Importance of Lotus Notes Email Header
When a user sends a message through Lotus Notes, the server adds one unique field that is email header in lotus Notes. A user is in normal way can view only the basic sender and receiver information, but it contains a complete information such as routing information and contact information in the hidden form. Therefore, when a user receives an email in a Lotus Notes then he can easily view Lotus Notes email header.
To analyze the complete email header information, one can perform Lotus Notes header analysis that helps users in identifying email spamming and spoofing and understanding the email route in a better way. All of this information are changed by someone in a case of performing some wrong action. Therefore, Email Header Forensic is considered to be the most important evidence while investigating any cyber crimes.
Component of Email Message Header
When a user reads the header information of an email, then the Lotus email header is displayed as:
Received: The Lotus Notes mail header received field provides a complete detailed information of the message's history. It is helpful in case of when all the other headers have been forged, to draw some conclusion about the email origin.
DKIM Signature: It is a Domain Keys Identified Mail (DKIM). It is an email validation system that is used to detect the email spoofing. DKIM uses key server technology and a public-key cryptography to permit verification of the contents and source of the messages by using either MTAs (Mail Transfer Agent) and MUAs (Mail User Agent).
Purpose: This is basically used detect the email spamming and phishing to prevent the users from forged sender email addresses
To: The 'To' field in email header is described by the sender of the email. In Lotus Notes, the mail routing is only dependent on the envelope "To." "Moreover", "To:" email header in Lotus notes need not contain the message address.
Subject: The Lotus Notes email header subject field is a normal field specify by the sender, to describe the purpose of the sending an email.
Message ID: The email header message id field represents a unique identifier assigned to each message. Mainly it is of the form "abc@bcd.edu". In this abc can be anything such as username and in the second part of name of the machine is specified that assigned a unique ID.
Note: Message ID with an empty string or not contain '@' sign is probably a forgery ID.
Date: As the name suggests, it determines the date of the message. Normally, it specifies the date when the message was composed and when sent. If this information is omitted by the sender's computer then it might be added by some other machine along the route. The user does not take it wrong as it can be possible that the clock of the sender is set wrong.
From: There are basically two types of From header in Lotus Notes:
From (without the colon): it indicates the "envelope From", generated by the machine that receives a message.
From (with the colon): it indicates the "message From:", contains information provided by the sender.
Reply-To: The Lotus Notes email reply-to field determines the address where reply will go. This email header field is also used by the spammers. Mostly the address in Reply-To junk emails are either invalid or of a normal user.
MIME Version: It is an another Lotus Notes email header. It only specifies the type of MIME protocol used by the sender. If someone changes the MIME type that means the message is manipulated or corrupted. This all type of information are helpful from cyber crime point of view.
X-Mailer-RecptId: The X-Mailer email header specifies that to send the message, which type of software used by the sender. X-Mailer-RecptID will specify the unique recipient ID.
X-Mailer-SID: Email header in Lotus Notes contains X-Mailer-SID that specify the schedule ID
X-Mailer-Sent-By: It basically describes the sender ID or we can say that account ID that identifies the user uniquely.
X-AntiAbuse: It is a type of header which is used to track anything abusive and added in abuse report
Content Transfer Encoding: It defines the standard way of enabling encryption to maintain the email authentication. Therefore, the type of encryption performed on message in generally specified by content transfer encoding.
This header mainly describes how the content of the message is interpreted by the MIME-compliant mail program.
Content Type: The Lotus Notes email content type field define the style or way in which emails get displayed in an application. Moreover, it is a different MIME header that tells what type of content is expected in the message. The structure of the message completely relies on content type. Different content types denote different structure of messages.