[unisog] email problem primer

Jenett Tillotson jtillots at purdue.edu
Tue Feb 7 21:46:59 GMT 2006

We shamelessly stole a document off of the web which lays out how to get
full headers for most email clients.  We've modified it to meet our
requirements (added some clients and such).  It may be terribly out of
date.  You can get a copy of it here:


Stanford has a nice one on the web as well at:


As for gathering information from the full headers, this is a tough
topic.  Even seasoned email admins sometimes have trouble reading email
headers.  But there are loads of documents on the web that will tell you
what to look for and how spammers try to fool you.  Here's one that I
quickly found that looks promising:


Good luck, and share back what you create with us!


  Jenett Tillotson, System Administrator
  Rosen Center for Advanced Computing, Purdue University
  jtillots at purdue.edu / v: (765) 494-9387

On Tue, 2006-02-07 at 13:19 -0800, hermit921 wrote:
> I have been asked to write a simple document for analyzing email 
> problems.  This will not be given to PC support staff who know almost 
> nothing about email.  I know it will need to include:
> 1. how to determine who sent the message
> 2. how to determine who should have received the message
> 3. read a returned error message and figure out what it means
> 4. look at the headers and figure out what mail servers were involved and when
> It will not include looking at mail logs.  It will not be mail client specific.
> Does anyone have such a document already?
> Thanks,
> Neil
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog

More information about the unisog mailing list