Email Headers – A Cybersecurity Perspective!


Spam can be thought of as unsolicited email or emails that are sent to out to users. Many times these spam mails are actually phishing, which is a process used to defraud the recipient by masquerading as a legitimate entity or organization that may be familiar to the recipient. Phishing emails are typically used to gather personal financial information from the victim. Phishers often use social engineering tactics and e-mail schemes to trick their victims into clicking on links that are actually malware.

The following email header was taken directly from an email in my inbox. The items marked in red are of particular interest and will be used to determine the validity as well as the origins of the email. The email was sent advertising the use of a special muscle building vitamins to be used as part of a physical fitness program. At first glance, the email looked very suspicious. An investigation is in order here.

E-Mail Header:

Received: from ([]) by with MailEnable ESMTP; Fri, 27 Feb 2015 07:47:01 -0800
Date: Fri, 27 Feb 2015 07:47:01 -0800
From: Destroy One Pound Day <>
Reply-to: <>
Message-ID: <>
To: <>
Subject: It's true we investigated...
Content-Type: multipart/alternative;boundary="===============4981059843407325151=="
MIME-Version: 1.0

As seen in figure 1, the host IP from the domain with host address doesn’t match the IP from the header of Since the host IP of is not found, a reverse DNS lookup is out of the question here.


figure 1

As can be seen in the whois output in figure 2 below, The “OrgName” is This doesn’t match with the “” domain as seen in the senders email header. This is the first indication that this email is potentially a fraud. Figure 2 shows the registered name as, which is totally different from


figure 2

Digging a little deeper, a search was performed using the actual domain mane of, which returned the results as seen in figure 3. Since the actual website for the domain as indicated by the senders email doesn’t exist, it has been determined that the email is a fake. NOTE: “Inquire about this domain” means that the domain name is available for registration.


figure 3

During the final analysis, it was observed that the registrants name didn’t match with the domain name and the IPs associated with the domain and the e-mail header did not match either. Figure 4 below is the actual website of the registrant listed for


figure 4

Phishing methods are on the rise and with each passing day they are becoming more sophisticated and convincing. It is critical for users to educate themselves on the dangers of phishing, how to identify them, and how to avoid becoming a victim of them. Many popular websites are spoofed with some of the most common being PayPal, eBay, MSN, Yahoo, BestBuy, and America Online. The very concept of phishing can be thought of as a lure used to bait and hook its victim in hopes of financial gain. The FTC warns users to be on the lookout for any suspicious looking e-mails. In the unfortunate case a phishing email is encountered, “DO NOT” click on any links referenced inside the email and manually search them outside of the e-mail with a browser. With a little consumer education users can avoid becoming the next socially engineered e-mail phishing victim.


Messier, R. (2014, April). E-Mail Forensics. Retrieved July 2015, from Security Kilroy:

Rouse, M. (2007, May). phishing. Retrieved July 2015, from TechTarget Search Security:

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.