Get to Know All About DreamMail Header In Detail
DreamMail is a desktop-based email application, which was developed by a Chinese organization i.e., DreamSoftware Studio. This email client enable users to connect with several email account, at one time. Moreover, protocols used or supported in this email program are SMTP, POP3, ESMTP, and SSL. Well, consider a following scenario, which is discussed by the user who is operating DreamMail account:
“I am having a DreamMail account from which I have to gather evidences for solving a cyber case. This case requires a deep analysis of suspect account, which is in DreamMail email client. Therefore, I want to learn a solution by which I can view technicalities of each DreamMail emails. Please someone suggest me an approach for the same”
Description of A DreamMail Email Attributes
It is very well-known fact that DreamMail users are generally from Europe and China. Therefore, there are possibilities of crime occurrence in this email client and thus, it is important to become aware from all email attributes of a DreamMail client.
Delivered-To: This attribute stores complete email address of the receiver who had received the source mail and on which analysis is to be performed.
Value: Receiver's email address
X-Received: The parameter is a type of non-standard header, which is either appended by some user-agents or by transfer agent of the email. The mail transfer agent can be any, like Google mail SMTP server, Alpinne, Mutt, Sendmail, etc.
Value: by 10.194.123.137 with SMTP id ma9mr45491041wjb.106.1483589708656; Wed, 04 Jan 2017 20:15:08 -0800 (PST)
Return-Path: Every email message is having a hidden field i.e., Return-Path address. This address is also known as envelope sender address or bounce address, which is having original email id from which an email is really originated. This attribute is also used to notify that whether messages are successfully sent or not.
Value: Email id of sender
Received-SPF: SPF or Sender Policy Framework is simply an email-validation system, which is developed for authenticating valid host. Whenever SPF header value is 'fail', it means that MTA connection is needed to be rejected. When it get 'pass', it means MTA must add an advisory header part to the message.
Value: pass (google.com: domain of content.trainingupdate@gmail.com designates 2a00:1450:400c:c09::244 as permitted sender) client-ip=2a00:1450:400c:c09::244;
Authentication-Results: It is basically a trace header field, which is used to record the output of email authentication procedure. Various results of several methods can be found in this header attribute, which are separated by wrapped and semicolons, whenever needed.
Value: mx.google.com; dkim=pass header.i=@gmail.com; spf=pass (google.com: domain of content.trainingupdate@gmail.com designates 2a00:1450:400c:c09::244 as permitted sender) smtp.mailfrom=content.trainingupdate@gmail.com; dmarc=pass (p=NONE dis=NONE) header.from=gmail.com
DKIM-Signature: DKIM (or DomainKeys Identified Mail) is a digitalized signature, which is an essential means for email authentication. It helps in protecting email senders and receivers from phishing and forged emails. The purpose of this attribute is basically to validate identities of MTAs or ADMDs who are participating in transferring and editing an email
X-Google DKIM-Signature: It is also an authentication attribute, which is associated with domain name of an email address. This enable an organization to accept responsibility of an email, which can be validated on recipient side.
X-GM-Message -State: It is an another technical attribute of DreamMail header, which identifies current state of an email. The state may be any of the two i.e., sent successfully or bounce back, which are basically termed as Google message states.
MIME-Version: MIME or Multi-Purpose Internet mail extension, is an internet email protocol, which allow people to exchange data via world wide web. The data of any kind i.e., audio, video, application programs, ASCII text, etc., can now easily be transmitted with help this protocol.
Value: 1.0
From: This is a general attribute, which denotes the email address of the sender.
Date: The time duration when a source email message was received is described in this field.
Message-ID: Since it is a fact that there are multiple email messages over Internet. Therefore, to uniquely identify each email message, it is mandatory to have a unique id of every mail. This attribute stores that unique id of source mail, which is automatically generated while mailing procedure.
Value: CAJNHnCDiAMcnELNLEi1WbfC61Erk8fOaQ8y3=1nbi2uVuMtLmA@mail.gmail.com
Subject: This technical parameter, which comprises of the subject line of source email message.
To: A last email attribute, which allow users to learn complete email address of the receiver.
