Helping people with computers... one answer at a time.
Like most email programs and interfaces, Gmail hides the administrative information or 'headers' in email messages. They're still easy to view.
I'm trying to figure out an email problem and the ISP support said I needed to send them the "full email headers" of the message. Huh? What's that and how do I get it? I use Gmail.
•
There's a more to email than meets the eye.
In fact, there's a LOT more.
Bundled with every message is typically a list of information, including the mail server that it originated from, the servers that it traveled across along its way, as well as a bunch of other optional information relating to who sent it, anti-spam information, mailing list unsubscribe information, and much, much more.
It's a bunch of geekery that you really don't want to see every time.
But if you do, it's easy to get at it, particularly in Gmail.
•
Headers in Gmail
Here's an email message displayed in Gmail:
Hopefully, that's a very familiar looking message - a copy of my newsletter 
Next to the date towards the top right are a couple of icons. Click the downward-pointing triangle:
Click Show original.
This will open the full original email message in a new tab or window in the text format in which it's actually encoded:
The "email headers" include everything until the first blank line. Everything after that is the email message itself.
Sending email headers
Even though you might send rich text and even pictures, email is always sent in plain text. Anything that's not plain text in your message will be encoded into something that can be represented in plain text.
The headers themselves are always plain text.
If your ISP or someone helping you diagnose an email problem has asked for the headers, start by composing a new message - it'll be helpful if you can select plain text format or compose that new message as plain text.
From the window in which Gmail is displaying the original message, select all the text from the top to the first blank line, right-click it and click Copy.
Then, switch to the message that you're composing, right-click in the body, and click Paste.
Send that message to whomever was requesting it.
What is all this junk?
Go ahead and page up and down and have a look around in the original message. You'll see a lot of stuff in there.
A lot of "geekery," as I said earlier.
The headers are a series of lines of information about the message being sent. If the first column is not blank, then the line begins with a token followed by ":". For example, you'll see many lines that begin with "Received:". Each mail server along the path from sender to recipient adds a Received: line to the header so that the email messages path can be identified.
You'll also see some familiar lines line To:, From: and Subject:, which are themselves nothing more than header lines.
There are too many to cover them all here. Many are obvious, many are not.
Header information can be faked
Finally, I want to point out that we often think of using header information to trace where an email comes from. While technically possible to a point, it's often the case that a specific sender can NOT be identified if they're trying to be sneaky.
And to the technically-inclined, it's not hard to be sneaky.
Information in the header can be faked or spoofed, and it sometimes takes a close, knowledgeable eye to be able to identify when this happens.
That's probably why you're sending it to someone who understands it.
Article C5313 - May 9, 2012 « »
Leo A. Notenboom has been playing with computers since he
was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed.
After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers
to common computer and technical questions. More about Leo.
May 11, 2012 9:20 AM
Leo, correct me if I'm wrong, one thing the sender can't spoof is the header's actual "From" information. While they can make an email address like "trust_me@irs.gov" appear in the "From" field in an effort to make you think it's an email from the US Government, the header will always show the real "From" field that sent it. Granted, if it's a "sneaky" sender, they won't be sending it from their actual email server, rather it will come from "hijacked_account@botnet_server.com"...correct?
11-May-2012
May 11, 2012 10:45 AM
I CANNOT send a letter or an eMail with the latest update of Mozilla Thunderbird??
It simply does Not have a "Send"
Any suggestions??
{email address removed}
11-May-2012
May 11, 2012 5:39 PM
Re: No send in T_Bird -- Cole, Open "write" window,
right click 2nd band at top. Should see "menu bar"
and "composition toolbar" with check before each.
If Missing check, select item to add check. Should bring back send. Customize while there. Best wishes,
Ron_H Thanks go to Leo!
May 14, 2012 6:03 AM
Thanks for the reply Leo...and that's why people visit your site and sign up for your email list...you can explain things very well. You've cleared up some confusion I was having.
An example of what I was looking at is a spam message from "Post Express" (it had a virus attached to it) and it comes across as trying to be from the United States Postal Service and wants me to open the attachment.
The "Received:" info in the header says:
"Received: from abcdefg.com ([123.123.123.123])"
(I've changed the IP and domain to protect the innocent)
Then the "From" line says:
"From: "Post Express" postmail@abcdefg.com"
This begs the question, why would the USPS use a mail server named "abcdefg.com". The answer is simply that they wouldn't. Since many would be suspicious they've put "Post Express" in there knowing that anyone using MS Outlook and possibly some other mail clients will ONLY see those words and it will help with the spoofing.
So, this confirms what you stated...the "From:" information can be anything (and who knows if "postmail" exists on that server) but it came from abcdefg.com, which is not the USPS.
Thanks for the reply Leo.