A Complete Analysis of Airmail Email Header

In today's advanced world, email communication is more preferable among the internet users to share any type of information over the web and stay connected with each other. For email communication, one such email client is the Airmail that is popular among Mac users. As it is a secure email application but still there are chances that user email gets forged in between by some cyber criminal. Therefore, to resolve all these issues, the major parameter is to perform a complete Email Header Forensically. Apart from the visible header, there is some hidden header that is very useful for a forensic investigator. Hence, in this post a how a user can view complete email header of Airmail and what is the meaning of each header from an investigation point of view.

Method to Analyze & View Airmail Email Header

In order to view the entire header part of the Airmail email message, a user just needs to follow the steps mentioned below:

• First of all, open Airmail email application
• After that, choose the message for which you want to view complete email header

• Then, navigate to the View menu
• Next, choose View Raw Source option to open complete email header

Detailed Description of Each Component of Airmail Email Header

Return-path: The Return-Path email header of the Airmail determine the email address of the sender at which email message is bounced back. However, this email address is similar to the sender's email address.

Envelope-to: It is the email header that is used to specify the full email ID of the receiver or who has accepted that specified email message.

Delivery-date: This Airmail email header stores the date and time in a standard format on which that particular email message has been delivered to the receiver.

Received: It is one of the important email headers that determine the email address of a receiver, IP address of the sender, and entire details of Transaction Security Layer (TLS). Moreover, it also specifies the date and time on which message has received.

From: It is that attribute of the header part, which determines the complete email address of the sender of that particular message or the email address of the message sender.

Content-Type: It is used to specify the format or structure in which particular message is received like in Plain Text or HTML

Content-Transfer-Encoding: It is the field that signifies the encryption is enabled or not and also maintain the authentication of email as described by the content-transfer-encoding header in Airmail.

Subject: It is most basic email header in Airmail that determines the purpose of sending that particular message to the receiver

Message-Id: Like a roll number, a unique identification number is assigned to each email message. However, it is a combination of alphabets and numbers. This unique ID help users in identifying, which email message sent to whom.

Date: It determine the date and time on which that particular email message has composed.

To: This attribute of Airmail email header displays the complete email id of receiver to whom that particular message is delivered.

Mime-Version: This attribute specify the version of MIME protocol that was used by the sender in sending that email.

X-Mailer: It contains all the extra information related to the sender who has sent that email.

X-AntiAbuse: To track a spam and abuse this particular header is added to email message with abuse report.

X-Get-Message-Sender-Via: It is also one of the most important email header from forensic perspective that stores all information such as email address and file location, users account name and another confidential file path that leaks out complete security information.

X-Source: It is the email header that is generated for local host requests. Apart from this, the base64-encoded path to the source file on disk is also included and used to interlink the pages gives result back to that source file.

X-Spam-Status: It is used to clear whether the email is spam or not.

X-Spam-Score: Its value can either be zero or the negative value.

Conclusion

Airmail header analysis has a very crucial role in the investigation of any case, which is done by the forensic investigator to reach to the culprit. Email header analysis is a complete email search program. Therefore, in this post, how to view Airmail email header and the detailed analysis of Airmail email header is discussed. In addition, it is also helpful for a forensic investigator to take their investigation at next level to collect the evidence. Moreover, a user can use Forensic Email Search Software to analyze each and every attribute in more detail to find the culprit.