Email SecurityAlso called: "email metadata", "message headers"
Email headers reveal the true origin and path of a message, crucial for investigating phishing and spam.
Key headers
- From/Reply-To: Sender addresses (can be spoofed).
- Received: Each mail server that handled the message.
- Return-Path: Where bounces should go.
- Authentication-Results: SPF, DKIM, DMARC verification outcomes.
- X-Originating-IP: Sender's IP address (if available).
Phishing detection
- Check Received headers for suspicious origins.
- Verify SPF/DKIM/DMARC authentication passed.
- Compare From address with Return-Path for mismatches.
- Look for forged Received headers (inspect timestamps).