Email messages contain several parts. What follows is a discussion of these components.
The Header
This field contains a great deal of information about the sender of an email, the intended destination, and the intended recipient. The header field contains sub-headers that can include summaries, sender, receiver, various IP addresses and server names. Emails can often be traced by using the information in the header.
A few other fields one is likely to see if the header is analyzed would look like this:
- CC: carbon copy
- BCC: blind carbon copy
- Received: Tracking information generated by mail servers that have previously handled the message
- Content-Type: Information about how the message has to be displayed
- Reply-To: Address that should be used to reply to the sender
- References: Message-ID
- In-Reply-To: Message-ID of the message that this is a reply to
It's important to note that the "To:" field does not contain the actual recipient of the email. Similarly, the "From:" field cannot be used to determine who an email is actually from. These fields are for the convenience of the end-user; the actual sender and recipient data is contained in the header. The metadata in the header can be used to determine an email's actual origin, but some malicious users can "spoof" the To: and From: fields in order to create a means by which to send an apparently innocent email and introduce a trojan Horse into your company's system.
Many service providers have methods of cross-checking the header's metadata and referencing the actual sender. These security measures do help to reduce the threat of spoofing an email address. If you are considering outsourcing your email, it's important to ask if the contractor has a method of dealing with this particular security concern.
