Many email messages display forged email addresses in the headers so that the From line appears to be a uchicago.edu address, although it actually originated from an off-campus source. This is common with emails that are virus-infected, spam, or a phishing attempt. The following paragraphs explain how you can view and understand email headers in order to verify the originating address of the message.

Forwarding Email Headers Via Outlook

Outlook users can easily forward headers by emailing the email of concern as an attachment to preserve delivery header information, which is very useful for effectively blocking malicious emails. To do so, you simply have to press Ctrl+Alt+F (or control+command+J on a Mac) on your keyboard while in the message. This will create a new email message with the malicious email included as an attachment. You can now send this new email to IT Security at security@uchicago.edu for review.

How to Display Full Email Headers

See these support sources to learn how to view email headers in the most popular email applications:

• Google's support site for Gmail, Outlook, Apple Mail, and other mail clients
• Microsoft Outlook
• SpamCop.Net

Understand What Email Headers Mean

Email headers include tracking information that can be used to see some or all of the mail servers traversed by that message. Specifically, the Received headers list all of the email servers the message traversed in reverse chronological order.

Some aspects of the headers can be forged, and in general, interpreting headers requires significant technical background.

See these sources for useful information and tools:

• Google guide to interpreting full headers
• Google tool that translates the headers into a more comprehensible format
• Microsoft information on viewing message headers