What are email headers?
Every email message includes a block of text at the top that is referred to as the header. There are two types of email headers: simple and full.
Simple headers provide the basic information (From, To, Date, Subject). For legitimate emails, this is all you need to know. However, simple headers can be forged, and often are.
Full headers provide information about the path the message took to get to you. They are a critical resource in determining the origin of a phishing email. Without them, there is almost nothing that can be done to investigate a problematic email.
What should I do with full headers?
You should display full headers and copy them. Then, close the headers, select "forward" for the phishing email, and paste the headers into the top of the email window. If the email is a spear phishing email, please send the email to UA Information Security.
How do I display full headers?
Following is a guide for displaying headers for the most commonly used email clients at UA, as well as other applications used by faculty and staff.
Most Commonly Used Email Applications at UA
- Log into CatMail (catmail.arizona.edu).
- Display the message.
- Click the down arrow next to "Reply" at the top of the message.
- Select "show original."
- Highlight the text in the new window and copy and paste into new message.
- Double-click the email message for which you want to view the headers so that it opens in its own window.
- Select the File tab.
- Click the Properties button.
- To the right of Internet headers, the header information will be listed. Select all the headers by clicking and dragging the cursor from the top left corner to the bottom right corner of the header text.
- Copy (press Ctrl + C) the headers to the Clipboard. Click the “Close” button at the bottom of the window.
- Select “Forward” on the email message from which you just copied the headers.
- Click into the message window and paste the headers (press Ctrl + V).
- Double-click the email message for which you want to view the headers so that it opens in its own window.
- In the Options group, click the dialog box launcher (small square with an arrow).
- To the right of Internet headers, the header information will be listed. Select all the headers by clicking and dragging the cursor from the top left corner to the bottom right corner of the header text.
- Copy (press Ctrl + C) the headers to the Clipboard. Click the “Close” button at the bottom of the window.
- Select “Forward” on the email message from which you just copied the headers.
- Click into the message window and paste the headers (press Ctrl + V).
- Double-click the email message for which you want to view the headers so that it opens in its own window.
- Click the Message Details button (the icon is an envelope with a small document over it).
- The header information is in the box below Internet Mail Headers. Select all the headers by clicking and dragging the cursor from the top left corner to the bottom right corner of the header text.
- Copy (press Ctrl + C) the headers to the Clipboard. Click the “Close” button at the bottom of the window.
- Select “Forward” on the email message from which you just copied the headers.
- Click into the message window and paste the headers (press Ctrl + V).
- Highlight the message in the message listing window.
- Right-click on the highlighted message (if you don't have a two-button mouse, hold down the control key and click on the message).
- Select View Source on the menu that appears after the right-click.
- A new box will appear with the full headers. Click within the box, select all (Command-A) and copy (Command-C) the text.
- Create a new message and paste (Command-V) in the body of the new message.
Other Email Applications
- Display the message.
- In the upper left corner of the message window, click on the Blah Blah Blah icon.
- With full headers displayed, forward the message.
NOTE: When you select full headers in Hotmail, you select it for all messages. After forwarding your message to the appropriate ITS office, you may wish to reset Hotmail to not display full headers.
- From the Hotmail top navigation bar, select Options.
- In the Options window, select Mail Display Settings (found under the Additional Options column).
- In the Mail Display Settings window, click the Full radio button under Message Headers.
- Click OK.
- From the Hotmail top navigation bar, select Inbox.
- Open the message you wish to forward.
- Click the Forward button.
(Mac OS X 10.2 and later)
- Display the message.
- Under the View menu, select Message, then Long Header.
- With the full headers displayed, forward the message.
- Select the email message and go to the View menu.
- Select Message Source. The message headers will appear in a new window.
- Copy (press Ctrl + C) the headers to the Clipboard. Click the “Close” button at the bottom of the window.
- Select “Forward” on the email message from which you just copied the headers.
- Click into the message window and paste the headers (press Ctrl + V).
- Display the message.
- Hold down the following appropriate key:
- Windows: Alt
- Macintosh: Option
- Unix: Control
and click the Forward icon.
- In the "Forward Message" window, select Include Headers in Quote.
- Click the Forward button.
- Double-click the message to open it in its own window.
- In the message window, under the View menu, select Options.
- In the "Message Options" window:
- Right-click anywhere within the Internet headers field and click Select All.
- Right-click again and select Copy.
- Close the "Message Options" window.
- Back in the message window, click the Forward button.
- Paste the copied information at the beginning of the message to be forwarded.
Windows
- Display the message.
- Under the File menu, select Properties.
- In the Properties window, select the Details tab.
- Right-click anywhere in the "Internet headers for this message" field and click Select All.
- Right-click again and click Copy.
- Close the Properties window.
- Click the Forward button.
- Paste the copied information at the beginning of the message.
Macintosh
- Display the message.
- Under the View menu, select Internet Headers.
- In the header area of the message, select and copy all of the information.
- Click Forward.
- Paste the header information into the body of the messge.
- Display the message.
- Press H.
- Send the forwarded message.
In Vista, Windows Mail replaced Outlook Express.
- In the list of messages, right-click the message you want to forward and select Properties.
- In the Properties window, select the Details tab.
- Right-click anywhere in the "Internet headers for this message" field and click Select All.
- Right-click again and click Copy.
- Close the Properties window.
- With the e-mail that you want to forward still selected, click the Forward button.
- Paste the copied information at the beginning of the message.