Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

How do I view full headers in Gmail?

I’m trying to figure out an email problem and the ISP support said I needed
to send them the “full email headers” of the message. Huh? What’s that and how
do I get it? I use Gmail.

There’s a more to email than meets the eye.

In fact, there’s a LOT more.

Bundled with every message is typically a list of information, including the mail server that it originated from, the servers that it traveled across along its way, as well as a
bunch of other optional information relating to who sent it, anti-spam
information, mailing list unsubscribe information, and much, much more.

It’s a bunch of geekery that you really don’t want to see every time.

But if you do, it’s easy to get at it, particularly in Gmail.

Become a Patron of Ask Leo! and go ad-free!

Headers in Gmail

Here’s an email message displayed in Gmail:

Email message in Gmail

Hopefully, that’s a very familiar looking message – a copy of my newsletter Smile

Next to the date towards the top right are a couple of icons. Click the
downward-pointing triangle:

Menu of additional action items for a Gmail message

Click Show original.

This will open the full original email message in a new tab or window in the
text format in which it’s actually encoded:

Email headers courtesy of Gmail

The “email headers” include everything until the first blank line.
Everything after that is the email message itself.

Sending email headers

Even though you might send rich text and even pictures, email is always sent
in plain text. Anything that’s not plain text in your message will be encoded
into something that can be represented in plain text.

The headers themselves are always plain text.

If your ISP or someone helping you diagnose an email problem has asked for
the headers, start by composing a new message – it’ll be helpful if you can
select plain text format or compose that new message as plain text.

From the window in which Gmail is displaying the original message, select
all the text from the top to the first blank line, right-click it and click Copy.

Then, switch to the message that you’re composing, right-click in the body, and
click Paste.

Send that message to whomever was requesting it.

What is all this junk?

Go ahead and page up and down and have a look around in the original
message. You’ll see a lot of stuff in there.

A lot of “geekery,” as I said earlier.

The headers are a series of lines of information about the message being
sent. If the first column is not blank, then the line begins with a token
followed by “:”. For example, you’ll see many lines that begin with “Received:”.
Each mail server along the path from sender to recipient adds a Received:
line to the header so that the email messages path can be identified.

You’ll also see some familiar lines line To:, From: and Subject:,
which are themselves nothing more than header lines.

There are too many to cover them all here. Many are obvious, many are
not.

Header information can be faked

Finally, I want to point out that we often think of using header information
to trace where an email comes from. While technically possible to a point, it’s
often the case that a specific sender can NOT be identified if
they’re trying to be sneaky.

And to the technically-inclined, it’s not hard to be sneaky.

Information in the header can be faked or spoofed, and it sometimes takes a
close, knowledgeable eye to be able to identify when this happens.

That’s probably why you’re sending it to someone who understands it.

Subscribe to Confident Computing! Tech problem solving & safety tips & a weekly confidence boost in your inbox every week.

I'll see you there!

10 Reasons Your Computer is Slow

Slow Computer?

Speed up with my special report: 10 Reasons Your Computer is Slow, now updated for Windows 10.

NOW: name your own price! You decide how much to pay -- and yes, that means you can get this report completely free if you so choose. Get your copy now!

4 comments on “How do I view full headers in Gmail?”

  1. Leo, correct me if I’m wrong, one thing the sender can’t spoof is the header’s actual “From” information. While they can make an email address like “trust_me@irs.gov” appear in the “From” field in an effort to make you think it’s an email from the US Government, the header will always show the real “From” field that sent it. Granted, if it’s a “sneaky” sender, they won’t be sending it from their actual email server, rather it will come from “hijacked_account@botnet_server.com”…correct?

    Actually that’s not true. There is no “real” “From:” field – the From field you see, the one that’s easily spoofable, is the only From: field there is. You don’t really need an email account to send email if mail servers are configured improperly. The only thing in the header that can’t be spoofed that I’m aware of is the IP address of the server or network from which the email first enters the internet – and that can be obfuscated in various ways.

    Leo
    11-May-2012
    Reply
  2. I CANNOT send a letter or an eMail with the latest update of Mozilla Thunderbird??
    It simply does Not have a “Send”
    Any suggestions??
    {email address removed}

    Mine certainly has a Send when I’m in a compose window. Try CTRL+Enter to send.

    Leo
    11-May-2012
    Reply
  3. Re: No send in T_Bird — Cole, Open “write” window,
    right click 2nd band at top. Should see “menu bar”
    and “composition toolbar” with check before each.
    If Missing check, select item to add check. Should bring back send. Customize while there. Best wishes,
    Ron_H Thanks go to Leo!

    Reply
  4. Thanks for the reply Leo…and that’s why people visit your site and sign up for your email list…you can explain things very well. You’ve cleared up some confusion I was having.

    An example of what I was looking at is a spam message from “Post Express” (it had a virus attached to it) and it comes across as trying to be from the United States Postal Service and wants me to open the attachment.
    The “Received:” info in the header says:
    “Received: from abcdefg.com ([123.123.123.123])”
    (I’ve changed the IP and domain to protect the innocent)

    Then the “From” line says:
    “From: “Post Express” postmail@abcdefg.com
    This begs the question, why would the USPS use a mail server named “abcdefg.com”. The answer is simply that they wouldn’t. Since many would be suspicious they’ve put “Post Express” in there knowing that anyone using MS Outlook and possibly some other mail clients will ONLY see those words and it will help with the spoofing.

    So, this confirms what you stated…the “From:” information can be anything (and who knows if “postmail” exists on that server) but it came from abcdefg.com, which is not the USPS.

    Thanks for the reply Leo.

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.