How to decode email header content

0

When open up the header or read the raw source of an email, I see header-vales in, for example, X-Cm-Senderinfo or Thread-index to be strings of encoded text. I though they are base64 but I tried converting them with online base64 decoder and didn't work, saying the string of text is not base64 encoded. I also tried decode in BinHex - no luck either. I though MIME headers are either base64 or BinHex, but neither decoding results in readable text.

How can I decode these header-values to english?

KMC

Posted 2012-02-03T03:03:43.773

Reputation: 1 537

1people, if you downvote me at least tell me why, not just on personal perferences. I can't find see how I'm violating the Q&A or is it a duplicate question. – KMC – 2012-02-03T03:22:49.863

apparently down-voters are did not reading my previous comment. Give a reason why it received a down-vote. If you just down-vote question without any construction reason, you are posting negative impact to the community. Again, this question follow FAQ. – KMC – 2012-02-27T04:43:48.290

Answers

2

A lot of these headers are randomly generated, or are hashes of some part of the message content. They're not intended to have any useful information, they're just used so that if the same header is seen again later, various systems call tell that they've seen the message (or a related message) again.

For instance, I would guess that Thread-index is randomly generated; it doesn't contain any useful information itself, it's just used so the mail client can display the thread together, even if people alter the recipients or the subject.

James Polley

Posted 2012-02-03T03:03:43.773

Reputation: 5 892

to get it right: these strings/text are used to compare/sort/match different emails rather telling any sender/receiver/server information? – KMC – 2012-02-03T04:17:01.943

2

In some cases, yes. To take one example, the thread-index header seems to be a timestamp - see http://stackoverflow.com/questions/2278314/how-does-the-email-header-field-thread-index-work and its links for lots of detail. Message-ID is commonly used; it's just a random number that has no meaning, it just serves as a hint for mail clients when the ID gets reused later in an In-Reply-To header

– James Polley – 2012-02-03T04:45:56.497

2

While it's true that some Message-IDs have no meaning, others do. See this article from Blackhat: http://www.blackhat.com/presentations/bh-europe-07/Mora/Whitepaper/bh-eu-07-mora-WP.pdf.

– james.garriss – 2012-11-29T19:43:44.563

Asked: 2012-02-03T03:03:43.773

Viewed: 2 976 times

Active: 2012-02-03T03:34:15.810