Table of Contents
Email headers contain valuable information about the origin, routing, and authenticity of an email. Analyzing these headers can provide crucial insights for forensic analysis, investigating email authenticity, and understanding email routing.Â
In this blog post, we will introduce you to WhatMail – a powerful command-line tool that analyzes the header of an email and provides detailed information about various fields.
What is WhatMail?
WhatMail is a command-line tool specifically designed to extract and analyze email headers. It efficiently extracts commonly recognized email header fields such as To, From, Subject, Date, Delivered-To, as well as useful fields like Message-ID, Return-Path, Reply-To, X-Headers, MIME Version, Content Type, Received-SPF, DKIM Signature, Authentication-Results, X-Mailer, and DMARC Results.
| Message Information | Additional Fields |
|---|---|
| 1. To 2. From 3. Subject 4. Date 5. Delivered-To | 1. Message ID 2. Return Path 3. Reply-To 4. Received 5. MIME Version 6. Content Type 7. Received-SPF 8. DKIM Signature 9. Authentication Results |
How to Download Mail Header
Downloading the Gmail header can be useful for various reasons, such as investigating email scams or reporting suspicious activity. Now we will guide you through the steps to download the Gmail header.
Step 1: Open the Email
Locate the email for which you want to download the header. Click on the email to open it.
Step 2: Click on show original
In the top-right corner of the email, you will find three dots. Click on these dots to open a drop-down menu. Then click on ‘Show Original‘. This will open a new tab or window with the email’s full header information.
Step 3: Downlod the mail header
In the new tab or window, you will see the complete header information. To download the header as a text file, click “copy to cliboard” button
Now, select a location on your computer to save the header file, open a new text file, paste the copied content into it, name it, and click ‘Save’.
That’s it! You have successfully downloaded the Gmail header for the selected email.
Install and use WhatMail on linux
Installing and using the whatmail tool is very easy, let’s see how to install and use it easily.
Step 1: Clone The Repository
First, open your terminal and navigate to the directory where you want to install WhatMail. Then, run the following command to clone the WhatMail repository:
git clone https://github.com/z0m31en7/WhatMail.git
Step 2: Change The Directory
Once the repository has been cloned, navigate into the WhatMail directory:
cd WhatMail
Step 3: Run The Tool
Once you completed the above steps, you can start it by running the following command:
python WhatMail.py -hf {Path_to_header_file}
That’s it, now you can find out all the information that might be hidden in the mail header.
Why Use WhatMail?
WhatMail is an invaluable tool for anyone involved in email analysis and investigation. Here are some key reasons why you should consider using WhatMail:
- Forensic Analysis:Â WhatMail allows you to conduct in-depth forensic analysis of email headers, helping you uncover valuable information about the email’s origin, path, and potential manipulation.
- Email Authenticity:Â By examining fields like DKIM Signature, Authentication-Results, and DMARC Results, WhatMail helps you determine the authenticity of an email, identifying potential spoofing or phishing attempts.
- Email Routing:Â Understanding email routing is essential for troubleshooting delivery issues or investigating suspicious emails. WhatMail provides insights into the various servers and hops an email went through.
- Sender and Recipient Information:Â WhatMail extracts important fields like To, From, and Reply-To, enabling you to gather detailed information about the email sender and recipient.
I hope I have fully informed you about this whatmail tool and if you have any doubts! Or if you know of a better tool than this one, let me know through command.