How to Read Email Headers

Author: Posted: June 23 2002 Word Count: 1188 words Read 16128 Rating:

(2.0) 49 Votes

2 Comments email

E-mail to a friend save

Save to My Quicklist printl

Print article

Vote this article

How to Read Email Headers and Find Internet HostsWarning: flamebait enclosed!____________________________________________________________OK, OK, you 31337 haxors win. I'm finally releasing the next in our seriesof Guides oriented toward the intermediate hacker. Now some of you may think that headers are too simple or boring to wastetime on. However, a few weeks ago I asked the 3000+ readers of the HappyHacker list if anyone could tell me exactly what email tricks I was playingin the process of mailing out the Digests. But not one person replied with acomplete answer -- or even 75% of the answer -- or even suspected that formonths almost all Happy Hacker mailings have doubled as protests. Thetargets: ISPs offering download sites for email bomber programs. Conclusion:it is time to talk headers!In this Guide we will learn:· what is a header· why headers are fun· how to see full headers· what all that stuff in your headers means· how to get the names of Internet host computers from your headers· the foundation for understanding the forging of email and Usenet posts,catching the people who forge headers, and the theory behind those emailbomber programs that can bring an entire Internet Service Provider (ISP) toits kneesThis is a Guide you can make at least some use of without getting a shellaccount or installing some form of Unix on your home computer. All you needis to be able to send and receive email, and you are in business. However,if you do have a shell account, you can do much more with decipheringheaders. Viva Unix!Headers may sound like a boring topic. Heck, the Eudora email program namedthe button you click to read full headers "blah blah blah." But all thoseguys who tell you headers are boring are either ignorant -- or else afraidyou'll open a wonderful chest full of hacker insights. Yes, every emailheader you check out has the potential to unearth a treasure hidden in someback alley of the Internet. Now headers may seem simple enough to be a topic for one of our Beginners'Series Guides. But when I went to look up the topic of headers in my libraryof manuals, I was shocked to find that most of them don't even cover thetopic. The two I found that did cover headers said almost nothing aboutthem. Even the relevant RFC 822 is pretty vague. If any of yousuper-vigilant readers looking for flame bait happen to know of anyliterature that *does* cover headers in detail, please include thatinformation in your tirades!*********************************************Technical tip: Information relevant to headers may be extracted fromRequests for Comments (RFCs) 822 (best), as well as 1042, 1123, 1521 and1891 (not a complete list). To read them, take your Web browser tohttp://altavista.digital.com and search for "RFC 822" etc.*********************************************Lacking much help from manuals, and finding that RFC 822 didn't answer allmy questions, the main way I researched this article was to send email backand forth among some of my accounts, trying out many variations in order tosee what kinds of headers they generated. Hey, that's how real hackers aresupposed to figure out stuff when RTFM (read the fine manual) or RTFRFC(read the fine RFC)doesn't tell us as much as we want to know. Right?One last thing. People have pointed out to me that every time I put an emailaddress or domain name in a Guide to (mostly) Harmless Hacking, a zillionnewbies launch botched hacking attacks against these. All email addressesand domain names below have been fubarred. ************************************************Newbie note: The verb "to fubar" means to obscure email addresses andInternet host addresses by changing them. Ancient tradition holds that it isbest to do so by substituting "foobar" or "fubar" for part of the address.************************************************WHAT ARE HEADERS?If you are new to hacking, the headers you are used to seeing may beincomplete. Chances are that when you get email it looks something like this: From: Vegbar Fubar Date: Fri, 11 Apr 1997 18:09:53 GMTTo: hacker@techbroker.comBut if you know the right command, suddenly, with this same email message,we are looking at tons and tons of stuff:Received: by o200.fooway.net (950413.SGI.8.6.12/951211.SGI) for techbr@fooway.net id OAA07210; Fri, 11 Apr 1997 14:10:06 -0400Received: from ifi.foobar.no by o200.fooway.net via ESMTP(950413.SGI.8.6.12/951211.SGI) for id OAA18967; Fri, 11 Apr 1997 14:09:58 -0400Received: from gyllir.ifi.foobar.no (2234@gyllir.ifi.foobar.no[129.xxx.64.230]) by ifi.foobar.no with ESMTP (8.6.11/ifi2.4) id for ; Fri, 11 Apr 199720:09:56 +0200From: Vegbar Fubar Received: from localhost (Vegbarha@localhost) by gyllir.ifi.foobar.no ; Fri,11 Apr 1997 18:09:53 GMTDate: Fri, 11 Apr 1997 18:09:53 GMTMessage-Id: To: hacker@techbroker.comHey, have you ever wondered why all that stuff is there and what it means?We'll return to this example later in this tutorial. But first we mustconsider the burning question of the day:WHY ARE HEADERS FUN?Why bother with those "blah blah blah" headers? They are boring, right? Wrong!1) Ever hear a wannabe hacker complaining he or she doesn't have theaddresses of any good computers to explore? Have you ever used one of thoseIP scanner programs that find valid Internet Protocol addresses of Internethosts for you? Well, you can find gazillions of valid addresses without thecrutch of one of these programs simply by reading the headers of emails. 2) Ever wonder who really mailed that "Make Money Fast" spam? Or who is thatklutz who email bombed you? The first step to learning how to spot emailforgeries and spot the culprit is to be able to read headers.3) Want to learn how to convincingly forge email? Do you aspire to writeautomatic spam or email bomber programs? (I disapprove of spammer and emailbomb programs, but let's be honest about the kinds of knowledge theircreators must draw upon.) The first step is to understand headers.4) Want to attack someone's computer? Find out where best to attack from theheaders of their email. I disapprove of this use, too. But I'm dedicated totelling you the truth about hacking, so like it or not, here it is.HOW CAN YOU SEE FULL HEADERS?So you look at the headers of your email and it doesn't appear have any goodstuff whatsoever. Want to see all the hidden stuff? The way you do thisdepends on what email program you are using.The most popular email program today is Eudora. To see full headers inEudora, just click the "blah, blah, blah" button on the far left end of thetool bar.The Netscape web browser includes an email reader. To see full headers,click on Options, then click the "Show All Headers" item. Sorry, I haven't looked into how to do that with Internet Explorer. Oh, no,I can see the flames coming, how dare I not learn the ins and outs of IEmail! But, seriously, IE is a dangerously insecure Web browser because it isactually a Windows shell. So no matter how often Microsoft patches itssecurity flaws, chances are you will be hurt by it one of these days. Justsay "no" to IE.Another popular email program is Pegasus. Maybe there is an easy way to seefull headers in Pegasus, but I haven't found it. The hard way to see fullheaders in Pegasus -- or IE -- or any email program -- is to open your mailfolders with Wordpad. It is included in the Windows 95 operating system andis the best Windows editing program I have found for handling documents withlots of embedded control characters and other oddities.The Compuserve 3.01

Author/Poster Website: N/A

Vote this article

Print article email

E-mail to a friend save