Product Navigation

Why Opera Mail Header Analysis is Important


Opera Mail is an email client offers full services as other email clients. A user can easily send and receives emails. Now, when a user receives an email, then a type of email header is attached with each email. In this email header, all the valuable information from the forensic point of view is maintained such as from where the message is routed to reach to a particular receiver. In cyber crime, mainly these headers information are manipulated by the criminal to forged any email or its data. Therefore, it is important from investigation perspective to perform Opera email header analysis. Hence, in the further segments, how one can view Opera Mail header and how one can perform Opera Mail forensic are discussed.

Introduction – Opera Mail Email Header

Opera Mail is an email client, whose main purpose is to exchange any kind of data with others. Therefore, when a user is receiving an email from someone, it comes with a header part as well. It contains a lot of information that determine the path through which the email is received by a receiver. This Opera Mail email header plays a very crucial role while investigating any cyber crime. As criminals mainly made changes in the header part of the email, that's why it is very important to have a complete understanding of an email header. It also helps users in detecting any changes made by criminals to the email or not, whether the email data is tempered or not. Therefore, it is very important to perform complete Opera Mail header analysis.

How to View Opera Mail Header

As discussed above email header is important to analyze, therefore, first a user need to view the header of the email. Hence, here we have discussed how easy it is to view Opera mail header. To read an email header follow the steps mentioned below:

  • First of all, open your Opera Mail application and double-click on the message.
  • After that, on the message right-click on the free space.
  • Now, from the menu list, select View all headers and message to open complete header of the particular email.

View Opera Message Header

This complete process helps users in viewing the complete Opera Mail email header. After viewing full email header, a user can easily analyze the each header individually and detect if there is any manipulation or not.

A Complete Analysis of Opera Mail Header

After viewing complete header of Opera Mail, in this section, a complete analysis of Opera mail header is performed. The complete header list of the Opera Mail email header is shown below:

Examine Opera Message Header

Delivered-To: The main purpose of this header in Opera Mail is to specify the address of the recipient, to whom the email is to be delivered.

Received-by: This Received field in the Opera email header specifies the date and time at which email is received by the receiver. Moreover, its main purpose is to identify the unique IP address of the receiver. For example:

Received: by 10.31.167.148 with SMTP id q142csp929176vke; Fri, 23 Sep 2016 22:52:40 -0700 (PDT)

It specify the IP address and the date time of the email i.e. 23 September 2016 on Friday.

X- Received: It is a type of header that is generally added by a user agent or by any mail transfer agent. It is a non-standard header, not included in most of the email client.

Return-path: This Opera Mail email header is same as Reply-To header. It contains the same email address as in the reply-to, determines the address where the email is to send back. If the message delivery failed then the message is automatically sent by the mail server at a particular address.

Received-from: The most essential header for performing Opera Mail forensic. It is the most reliable header that determines the IP address of the sender's mail server and list of all the mail server through which message is transferred from sender to receiver. For example:

Received: from msbadger0406.apple.com (msbadger0406.apple.com. [17.254.6.147]) by mx.google.com with ESMTPS id hp1si11202519pac.38.2016.09.23.22.52.39 for (version=TLS1 cipher=AES128-SHA bits=128/128); Fri, 23 Sep 2016 22:52:40 -0700 (PDT)

Received-SPF: The main purpose of this header in Opera Mail headers is to identify the mail server that can sends an email message on the behalf sender's domain as shown below:

Received-SPF: pass (google.com: domain of new_ndt_bounces@applemusic.com designates 17.254.6.147 as permitted sender) client-ip=17.254.6.147;

In this example the mail server is google.com that sends message on the behalf of your domain

Authentication-Results: The another important Opera Mail email header, that is a part of Internet Security protocol. It make sure that integrity is maintained and there is no loss of data. Moreover, it also authenticate the origin of IP Packet.

DKIM-Signature: To perform Opera Mail forensic, DKIM signature is also an important header. It identifies the whether the sender is genuine or not. If someone tampered the message then it will easily capture by this signature header.

MIME-Version: Multipurpose Internet Mail Extension is generally used to extend the format of mail. Moreover, it specify the MIME-Version of the Opera Mail. If it is not 1.0 then the mail is corrupted or damaged.

Investigate Opera Message Header

Date: This is the header that shows the date and time when the message was composed and sent to the receiver. There can be little bit changes in the time of email, as it was a little bit different in each computers.

From: It is pretty much clear from the name that it displays the address of the sender with the user name. It is the header that can easily be forged by any criminal that's why it is the least reliable header when performing Opera email header analysis.

To: This shows the email address of the receiver and to whom the email was addressed.

Message-ID: It is basically a unique identification number that is assigned to each message. It is done to identify each message uniquely assigned by mail server at the time when the message is received. If the Message-ID is not same as original then it is clear that some manipulation is done in the message data. It is not the original message.

Subject: The aim of this field is to show the main motive of sending this particular email. It is defined by the sender of the message.

Content-Type: It describes the format in which message is received such as in HTML or in Plain Text

Content-Transfer-Encoding: The standard method to enable encryption and maintain email authentication is described by the content-transfer-encoding header in Opera Mail.

Conclusion

The main purpose of this email header analysis is to make users free from forged emails. Therefore, in this post, we have discussed how Opera Mail user view the full email header and perform Opera mail forensic. A complete Opera email header analysis to have a full understanding about the header and how they can forge in cyber crime. Also, search evidence in the emails by Forensic Email Search Tool.