Gmail Header Format

From ForensicsWiki
Revision as of 05:16, 6 March 2007 by Jessek (Talk | contribs)

Jump to: navigation, search

Because Gmail is a web based application and can be changed at any time, the information in this article may not reflect the current state of Gmail headers. In general Gmail headers have a DomainKey Identified Mail (DKIM) signature line that contains a signature for the message in question. These lines appear above the standard Message-ID fields. These signatures are of the format:

DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed;; s=beta;
DomainKey-Signature: a=rsa-sha1; c=nofws;; s=beta;

Note that some of the Received lines will contain hosts with IP addresses like 10.x.x.x. These addresses are non-routable but part of the Gmail system. The remaining headers look like:

Message-ID: <>
Date: Mon, 5 Mar 2007 09:10:41 -0800
From: UserName <>
To: OtherUserName <>
Subject: Subject Line
MIME-Version: 1.0

The format of the Message-ID field is not known.

External Links