Fighting ignorance since 1973. (It’s taking longer than we thought.) | 
Thursday, April 25, 2024

What do Internet E-mail headers mean?

A STAFF REPORT FROM THE STRAIGHT DOPE SCIENCE ADVISORY BOARD

By  Straight Dope Staff
   
SHARE What do Internet E-mail headers mean?

Dear Straight Dope: Something has been bugging me. What EXACTLY does the techno-babble under “Headers” mean when you get an E-mail from a different server. Is it a CIA/FBI cover up? Unscrambled does it contain the lyrics to ever motley crue song? Or is it just put there to give us something to ponder, since you answered EVERYTHING else? She’s only 17

SDStaff Karl replies:

You’re sure you want your brain to dry up, crumble, and blow away in the wind? OK, here goes …

If you _really_ want to know, you need to read RFC821, and RFC822, (also known as Internet Official Protocol Standards 10 and 11.) and their later friends that add to them like RFC2045. You can find them at:

https://tools.ietf.org/html/rfc821

https://www.w3.org/Protocols/rfc822/

https://www.ietf.org/rfc/rfc2045.txt

(I just love how the Internet is defined on the Internet!)

You’ll find RFC 822 the most accessible. Party on!

Here’s the quick summary:

There are two kinds of headers. Those that have to do with delivery of the mail over the internet are “envelope headers” and are described in RFC821. The rest are “content headers” (RFC822 and RFC2045) and describe the content of the message. Content headers can also contain information that is particular to specific mail delivery systems. One wonders if a certain software vendor that shall remain unnamed doesn’t add uglies into the headers of mail that passes through their software just to confuse those who don’t use their product.

Here’s a typical sample explained, a message from the fictitious Jay Codebender at the University of Chicago to the fictitious Fred the Troll at The Meme Factory:

X-RDate: Wed, 21 Oct 1998 15:58:53 -0000 (GMT)

Return-Path:

Received: from alexandria.cs.uchicago.edu (alexandria.cs.uchicago.edu

[128.135.11.87]) by arthur.meme.com (8.8.5/8.8.5) with ESMTP id LAA28241 for

; Wed, 21 Oct 1998 11:53:35 -0500

Received: from yeenoghu.cs.uchicago.edu (yeenoghu.cs.uchicago.edu

[128.135.20.107]) by alexandria.cs.uchicago.edu (8.9.1/8.9.1) with SMTP id

LAA23180 for ; Wed, 21 Oct 1998 11:47:39 -0500 (CDT)

Date: Wed, 21 Oct 1998 11:47:38 -0500 (CDT)

In-Reply-To:

Message-ID:

100000@yeenoghu.cs.uchicago.edu>

MIME-Version: 1.0

Content-Type: TEXT/PLAIN; charset=US-ASCII

Content-transfer-encoding: 7bit

X-UIDL: a2ef94d539ecb5fde971b7349e9410ed

From: Jay Codebender

To: “Fred The Troll”

Subject: Re: Tasty catfood

X-RDate: Wed, 21 Oct 1998 15:58:53 -0000 (GMT)

Anything starting with “X-” is extra, not defined in the standards. Programs that send, receive, or handle the delivery of mail are free to add as many of these as they like for whatever reason they like. Oftentimes you’ll see something like “X-Mailer: Super Foo Mailer!!!,” added as a kind of little mini-ad by the program that wrote the E-mail, perhaps directed at its computer brethren. Some E-mail programs will let you add your own headers to mail you send. This lets you remotely control programs by sending them e-mail with commands in the headers, or send your brother an e-mail with the header “X-Are-You-An-Idiot: Yes.” Looks like this particular header holds the date (Greenwich Mean Time) the message was received. The “-0000” is the difference between the date given and GMT.

Return-Path:

Return-Path: an envelope header, e-mail address to send an error back to in the event the message can’t be delivered.

Received: from alexandria.cs.uchicago.edu (alexandria.cs.uchicago.edu

[128.135.11.87]) by arthur.meme.com (8.8.5/8.8.5) with ESMTP id LAA28241 for

; Wed, 21 Oct 1998 11:53:35 -0500

Received: from yeenoghu.cs.uchicago.edu (yeenoghu.cs.uchicago.edu

[128.135.20.107]) by alexandria.cs.uchicago.edu (8.9.1/8.9.1) with SMTP id

LAA23180 for ; Wed, 21 Oct 1998 11:47:39 -0500 (CDT)

Received: is an envelope header describing the passage of the mail through the mail system. This is mostly so that if there’s a problem with the mail delivery, somebody can track down what happened. The format of the line is standard, although the content may vary. These particular messages begin by saying (read the 2nd line first): The message was first seen by the internet at the computer yeenoghu.cs.uchicago.edu. Yeenoghu has an IP (Internet Protocol) address of 128.135.20.107. (You asked for “exactly”: The Internet Protocol and IP addresses are defined in RFC791.) Yeenoghu gave it to alexandria. (Alexandria noted it’s running version 8.9.1 of the sendmail mail delivery program [See http://www.sendmail.org], using a version 8.9.1 configuration file.) The 2 computers used the the SMTP protocol (Simple Mail Transfer Protocol, defined by RFC821) as their language when they chit-chatted to transfer the message. They gave the message the unique id “LAA23180” for tracking purposes throughout the internet mail delivery process. The message should be delivered to the E-mail address “fred@meme.com.” Finally, the time all this happened, in Central Daylight Time, 5 hours earlier than GMT. Then, the message was given from alexandria.cs.uchicago.edu to arthur.meme.com and more of the same happens.

One would think that this would allow you to tell where a piece of spam e-mail came from. Before you get too excited and send off a bunch of flaming E-mails back to the spammer, you should know that spammers have caught on to this and often add additional “Received:” lines to a message before they send it to make it look like the message passed through their system on its way to you, instead of originating on their system.

Date: Wed, 21 Oct 1998 11:47:38 -0500 (CDT)

Now we start on the “content headers,” describing the mail’s content. This message was written on the given date.

In-Reply-To:

The message is a response to a previous message. The program sending the original message assigned it this ID, which is presumably meaningful to the program that sent it. For instance, these IDs can be used to “thread” messages, collect the original message together with its responses. The AOL E-mail program does not send these sorts of headers back with message replies. There’s nothing in the standards that says it has to, to the annoyance of non-AOL users because their E-mail threading can fail when they receive messages from AOL.

Message-ID:

100000@yeenoghu.cs.uchicago.edu>

This message has an ID that’s meaningful to the program that sent it. A techonogeek can tell the message was written with the “pine” e-mail program on the yeenoghu computer.

MIME-Version: 1.0

Mime version 1.0 headers are used to describe the content of the message.

Content-Type: TEXT/PLAIN; charset=US-ASCII

The content is text, unembellished. (This is one of those MIME, Multipurpose Internet Mail Extensions, version 1.0 mail headers. Turns out MIME types are so useful that they’re used for much more than E-mail these days.) The eeney beeney ones and zeros that make up the text of the message itself are interpreted as various letters using the US-ASCII character encoding. Someone writing in Icelandic would use a different character encoding to get Icelandic characters. The mail headers themselves always have to be in ASCII, and English (sort of English anyhow), as written.

Content-transfer-encoding: 7bit

Another MIME header extension describing what the actual body of the message looks like as it is transferred from machine to machine. In this case, it consists of lines no longer than 1,000 characters, each character being encoded in 8 bits, but with the leftmost bit always zero. Other transfer encodings may require that the body of the message be decoded before it looks like what Content-Type: says it looks like.

X-UIDL: a2ef94d539ecb5fde971b7349e9410ed

Another “extra” header. This one records the message UIDL, something to uniquely distinguish this E-mail message from any other message ever delivered to that E-mail address. These are often used to keep track of which messages have been delivered to the recipient’s desktop (see RFC1939.)

From: Jay Codebender

Who sent the message. This is still a “content” header, and so actually has nothing to do with who _really_ sent the message. But, it’s all you get. Your E-mail program uses this to show you who sent the message.

Impress your friends! Read the 7 pages of section 6 of RFC822 that describe all the ways an e-mail address can be written. There’s a lot more to it than you think.

To: “Fred The Troll”

The address to which the message should be delivered. Again, a “content” header, which is how it’s possible for mail to show up in your mailbox that’s not addressed to you.

Subject: Re: Tasty catfood

The subject of the e-mail. In this case, the message is a reply to a previous message, so the program of the person who sent the mail has thoughtfully begun the subject with “Re:” .

There, I told you it’d be quick.

SDStaff Karl, Straight Dope Science Advisory Board

Send questions to Cecil via cecil@straightdope.com.

STAFF REPORTS ARE WRITTEN BY THE STRAIGHT DOPE SCIENCE ADVISORY BOARD, CECIL’S ONLINE AUXILIARY. THOUGH THE SDSAB DOES ITS BEST, THESE COLUMNS ARE EDITED BY ED ZOTTI, NOT CECIL, SO ACCURACYWISE YOU’D BETTER KEEP YOUR FINGERS CROSSED.