09 October 2009

HowTo: Gather Full Mail Headers

Say you want to find out where an email came from. Maybe it was threatening or phishing or spam. How do you gather evidence of what servers passed it to you to give to the authorities? You need the full headers. They contain all the routing information. Keep in mind, though, that it is possible the sender was making use of an open relay instead of their own mailserver.

  • KMail: View -> Headers -> All Headers
  • Evolution: View -> Message Source (or Ctrl+U)
  • Thunderbird: View -> Headers -> All
  • GMail: Hit the down arrow next to "Reply" on the message, then choose "Show Original"

Now just copy and paste this into a file and hand over to whomever is dealing with the sender.


Anonymous said...

You mean an "open relay?" ~.^

That's very useful to know, however! I didn't even know you could do that, let alone why it was important.

Are there any resources where we can find out what all to do if we receive a threatening email? It might be useful ... I'm especially concerned for my girlfriend, who's very worried about trolls.

Mackenzie said...

I actually posted this to go along with the Geek Feminism PSA about Mikee (trigger warning, of course). What we found in the process of Kirrily writing that was that in the US, Canada, Ireland, New Zealand, and Australia (at the very least) you should report to local law enforcement who will escalate to federal cybercrime divisions as necessary. Those are countries we're located in, but given they *all* agreed that's what to do, I'm guessing it's a decently universal thing.

Mackenzie said...

Also...again with the "I can't type!" On the first try, it was "rlay" so I went back to put in the "e" and I guess hit the key next to it. D'oh!

Anonymous said...

Heh ^.^ Okay, thank you! I'll keep that in mind just in case. And good luck out there!

Justin said...

View -> Message Source

works in Thunderbird also, and works better than Headers -> all.

nixternal said...


just h. That's what you do in Mutt for the same thing.

Mackenzie said...

I left it off because I Googled it and found that 1) there was already a page thouroughly covering text based clients 2) it requires enabling some plugin/module thing

MrCorey said...

This is a nice little compilation of what we take for granted but forget how to do when the time comes for it. Thanks, Mackenzie. BTW, I didn't comment before on your site redesign. I like your "new clothes" (I like the old look too :-) )