Checking message headers is an important task. IT managers may ask you to forward them message headers when they are troubleshooting problems or when trying to determine the legitimacy of an E-mail.

Message headers let you view the source IP address of an E-mail. Using that IP address, you can track its relative origin by using the American Registry of Internet Numbers’ Web site tool.

For this example, we are going to verify the validity of an E-mail that came from customer_service@bankofamerica.com.

How to Find the Message Headers in Outlook 2010

First, double click on the message to open it in a new screen.

Next, click on the file tab at the top left.

Now click on Properties to display the message headers.


How to Find the Message Headers in Outlook 2003 and 2007

From Outlook 2003 or 2007, simply right click on the message and select Message Options to display the headers.

The message headers are shown below in the box labeled: Internet headers.

If you are getting these to forward to your IT manager, simply copy and paste them to an e-mail.

If you want to look at the matter yourself, look at the IP address that the E-mail is received from. In this case it’s 217.118.81.28.

Visit http://www.arin.net and enter that IP address in the Search Whois field at the top right hand corner of the browser window.

As you can see, ARIN tells us that the e-mail originated from an ISP in Amsterdam. Since it’s unlikely that BOA will send out mail from and ISP in Europe, we can be pretty sure that the E-mail is forged.

Another trick is to get the domain’s MX records. To do this, visit www.mxtoolbox.com and in the Domain Name field, type bankofamerica.com and click on the MXLOOKUP button.

As you can see below, MX Toolbox reveals that the MX records have different IP addresses than those found in the message header, indicating a fraudulent e-mail.

Leave a comment

Your email address will not be published. Required fields are marked *