Blue Team Toolkit
  • 👊Welcome!
  • application-security
    • Application Security
  • DFIR Toolkit
  • Incident Response
    • Containment, Eradication, and Recovery
    • Network Analysis
    • MITRE ATT&CK Framework
    • post-incident
    • preparation
  • network-hardening
    • Basic Network Tools
    • Basic Port Info
    • NMAP
    • Wireshark
  • Phishing Analysis
    • Basic Email Info
    • Email Headers
  • reversing
    • gdb
    • reversing
  • Security Information and Event Monitoring
    • DeepBlueCLI
    • Linux Log Analysis
    • Log Review Approach
    • Network Device Log Analysis
    • Other Tools
    • SIFT Workstation
    • Splunk
    • Syslog
    • Sysmon
    • Web Server Log Analysis
    • Windows Log Analysis
  • Systems Forensics
    • Autopsy
    • Basic File Metadata
    • Browser History Capturer
    • Browser History Viewer
    • Digital Evidence Handling
    • Exiftool
    • File Hashing
    • File Systems
    • forensics-workstation
    • FTK Imager
    • John the Ripper
    • JumpList Explorer
    • KAPE
    • Linux Artifacts
    • Memory File Analysis
    • Prefetch Explorer Command Tool PECmd.exe
    • Scalpel
    • Steghide
    • Sysinternals
    • Volatility
    • Windows Artifacts
    • Windows File Analyzer
    • YARA
  • systems-hardening
    • Active Directory Hardening
    • linux-hardening
    • windows-hardening
Powered by GitBook
On this page
  1. Phishing Analysis

Email Headers

PreviousBasic Email InfoNextreversing

Last updated 2 years ago

  • Standard Headers

    • From, showing the sender's email address

    • To, showing the recipient's email address

    • Date, showing the date when the email was sent.

  • Optional Headers

    • Received, showing various information about the intermediary servers and the date when the message was processed

    • Reply-To, showing a reply address

    • Delivered-To displays the recipient’s name and address, as well as other addresses present in the CC and BCC

    • From: IP address/other details about sender

    • subject showing the message's subject

    • message-ID, showing a unique identification for the message

    • message body, containing the message, separated from the header by a line break

    • Return-Path: return address in case of email failure

    • Content-Type field indicates whether the format of an email was HTML, TXT, or any other option

    • Received-SPF: sender verification

    • Authentication-Results: ID of authentication performing server

    • DKIM Signature: details of the sender, message, and the public key which is required to perform message authentication

  • Custom X-Headers

    • X-Received: non-standard headers added by some email providers

  • Header Lists/Guides

IANA Email Message Headers List
Email Header Quick Reference Guide
Email Header Guide
Email headers: What they are & how to read them
Email Header Analysis and its application in Email Forensics