What Information Can Be Gained from an Email Header?
An email header contains valuable information that can be used to track a sent mail. Some of the most useful headers include:
User-Agent
– reveals client MUA (Mail User Agent) and version, often OS and architecture.Received
– provides details about the store-and-forward hops, including IP addressing, system names, hostnames, internal domain name, time zones, TLS support, and more.Message-ID
– uniquely identifies a specific message and may reveal MUA or MTA (Mail Transfer Agent) details.Return-Path
– indicates the envelope sender and can help detect attempted forgery.X-
headers – often reveal scanning, anti-virus, anti-spam components, TLS support, and other system-specific information.
However, when it comes to webmail originated messages, the amount of client detail included in the headers is typically minimal. The client IP is usually not included, although there may be exceptions. Webmail providers have control over the level of client detail included in the headers. Gmail, for example, may include the client IP for SMTP submitted mail, but not for webmail. Hotmail obscures the client IP.
As for the specific items mentioned in the question:
- You might be able to obtain the IP address from the headers, which can provide information about the source network.
- However, information such as the web browser used, operating system, type of network, and type of system (laptop/desktop, etc.) is not typically available in webmail headers.
Webmail providers can track an email in their own logs using one or more identifiers such as the Message-ID, queue/spool ID, or a custom message identifier.
It’s important to note that the SMTP protocol allows synthetic headers to be injected by the sender or a malicious server, so caution should be exercised when analyzing headers. Systems like DKIM (DomainKeys Identified Mail) can help verify the authenticity and integrity of some headers.