HomeLinuxWhatMail - analyze the email header

WhatMail – analyze the email header

Table of Contents

Email headers contain valuable information about the origin, routing, and authenticity of an email. Analyzing these headers can provide crucial insights for forensic analysis, investigating email authenticity, and understanding email routing. 

In this blog post, we will introduce you to WhatMail – a powerful command-line tool that analyzes the header of an email and provides detailed information about various fields.

What is WhatMail?

WhatMail is a command-line tool specifically designed to extract and analyze email headers. It efficiently extracts commonly recognized email header fields such as To, From, Subject, Date, Delivered-To, as well as useful fields like Message-ID, Return-Path, Reply-To, X-Headers, MIME Version, Content Type, Received-SPF, DKIM Signature, Authentication-Results, X-Mailer, and DMARC Results.

Message InformationAdditional Fields
1. To
2. From
3. Subject
4. Date
5. Delivered-To
1. Message ID
2. Return Path
3. Reply-To
4. Received
5. MIME Version
6. Content Type
7. Received-SPF
8. DKIM Signature
9. Authentication Results

How to Download Mail Header

Downloading the Gmail header can be useful for various reasons, such as investigating email scams or reporting suspicious activity. Now we will guide you through the steps to download the Gmail header.

Step 1: Open the Email

Locate the email for which you want to download the header. Click on the email to open it.

Output for choosing the mail

Step 2: Click on show original

In the top-right corner of the email, you will find three dots. Click on these dots to open a drop-down menu. Then click on ‘Show Original‘. This will open a new tab or window with the email’s full header information.

WhatMail – analyze the email header
Output for clicking the show original option

Step 3: Downlod the mail header

In the new tab or window, you will see the complete header information. To download the header as a text file, click “copy to cliboard” button

WhatMail – analyze the email header
Output for copy the mail header information

Now, select a location on your computer to save the header file, open a new text file, paste the copied content into it, name it, and click ‘Save’.

WhatMail – analyze the email header
Output for emilheader text

That’s it! You have successfully downloaded the Gmail header for the selected email.

Install and use WhatMail on linux

Installing and using the whatmail tool is very easy, let’s see how to install and use it easily.

Step 1: Clone The Repository

First, open your terminal and navigate to the directory where you want to install WhatMail. Then, run the following command to clone the WhatMail repository:

					git clone https://github.com/z0m31en7/WhatMail.git
WhatMail – analyze the email header
Output for downloading the tool

Step 2: Change The Directory

Once the repository has been cloned, navigate into the WhatMail directory:

					cd WhatMail
WhatMail – analyze the email header
Output for changing the directory

Step 3: Run The Tool

Once you completed the above steps, you can start it by running the following command:

					python WhatMail.py -hf {Path_to_header_file}
WhatMail – analyze the email header
Output for getting complete report on mail header

That’s it, now you can find out all the information that might be hidden in the mail header.

Why Use WhatMail?

WhatMail is an invaluable tool for anyone involved in email analysis and investigation. Here are some key reasons why you should consider using WhatMail:

  • Forensic Analysis: WhatMail allows you to conduct in-depth forensic analysis of email headers, helping you uncover valuable information about the email’s origin, path, and potential manipulation.
  • Email Authenticity: By examining fields like DKIM Signature, Authentication-Results, and DMARC Results, WhatMail helps you determine the authenticity of an email, identifying potential spoofing or phishing attempts.
  • Email Routing: Understanding email routing is essential for troubleshooting delivery issues or investigating suspicious emails. WhatMail provides insights into the various servers and hops an email went through.
  • Sender and Recipient Information: WhatMail extracts important fields like To, From, and Reply-To, enabling you to gather detailed information about the email sender and recipient.

I hope I have fully informed you about this whatmail tool and if you have any doubts! Or if you know of a better tool than this one, let me know through command.


Leave a reply

Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular

Recent Comments