Scribd
Upload
624 views

Email Header Analysis

This document provides steps to analyze email headers to determine if an email is spam. It involves logging into your email account, opening the message, viewing the original headers, copying them to sites like MXToolbox to check the SPF, DKIM and DMARC authentication. It also involves checking the IP address on sites like IPvoid and Virustotal to see if it is blacklisted. If the authentication fails and the IP is blacklisted, then the email is likely spam.

Uploaded by

Ayush Baloni
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
624 views

Email Header Analysis

This document provides steps to analyze email headers to determine if an email is spam. It involves logging into your email account, opening the message, viewing the original headers, copying them to sites like MXToolbox to check the SPF, DKIM and DMARC authentication. It also involves checking the IP address on sites like IPvoid and Virustotal to see if it is blacklisted. If the authentication fails and the IP is blacklisted, then the email is likely spam.

Uploaded by

Ayush Baloni
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 7

1

Email Header analysis


Log into your Gmail or
1 Google mail Account

Open the Email whose


2 headers you want to
view

You will see Reply at the


top right of the message
3
pane

You will see a little arrow


pointing down next to Reply.
4
Click on this down arrow next
to Reply

A drop down menu will


5 open up, Select Show
original in this menu

The full headers will now


6 appear in a new window
2

Go to Email Header analysis site


7 like mxtoolbox.com, cyber
forensics, redirectdetective.com

Check DMARC,SPF,DKIM
8 Authentication whether it
X is passed or not

Check for The IP Address


9 in IPvoid.com and virus
Y total whether IP is
Blacklisted or not

X & Y
10 Conditions are
not satisfied (IP
is blacklisted &
SPF, DKIM is not
Authenticated)

Email Msg is Spammed


3

Email Structure:-

Step 1:Log into your Gmail or Google mail Account

Step 2: Open the Email whose headers you want to view

I received Mail from [email protected] and it Body contains


“We are delighted to inform you that you were drawn a winner
4

of 545000 And 2 Nokia 9, Laptop) in the 2019 NOKIA DRAW


(United Kingdom).
Contact Mrs Elisabeth Edward.PLEASE SEND YOUR NAMES:”

After seeing this Msg I start Investigating for further steps.

Step 3:- You will see Reply at the top right of the
message pane.
Step 4: You will see a little arrow pointing down next to
Reply. Click on this down arrow next to Reply.
Step 5 : A drop down menu will open up, Select Show
original in this menu.

Step 6 : After clicking the show Original the full headers


will now appear in a new window
5

Step 7 : Copy the Email Header,Go to Email Header


analysis site like mxtoolbox.com, cyber forensics,
redirectdetective.com
Step 8: Check For DMARK,SPF,DKIM Authentication
whether it is passed or not
Paste the Email Header in MxToolbox.com and Start analysing
it.
6

In MxToolBoX DKIM-Signature is Not Verified and it is not Authenticated by


Dkim.
I note down the IP Address from the Mxtoolbox and started further investigation.

Use SPF with DKIM and DMARC

 SPF specifies which domains can send messages.


 DKIM verifies that message content is authentic and not changed.
 DMARC specifies how your domain handles suspicious incoming
emails.
7

Step 9 : Check for The IP Address in IPvoid.com,IBM X-


Force and virustotal.com whether IP is BlockListed Or not.

From IBM X-Force It is cleared that this IP address is used for Spam purposes
and its Risk level is 5.6.
IPVOID.COM

In IPVoid.com Also This IP address is blacklisted hence I conclude that Email


which I received is spammed .

Submitted by
Shiv

You might also like