Understanding Email Headers

One of the most popular ways for people to get infected by malware is through email.

One of my first online jobs was working for a company that is involved in email spam filtering. I still work for that company occasionally, and while it’s true that the technology to filter email has gotten more advanced, the stakes have also gotten higher.

After all, it was likely just a single person, clicking on a single link, that led to such infections as WannaCry in 2017, and numerous cities in 2019. Once a carefully crafted program is allowed to run on a single vulnerable computer on a network, it’s essentially game over for most (or all) of the computers on that network.

Since email is such a big vulnerability for everyone, it pays to know a bit about how it works. And while learning the entire history of email may be overkill (or boring), learning how to decipher the email headers is a useful skill to have today.

The email headers show lots of information about the email in question, but maybe most importantly they show the path of the email through the internet. Email headers are, like the name implies found at the beginning of every email sent. Most email programs strip them out, but you can look here to find out how to see them for most email clients.

Now that you’ve found them, though, what do they mean?

This article over at Ars Technica has a nice and (relatively) simple walkthrough of how to decipher an email’s headers, and what parts of the headers you can (and can’t) trust.

To make things a little bit easier to understand (although reading the Ars article is still important), you can find an email header analyzer here that will parse the header to make things a bit more human-readable.

Wether or not you decide to become an header expert, learning a little bit about this system could save you (and your company or city) lots of grief in the future! Remember that when you’re in doubt about an email, don’t click!