How to identify a forged email address - Article 3722

It is easy to fake what appears in the “from” or “reply-to” line of an email message. If you dig a little deeper, you can confirm the message’s true origin.

When you receive an email, the message header includes standard information, like “to,” “from,” and “subject.” But there’s also a more detailed full email header that can help you trace the message back to its original source, to see if that matches up with what the more basic message header says.

If the “from” in the message header doesn’t correspond with what you see in the full version of the email header, be suspicious of a scam.

An example

The message header in the email below indicates that the message came from Adobe. But in the full header (Part 2, below), you can see the host name, ‘mta811.email.childrensplace.com’.

Childrensplace.com is a children’s shopping website—an unlikely origin for a message from Adobe. If the email had actually come from Adobe, the “received” line would probably show that the email started its journey at adobe.com.

Also, if you scrutinize the “reply to” section of the full header, it indicates that your reply would be redirected to support-bx9v0dvbfjbebzau60jacqc68fsb9p@ email.childrensplace.com”—not the “newsletter@ adobe-newsletter.com” address that the message appeared to come from.

Revealing the full header

The full header is not automatically visible, but it’s easy to reveal it through your email software.

Here’s a support article on how to view or forward message headers in Outlook. http://its.uiowa.edu/support/article/100814. This Google support article offers instructions for revealing full message headers in other email services.

Wath the speling …

Did you happen to catch the misspelling of “incorporated” in the “from” line in the example? (From: Adobe Systems Incoporated)

Spelling and grammatical errors are good indicators that an email could potentially be bad. 

How to Spot Fake Email Addresses | Understanding Web Site Names | Concealed Web Site Addresses | Deceptive Addresses

Info Center: