Product Navigation

eM Client Header Analysis


eM client is one of the available email clients with many features and modern and easy to use interface. It supports all major services such as emailing, instant messaging, including Gmail, Exchange, Outook.com. There are three file types i.e. DAT, DAT-SHM and DAT-WAL that are generated by default in the store folder and help users in eM Client forensic. All these files are not meant to be accessed by manual means. However, this application also provides one special utility i.e. Send as a Mass Mail. This option is one of the major reasons for activities such as email bombing, spamming or undisclosed emailing. Therefore, all these activities lead to eM client forensic and become very important to perform email header forensic analysis.

Examine eM client Message Header

Apart from these three DAT files, the eM client is capable of storing the data in EML file format also. Therefore, it provides a user an option to store each email as a single text-based EML file and it is the most feasible file format. One can easily perform the eM Client email header analysis in a very simple. Therefore, to perform eM client header analysis, in the further sections, complete steps to view header of eM client and analysis of email header.

How to View Header of eM Client

One can easily view a complete header of eM client by following the simple steps described below:

  • First of all, open your eM client application on your local machine.
  • After that, double-click on the message for which you want to view email header.
  • Now, in the right-pane, click on the down arrow icon to open menu list.
  • Now, from the menu list click on View Mail Header option.

View eM client Message Header

With the help of this, one can view the eM client header in just a few clicks. After that, email header analysis can be performed from a forensic investigation point of view.

Analysis of eM Client Header

When a user is able to view the complete header of the email then, it is important from investigation perspective to have complete knowledge about the each header. Now, in this segment of the post, a complete detailed analysis of eM client header is performed.

Analyze eM client Message Header

Delivered-To: The eM client 'Delivery-To' email header field displays the address of the receiver or an automailer. Its main purpose is to specify to whom this email message is to be delivered.

Received-by: The 'Received: by' field is a type of header in the email header analysis that specifies the date and time of the email were received, along with the IP address of the receiver's mail server.

Return-Path: This header field specifies the address where the message is to be sent back. It is an email address that mail server will use to send a message to the specified email address even if the message is not delivered.

Received-from: It is most essential header field from eM client email header forensic perspective. This field creates the list of the mail server through which message travel to reach a particular receiver. A user can start analysing this field from top to bottom. It will show the sender's mail server IP address and all other mail server IP address through which it routed to the receiver along with date and time.

Received-SPF: The 'Received-SPF' field in the eM client email header specifies the mail server which is allowed to send an email message on the behalf of your domain. Its main purpose is to prevent users from spammers and receiving an email from forged email address.

Authentication-Results: It is also one of the important headers to perform eM client email header analysis on. It is the part of the Internet Protocol Security. The purpose of this header, authenticate the origin of IP packet and it also ensure the integrity of data that there is no loss of data. It also an important forensic point of view that data of the email is tempered in between or not.

DKIM Signature: In eM client header analysis, the DKIM signature field determines the signature that SMTP receiver of a message has used. Hence, verify whether the sender is genuine or not. Any changes in the message is also detected by this field signature. To verify the sender, it verify the public key of the sender.

Investigate eM client Message Header

X-Received: In the eM client email header forensic, X-received header is a non-standard header. It is generally added by some mail transfer agent such as google SMTP server or a user-agent.

MIME-version: This field determines the MIME type supported by eM Client. However, MIME version of the eM client is 1.0. therefore, if another MIME version is found that means message is manipulated or damaged.

From: The 'From' field in the eM client email header specifies the sender's address with the user name. In cyber crimes, it can easily be forged by the criminals. Therefore, it is the less reliable field.

Date: It is very much clear from the name of the header that it will display the date when message was composed and send. If the date is wrong in eM client mail, then it can also be possible that is set wrong on the sender's computer. It is one of the least important fields when email header analysis is performed.

Message-ID: Every message in the eM client has a unique message id, which uniquely identifies the message and added in email header by a server. Most of the spammers when tries to change this unique id then with the help of any message id, one can easily detect if there is any change is id of message or not.

Subject: The purpose of this header is to make receiver clear about the reason of this mail. It is a normal text field that is specified by the sender of the message.

To: It is clear from the name header that it will specify the address of the receiver of the email message that is also specified by the sender of the message.

Conclusion

eM client is a type of email client in which send mass mail option leads to spamming and undisclosed email address. Therefore, it becomes very important to perform eM client email header forensic. This will help in cyber crime investigation and used as evidence is there are some changes in email header. Hence, in this post, a complete eM client header analysis is performed, one can easily understand the purpose of each header in eM client email. Also, a forensic user can easily search any evidence with the help of eM Client Email Search Tool.