How to display an e-mail header

While email programs do not normally display the full Internet headers for an email message by default, all Internet email messages have a very detailed header that shows where the email originated, to whom it was sent, what relays it passed through, when it was received, and more.

All Internet email clients should be capable of showing you the full Internet headers of an email message, but you may need to read the documentation that came with it to determine how to do this. There are too many email clients for us to list instructions for them all, but following are some instructions for viewing headers on some versions of the two most popular email clients.

1. Right-click on the subject/info line of the message in the preview pane and select "Properties" from the drop down menu.
2. Click on the "Details" tab, and you will be presented with the message's headers.

1. Double-click on the subject/info line of the message in the preview pane to open it in its own window.
2. Click on "View" and then "Options" in the new window for the message.
3. Header information appears under Delivery options in the Internet headers box.

If these instructions do not seem to work for you, you may have a different version of these programs. Please consult the documentation for your email program for instructions on viewing the full Internet headers of an email message.

Some office of home environments may use a local email client for delivery, rather than an Internet client, which can result in messages being stored on a local server. If this is the case, you may not be able to retrieve the Internet headers, as your Internet email message will have been converted into a local email message. Please contact your mail server administrator about how to retrieve the Internet headers for your messages.

How to interpret the header

The header contains the "Return-Path:", "Subject:", "From:", and "To:" fields with which you are familiar. Note that in spam, the "Return-Path:" and "From:" fields are usually fake.

The "Received:" field is the key to this discussion; there are often two or more of these fields. Typical header fields when using the SPAMSteward service is:

Received: from fwd.spamh.com ([1.2.3.4])
by mail.veditt.com (8.12.11/8.12.9) with ESMTP id i44J35uS038665
for ; Tue, 4 May 2004 15:05:12 -0400
Received: from relay.spamh.com (relay.spamh.com [1.2.3.5])
by fwd1a.spamh.com (8.12.11/8.12.11) with ESMTP id i44J58dF005675
for ; Tue, 4 May 2004 15:05:09 -0400

Each mail server or relay involved in sending the message from the source to your mail server adds a detailed "Received:" field.

In the example above, the top "Received:" field indicates that the email was received from "fwd.spamh.com" (the forwarding server) by "mail.veditt.com" the destination mail server.

relay.spamh.com is one of the possible SPAMSteward filtering "relays". Other possible names are relay2.spamh.com, relayb.spamh, etc. This confirms that the SPAMSteward service is active and that this message passed through our service instead of bypassing it.

Example of blocked spam

Received: from fwd.spamh.com ([1.2.3.4])
by mail.veditt.com (8.12.11/8.12.9) with ESMTP id i44J35uS038665
for ; Tue, 4 May 2004 15:05:12 -0400
Received: from relay.spamh.com (relay.spamh.com [1.2.3.5])
by fwd1a.spamh.com (8.12.11/8.12.11) with ESMTP id i44J58dF005675
for ; Tue, 4 May 2004 15:05:09 -0400
X-SpamH-CheckIP: 2.3.4.5
X-SpamH-Recipient:
X-SpamH-ID: i44J58dF005675
X-SpamH-IP-RBL: IP Blacklisted in RBL bl.spamcop.net
X-SpamH-Action: FORWARD spam@veditt.com

The X-SpamH-CheckIP header shows the IP address of the actual mail server that delivered the email message to our servers. The X-SpamH-IP-RBL header shows that that IP address was black listed by the bl.spamcop.net third party Real-Time Blacklist. This user is forwarding the spam for this blacklist to a spam mailbox for review.

Adding an IP address to your personal whitelist

You can create a personal whitelist to ensure that important clients and contacts are never blocked, even if they are in a country which is (otherwise) blocked, or if their mail system accidentally ends up on a spam blacklist.

To create the whitelist, you must determine the IP address of the mail server used by your client/contact. This can be done by examining the header of an email sent by them to you and looking at the X-SpamH-CheckIP header. This is the IP address which you enter into your personal whitelist.

Refer to "Using the Control Panel" for directions for creating a personal whitelist.

Once the IP address has been added to your personal whitelist, it will never again be blocked for your domain.

If you are confident that this IP address belongs to a reputable organization (and not an ISP), you are welcome to submit it for possible inclusion in our "Global Whitelist" for all customers. This can be accessed after logging in under "Members".

Adding an IP address to your personal blacklist

You can also create a personal "black list" to block e-mail from certain sources. We do not recommend using it to block any remaining spam. However, it can be used to block someone who is harassing your employees.

Refer to "Using the Control Panel" for directions and many cautions!

To create the blacklist, you must determine the IP address of the mail system you wish to block. The method is exactly the same as for the Whitelist.