The content of this post is solely the responsibility of the author. LevelBlue does not adopt or endorse any of the views, positions, or information provided by the author in this article.
What is an e-mail?
E-mail, also referred to as electronic mail, is an internet service which allows people and digital services to transmit messages(letters) in electronic form across Internet. To send and receive an E-mail message, an individual or service requires to have an e-mail address, i.e. electronic mail address which is generally in emailaddress@domain.com format. E-mails are more reliable, fast, and inexpensive form of messaging both in personal and professional environment.
What are e-mail headers?
E-mail headers are metadata information attached with every email sent or receive across the internet, email headers contain important information required for delivery of emails. E-mail headers contain information such as:
- Sender’s IP address
- Server the email came through
- Domain the email originated from
- SPF (Sender Policy Framework)
- DKIM
- DMARC
- Time of sending receiving email message
- Other important information required to validate the authenticity of the email received
Using E-mail header analysis, users can identify if an e-mail is legitimate or a scam. To view email headers in most clients, you can right click on the message and choose “show original” or “view-source.”
Metadata
Now, let us understand the terms related to metadata what it is and why the metadata associated is so important for email communications.
Metadata: Metadata is kind of data which provides information about the other data. For example: Email headers provide information about email communication.
SPF: also known as Sender Policy Framework, is a DNS record used for authentication mechanism in email addresses. SPF is a txt record configured in DNS records. It contains IP addresses and domain names which are authorised to send emails for a domain. The recipient can check the SPF record under email headers to verify if the email was originated from specified IP addresses or domain names.
DKIM: DomainKeys Identified Mail, is a cryptographic method that uses a digital signature to sign and verify emails. This allows the receiver’s mailbox to verify that the email was sent by authenticated user/owner of the domain. When an email is sent from a DKIM configured domain, it generates hashes for the email and encrypts them with private key which is available to the sender. It uses hashes to compare the mail origination and mail received content so that recipient can verify that email was not manipulated or tampered.
DMARC: Domain based Message Authentication, Reporting and Conformance is an email standard used for protecting email senders and recipients from spam, spoofing and spamming. DMARC indicates that an email is protected by SPF and DKIM as well. If SPF or DKIM fails to match the records, DMARC provides options such as quarantine or reject options for the message. For configuring DMARC to DNS records, SPF and DKIM configuration is mandatory.
Message ID: Message ID is a unique mail identifier for each email received; every email will have a unique Message ID.
E-mail header analysis has been used in criminal investigations to track down suspects and in civil litigation to prove the authenticity of emails. It’s also used by business to combat modern day email attacks like email spoofing.
There are various tools available for email header analysis, however, free tools may have limited capabilities.