There can be several reasons. It is less likely that the sender's account password has been compromised or exposed. A more likely situation is that the e-mail address has been spoofed. If you have received a suspicious message from a seemingly trustworthy address, the easiest way to discover the truth is through e-mail headers.
What can you find in e-mail headers?
Every e-mail consists of two parts – the body (message content) and the header. These headers are sent with e-mail and contain information about the received message, such as who the sender and recipient are. It can also include information about past checks, which ensure that the delivered message is not classified as spam.
The following items are most often found in the e-mail header:
From: the sender's e-mail address
To: recipient's address
Cc: a copy of an e-mail where a comma can separate multiple addresses
Bcc: hidden copy
Reply-To: address to reply to. If none is specified, the address from the "Form" field is used
In-Reply-To: identifies previous correspondence
Subject: subject of the message
Date: date and time the message was sent
Message-ID: the e-mail's ID that is automatically generated by the e-mail server
Received: individual entries identifying the servers through which the e-mail passed. The first item is the destination station (your computer), and the last is the source (from where the e-mail was sent); chronologically, the path can be traced from the last item to the first.
And it is the From field is often misused by attackers because the sender can change its content to essentially any address. However, falsifying the Received field is considerably more complicated. Therefore, when verifying the sender's authenticity, we should not forget to check this field in the header.
Why is it good to know the path to the e-mail header?
It doesn't matter if you open the e-mail header and are unfamiliar with the information contained. Even so, it pays to know its location in your e-mail client. In the case of university mail, you can always report a suspicious message. And because of the information included in the e-mail header, we recommend sending them when reporting to speed up the resolution of a security incident. Suspicious messages are always better to report than no to report. Reports can be submitted to The Cybersecurity Team of Masaryk University.
How to get to the e-mail header?
Different e-mail clients have different access methods. We have prepared an overview of the most used ones, including introductions on displaying the headers. We remind you that when handling suspicious messages, it is crucial not to click on any attached links and not react in any way.
In a web O365 Outlook web client, the header can be accessed by clicking on three horizontal dots in the upper right corner and selecting "View message details."
In the Outlook desktop client, double-click the e-mail, select "File, "and then "Properties. "
The e-mail header is located at the bottom of the popup window.
In the Information System of Masaryk University mail, the headers can be accessed using the "Download "button at the bottom of the e-mail. The following file with the .eml extension contains the entire message, including headers.
You can access the header in Gmail by clicking on the three vertical dots in the upper right corner and selecting the "View original "option. The entire e-mail, including the headers, can be copied or downloaded as a .eml file.
In the mail of the Internet portal Seznam.cz, you can access e-mail headers using the option under the e-mail message, where the "Next "button is located. Here you will find the "Show Header "option.
In the Mozilla Thunderbird client, the "More "button can be found in the upper right corner of the message. Below is the "View source code "option, which also contains the e-mail header.
The Squirrel mail web interface offers a separate "view full headers "button.
This article has outlined the essence of e-mail headers and hopefully helped you find them successfully in your e-mail clients if needed. To learn more about safe communication in cyberspace, use the Safe Communication module in our free online course Cybecompass. Thanks to it, you will gain more confidence in cyberspace and easily avoid unpleasantness.