Alibaba Mail:How to Analyze Message Header?

Overview

This article describes the method to analyze message headers when you use Alibaba Mail.

Details

The mail header contains a lot of useful information that can help us understand the source of the email, the sending method, the mail server and so on.

Here are the steps to analyze the header information:

1. Open the message and convert it to plain text format.

2. Find the header of the email and start with "From:", "To:", "Subject:", etc.

3. By analyzing the mailfrom and MF fields, you can obtain the real sending address. The whitelist set by users or administrators is valid only for the real sending address.

4. By analyzing the "From:'' field, you can learn about the email sender address, name, and mail server.

5. Analyze the "Received:" field to learn whether the mail is forwarded and routed.

6. Analyze the "Return-path:" field to know the return address of an email.

7. Analyze the "X-Mailer:" field to understand the type and version of the sender client of the email.

8. Analyze the "Message-ID:" field to learn the unique identifier of an email.

9. You can analyze the "Date:" field to know the sending time of an email.

10. By analyzing the "Content-type:" field, you can learn about the content type and encoding mode of an email.

11. Analyze the "MIME-Version:" field to learn the MIME Version of an email.

By analyzing the email header, we can confirm the authenticity of the email, find the sender of the email, and understand the transmission process of the email.

Example

We will use the header of an email sent between two users as an example

• The sender is from@example.net.

• The recipient is to@example.net.

• Use Webmail of Alibaba Mail.

The contents of the message header are as follows.

X-Alimail-AntiSpam:AC=PASS;BC=-1|-1;BR=01201311R291e1;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=ay29a033018047192;MF=from@example.net;NM=1;PH=DW;RN=1;SR=0;TI=W4_0.2.0_v5_212D484D_1688628380224_o7001c196i;
Received: from WS-web (from@example.net[W4_0.2.0_v5_212D484D_1688628380224_o7001c196i]) at Thu, 06 Jul 2023 15:26:20 +0800
Date: Thu, 06 Jul 2023 15:26:20 +0800
From: "=?UTF-8?B?xxxxxxxxxx=?=" <from@example.net>
Return-Path: "=?UTF-8?B?xxxxxxxxxx=?=" <from@example.net>
To: "=?UTF-8?B?xxxxxxxxxx=?=" <to@example.net>
Disposition-Notification-To: "=?UTF-8?B?xxxxxxxxxx=?=" <from@example.net>
Reply-To: "=?UTF-8?B?xxxxxxxxxx=?=" <from@example.net>
Message-ID: <7fd6623a-6f5b-4e83-b52d-e9d0e75ad5b1.from@example.net>
Subject: =?UTF-8?B?xxxxxxxxxx?=
X-Mailer: [Alimail-Mailagent revision 85][W4_0.2.0][v5][Chrome]
MIME-Version: 1.0
Return-Path: <from@example.net>
References: <0eddb917-9d17-4015-af46-6c98b8be6b19.from2@example.net>,<a82e752e-0098-4393-956f-3a438f32f3d2.from@example.net>
x-aliyun-mail-creator: W4_0.2.0_v5_M3LTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzExNC4wLjAuMCBTYWZhcmkvNTM3LjM2vN
Content-Type: multipart/alternative;
 boundary="----=ALIBOUNDARY_82652_7efbfbd9a700_64a66c9c_168057"

Additional Information

To: recipient, cc: carbon copy recipients, bcc: blind carbon copy recipients. BCC generally does not show in the header.

From, as the display address, can be inconsistent with the real address mailfrom, but it will increase the probability that the recipient will judge it as spam.

Reply-to indicates the reply address. When the recipient replies the email, it will reply to this email address. Some email clients may not support this function.

Received is usually the server information and contains the server transmission time to determine the location of the receiving delay.

References are used to track the header information of the mail thread or mail chain. This information usually includes the "Message-ID" of the previous email, with multiple values separated by commas or spaces.

Dison-Notification-To requests a receipt notification to confirm that the email was successfully received and read.

Boundary is an identifier used to separate different parts of the message content.