Product Navigation

Detailed Study of Postbox Email Header


Postbox is one of the widely used email application used to share messages instantly along with the attributes. The email application makes sure that all the messages deliver accurately. Apart from some crucial information these email messages contains its whole information. This includes a basic thing i.e. email header. Each email has its own email header that contains over all information of that email. Sometimes users do Email Header Analysis as it plays a very essential role to track the information of a particular mail. In the following section, a complete guide is discussed that makes the concept of Postbox mail header analysis clear.

Importance of Postbox Email Header Analysis

Whenever a message is sent through any email application, an automatic field is added automatically by the server, which is known as email header. The email header information contains the basic receiving and sending information about the email message. The email header carries the whole path that an email follows to reach its destination place. Postbox email header analysis also, plays very important role in understanding the route of the email. Forensics investigation team considers email header forensics for the investigation of cyber crimes. This information is hidden and to read Postbox email header need to follow certain steps.

How to View Postbox Email Header Information

Thunderbird users can easily read Postbox mail header following certain easy steps:

  • Firstly, open the message in Postbox email client, whose header needs to be viewed
  • Once the email is opened, click on the option of View from the menu bar.
  • Under the View tab, select Message Source to open header information.

view Postbox Mail Header

Analysis of Postbox Email Header

When the header information for an email is opened, Postbox email client shows the information as:

Postbox Mail Header Analysis

Delivered-To: The delivered-to email field shows the email address of the intended recipient. By this, a user can easily detect manipulative activity. The email address should match to the correspond email Id. If not, then it means that some kind of manipulation has been done that needs to be investigated.

Received By: The received email header indicates the information, which is related to the last SMTP server visited by message:

  • The SMTP id for the visited server
  • The date and time at which text was received by SMTP server
  • The IP address of the server

X-Received: This attribute is added to the server or mail agent to indicate the non-standard header information. It indicates the following information:

  • IP address of the server that receives the message
  • Specific date and time at which email was received
  • The SMTP id for the server

Return-Path: The return-path email field shows the path of the message that needs to be bounced back if the transmission fails due to some reasons. The notification of the failure is delivered to return-path. One of the reasons of this failure of transmission is wrong email address.

Received: The received field indicates the trace information for a particular email. Users can extract the host name, unique IP address, and other information related to delivery path of email. This field helps in finding the location of the suspects or criminals.

Received-SPF: SPF stands for Sender Policy Framework. This field is added to the email header, which denotes if the email message comes from a verified sender or not. It applies techniques to check and verify the identity of sender and only take the message ahead if the sender is authenticated.

Authentication-Results: In Postbox mail header this attribute, namely Authentication results is added as this header have the result of all the authentications that is done on the message before the processing of it.

One can easily get the following information from the field as mentioned below:

  • The first field indicates the Id of server that has performed authentication
  • The next fields, which are separated by semicolon shows the applied authentication techniques and their results

From: The email header from field indicates the sender's email id, who has delivered the email. From this attribute, one can easily get the information of the email address of the sender for future reference. However, many criminals try to modify or change the field using email-forging technique. Therefore, make this field less reliable to depend for critical analysis of the email.

To: This field represents the receiver's email address.

References: References has the message identifiers, each identifier has one space, all on one line

In Reply-To: The reply-to email header field simply let the person know that at which email address the reply to the message is received. Generally, it is same as the sender's address. However, the address for Reply-To field can be changed as per the requirement with the help of some manual settings.

Subject: The subject field tends to display the main subject or purpose of communication

Date: Studying Postbox mail header date field helps to know the date and time at which message was created from the sender's end. One can evaluate the time and date according to local time zone. Generally, a message is within fraction of seconds. However, if you get an email, which does not correspond to time field or have much gap, then be cautious about that text.

Message Id: Each email is assigned an individual message ID, which differentiates it from all the other emails. Two emails cannot have the same message id. In fact, it acts as a primary unique value for each message.

MIME-Version: The MIME version (Multipurpose Internet Mail Extension) shows that the Postbox message id MIME formatted. Therefore, it can support various data, which includes plain text files, audio, video, applications etc.

Content Type: The Postbox email content type shows style in which emails are displayed in the application. Various varieties of content type denote the structure of messages. Generally, the Thunderbird email client ignores the meta tags for displaying content. Therefore, it relies on Content Type from email header to find out the way in which message should be displayed.

X-mailer: It is a line in the header, which signifies the software used to send a mail from sender's end.

Content-Language: As the name suggest, this header provide with the language that is used in that specific email message.

Conclusion

Email analysis is a crucial parameter during investigate and should be carefully studied. It can be a major turning point providing evidences. Therefore, after understanding the need of email header analysis, we have covered Postbox Mail Header analysis to make the users understand header significance. The advanced Email Search Software helps the investigator to find out important information from an email header.