms and trojans being spread via email, many users now work with the preview screen in Outlook Express turned off. Viewing the contents of email in the preview screen is no different than opening the message. If the email has malicious content, it may execute in the preview screen.
The following is instructions to obtain the full message source if you have the preview panel turned off:
Using the keyboard:
1.     Highlight the message in the folder 
2.     Press alt & enter – this will open a message information window 
3.     Press Ctrl & Tab – this changes to the "Details" tab 
4.     Press Alt & m – the opens the message source 
5.     Press Ctrl & a – to select all the text 
6.     Press Ctrl & c – to copy the selected text to the clipboard 
7.     Press Alt & F4 – to close the message source window 
Press the Esc key – to close the information window 
Outlook 97
Microsoft Outlook 97 may require an update called the Internet Mail Enhancement Patch in order to display the email headers AT ALL.

Outlook 98 and 2000
  1. Open the message in a separate window (double click) 
  2. Under the View menu select Options 
  3. Copy the text in the Internet Headers window (unfortunately it doesn’t include the message itself).
  4. Paste 
Close the options window
Outlook Express for Macintosh
Select the email. From the View menu, choose Source. A new window will appear containing the email with full headers. Press command + a, to select all, then command + c to copy.
Microsoft Exchange
1.     To get the complete headers and message source using Microsoft Exchange Click the "File" menu 
2.     Click "Properties" 
3.     Click the "Details" tab 
4.     Click "Message Source" 
5.     Highlight, copy and paste everything from the "Message Source" window (Ctrl-A, Ctrl-C) 
 Microsoft Entourage (Office X for Mac)
To access the full message source with Microsoft Entourage:
  • After clicking on the message, select "Source" from the View menu
  • A new window will open showing the full message source with complete headers. 
Copy and paste
Mac OS X
To get the full message source:
1.     Select a message 
2.     Select menu item Message, Show, Raw Source. 
3.     Click on the resulting text 
4.     Click Edit, Select All, then Edit, Copy Paste
Netscape
Preferred method: Click on the "View" menu, then "Page Source," (ctrl-U in windows, meta-U in UNIX,?U on the Mac) then copy the contents of the window (Ctrl-A, Ctrl-C windows).
Old versions: Click on the "View" menu, then "Headers," then "All." Note: This method will not work correctly with HTML.
Eudora
Note: Using the cut and paste to the web form method is the only option available to Eudora users. To display the full message source for cut and paste:
Eudora for the Mac:
  1. Open the email and click the button on the upper left hand corner of the message. This shows the extended headers. 
  2. Select the whole message including headers and paste. 
Eudora for the PC
  there are 2 slightly different methods depending on whether the mail contains HTML or not.
In any case, to prepare for HTML email, you should turn off the use of Microsoft’s HTML viewer. To do so, click Tools, then Options, then Viewing Mail. Uncheck the box labeled "Use Microsoft’s viewer."
How to know if it’s HTML mail: once you have opened the email, look near the bottom of the headers (see below for revealing headers) for a line like the following: Content-Type: text/html … you can frequently spot HTML email because it has font effects, pictures, etc but this is not always true so you have to take a quick look at the headers.
Eudora for the PC – non-HTML mail:
  1. Open the email by double clicking on the subject line. Click the button to reveal the headers. 
  2. Place your cursor anywhere in the body of the email and select the entire message (Edit/Select All or Ctrl-A) 
  3. Copy the entire email (right click and click copy OR Ctrl/C OR Edit/Copy) 
  4. Paste (right click/paste or Ctrl/V). 
Eudora for the PC – HTML mail:
  1. Open the email and click the button to reveal the headers. 
  2. Highlight the headers only. Copy and paste the headers. 
  3. Hit enter twice after the pasted headers to force a blank line after the headers. 
  4. Back in Eudora window, place your cursor anywhere in the body of the message and right click and click "view source". A new window will open. 
  5. In the new window, select all (as above) and copy the contents of the new window. Paste
Pine
If the feature is enabled, you simply press "H" to toggle full headers. If the feature is not enabled, you must enable it first: From the main menu, press (S)etup, (C)onfig. Scroll down about 40 lines to the option labeled "enable-full-header-cmd." Press [ENTER]. Press (E)xit, (Y)es – to save. Then you can return to the message window and use "H" to display the headers.

Lotus Notes (v.4.x and v.5.x)
Open the email, click on "Actions" then on "Delivery Information."
Next, you have to pick out the internet-style mail header information from the window that appears when you select Delivery Information.
Lotus Notes v.4.x 
Look for the first line that begins with "Received". There should be a blank line just above it. Then, scroll down to the next blank line. The stuff in-between the two blank lines are the headers you need.
Lotus Notes v.5.x 
Look for the separator line that reads
————Additional Header——-. 
Select everything from there down to the next separator line, usually
———- Routing Information——-.
The stuff in between the two separator lines are the headers you need.
Lotus Notes v.5.x (easier method)
  1. Open your inbox 
  2. Highlight the message that you wish to get header information for
  3. Choose File > Export… 
  4. Type in a filename, leave the type as "Structured Text" and click Export 
  5. From the Dialog Box that comes up, choose "Selected Documents" and click OK 
Now you can open that message you saved in WordPad and Cut and Paste it.
Pegasus Mail

In the New Mail or other folder window: 
  1. Right click the message, and select Message Properties. 
  2. In the right hand column uncheck the box beside Contains HTML data
  3. Click OK. That should allow you to see the message as a text message only
  4. Click Ctrl-H to bring up the full headers
Another way: 
  1. Highlight the HTML in the new mail folder 
  2. Open a new email message 
  3. Drag the HTML onto the new message 
  4. In the dialog that appears select "Show All Headers" 
  5. Highlight the entire message, then copy to clipboard 
  6. Paste
kmail (KDE Desktop)

In the KDE Mail Client that comes with the KDE desktop for Linux, select Message, View Source. Copy and paste the text from the "Message as Plain Text" window.

 
GNU/Emacs integrated email
Press the keys ‘W’, then ‘v’ in the summary or mail buffer.
Another method of temporarily switching to ALL headers is by pressing "Ctrl-u g" on the article in the summary buffer.
Mail Warrior
To get full "message source"
  1. When viewing the message, click File, then Save Message As. 
  2. A standard save window will appear. 
  3. Save the message as a .txt file (document.txt). 
  4. Open the file you created, select all (ctrl-A) and copy (ctrl-c). 
  5. And paste (ctrl-v). 
These instructions written for v.3.56.

Juno Version 4+
On the drop down menu "Options", choose "Email Options…” (press ctrl-E) Under "Show Message Headers", select the "full" option. Click the OK button to save the setting.
Juno version 4+ can display MIME and HTML email, but does not provide a way of Viewing the HTML Source for the message within Juno.
To get the full source, including HTML codes:
  1. In the Juno mail client, click "file" and then "Save Message as Text File…” (ctrl-T). 
  2. Give the file a name which you will remember (many people save temporary files to the desktop). 
Double-click on the resulting file and then cut-and-paste the contents.

Mutt
To get mutt (the mail user agent) to forward the full headers (not display them for viewing), use the command "unset forward decode" in your rc file or directly in the command interface.

The Bat!
To get the full text of an HTML message from TheBat email software in preparation for pasting it:
- Message -> Save As -> Save as Type – I 
- Select Unix Mailboxes[*.mbx]
- Open the file in your preferred editor, then simply cut and paste.
For The Bat! v1.53bis:
- Select the message in question
- Click on the "Messages" menu
- Select "View Source"
- Alternatively, you may push F9 instead of the last two steps.

Pronto mail (GTK/UNIX)
  1. Click "Message", then "View Source" 
  2. Highlight the message source as normal with the mouse 
  3. Copy using Control + C paste

StarOffice
  1. Right click on the container name in the explorer panel (either a top-level mail box or a specific mail folder)
  2. Select the Properties item from the pop-up menu. 
  3. In the properties notebook, select the Headers tab. 
  4. Click the "All" button on the right. 
  5. Press "OK" and you’re done, the complete header is available in the header panel and can be selected/pasted.
Novell GroupWise
  1. Open the message 
  2. In the message window select: File > Attachments > View 
Select the Mime.822 attachment

Blitzmail
With the message open, go to the Options menu and choose Verbose Header. This will put the full header inside the upper pane of the message’s window.

Forté Agent
Forté Agent versions 1.5 to 1.8:
Press CTRL-R to display in RAW mode, then CTRL-A and CTRL-C
Don’t forget to press CTRL-R again to display in normal mode after you do this

Sylpheed 
Sylpheed is an email client for Linux, BSD and Unix systems. Sylpheed offers three ways to view the full source code of messages:
  • Select the email 
  • Right click and mouse-over "View" 
  • Select "Source" from the popup menu 
or….
  • Select the email 
  • Left click on the "View" menu 
  • Select "View Source" 
or….
  • Select the email 
  • Press Ctrl-U (default keymap setting
Hotmail
To see the full, untangled headers in Hotmail:
  1. First, configure your options
    Click on "Options." In the "Additional Options" column, click on "Mail Display Options" and find the item "Message Headers." Choose "Advanced" and click the "OK" button. 
Then, to report spam
When viewing a message, use the "View E-mail Message Source" to display the message in raw mode before copying.

Excite web-mail
To view the full header information with Excite Webmail:
  • Sign in to your email account
  • Click on Preferences on the Email home page 
  • Click on Email Preferences 
  • Check the box to display headers 
  • Click on Save 
You can then see the headers in all messages in your folders.

Netscape Webmail
While viewing the message, click on the yellow triangle to the right of the brief message headers. This will display the full headers along with the message body, which can be cut and pasted
To close the full headers and return to brief headers, click the yellow triangle again.
Outlook Web Access
(as accessed through http://mymail.outlookmail.com/exchange/logon.asp)
Left click on the letter you want to open and click on properties
When that opens click on the details tab
Then on message source
This will open the email so the full headers will be available for viewing
Select and copy the text then paste it.
Once we get this header information we can trace the source and send you the report.  

Add To Google BookmarksStumble ThisFav This With TechnoratiAdd To Del.icio.usDigg ThisAdd To RedditTwit ThisAdd To FacebookAdd To Yahoo
Posted by Vishal S Sangwa at 6/21/2011 07:04:00 PM

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)