In this guide, i'll show you on how to identify email headers, and to find out on who and how they emailed you.
Here is an actual email i was sent (SPAM). Take your time, and just look at it.
These headers seem to work a little backwards. As you read down through the header, it tells you the originating server or IP address it came from. And it works back one step at a time, until it stops at its original sender.
A little like catching a train, and the timetable tells you the time of the train that it arrives, and tells you on where the train is headed or where it was from.
Ok, lets look at it in detail.
These pictures, show the start of the header. Which includes the server or IP that contacted your mail server.
Figure 1.
Shows the claimed server sending the data. (This name can be faked, beware).
Figure 2. & Figure 3.
Anything inside the ( ) is true, it is what the server itself sends. But to be sure, check the server name against the IP address in the [ ]. If they match, you can be sure that this is a real server.
So what we have learned so far is :-
A.We know the claimed server name :- harrier.prod.itd.earthlink.net
B.We know that the real server name is :- harrier.prod.itd.earthlink.net (207.217.121.12)
So going by that, we know that harrier.prod.itd.earthlink.net (207.217.121.12) did contact our mail server fepa.mail.ozemail.net.