In this article, we will explore the fundamentals concepts associated with email that will help us to perform email analysis. We will begin by understanding the email structure and discuss how a malicious email can be analyzed using the email headers.
An email consists of two parts: the header and the body. The body is where the message appears and the header contains metadata, which includes details such as where the message originated, date of delivery and the destination address.
Let us open a sample email received using Gmail and explore the structure, function and details of the email received. The following steps show how one can access the raw email from the Gmail inbox.
Open your Gmail and click on the email you want to see the header for. Search for the reply button, click the vertical three-dotted button on the right, and choose Show Original. We will be shown an overview of the information followed by the whole email header. Additionally, we also have options to download the email in .eml (email message) format and copy to clipboard.
Note that the example shows Gmail but all the email providers provide an option