Difference between revisions of "Outlook Express Header Format"

From ForensicsWiki
Jump to: navigation, search
(New page: Version 6 of Outlook Express running on Microsoft Windows generates headers in the format: <pre>From: "Username" <username@sendinghost.com> To: "Username" <username@receivinghost....)
 
 
(One intermediate revision by one other user not shown)
Line 1: Line 1:
 
Version 6 of [[Outlook Express]] running on [[Microsoft Windows]] generates headers in the format:
 
Version 6 of [[Outlook Express]] running on [[Microsoft Windows]] generates headers in the format:
  
<pre>From: "Username" <username@sendinghost.com>
+
<pre>
 +
Message-ID: <000f10c7183d$abe4d510$6031a8c0@hostname>
 +
From: "Username" <username@sendinghost.com>
 
To: "Username" <username@receivinghost.com>
 
To: "Username" <username@receivinghost.com>
 
Subject: Testing
 
Subject: Testing
Line 14: Line 16:
 
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1807</pre>
 
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1807</pre>
  
The Message-ID: header is not generated.
+
== Message ID Field ==
 +
<!--
 +
There is some confusion regarding the Message-id header. Messages created with Outlook Express have a message id field, but at this time we are not sure where exactly it goes in the order of headers. The format of the field is like this:
 +
 
 +
<pre>Message-id: <000f10c7183d$abe4d510$6031a8c0@hostname></pre>
 +
 
 +
This example was not actually generated by Outlook Express. It's a real message id field with some of the digits randomly replaced. The key things to note are the two dollar signs in the field and bare hostname (i.e. no TLD information). -->
 +
 
 +
The Message-ID have 4 parts: [hex time]$[random?]$[hw-hash?]@[hostname]

Latest revision as of 22:39, 28 July 2007

Version 6 of Outlook Express running on Microsoft Windows generates headers in the format:

Message-ID: <000f10c7183d$abe4d510$6031a8c0@hostname>
From: "Username" <username@sendinghost.com>
To: "Username" <username@receivinghost.com>
Subject: Testing
Date: Wed, 4 Apr 2007 14:11:45 +0100
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1807
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1807

Message ID Field

The Message-ID have 4 parts: [hex time]$[random?]$[hw-hash?]@[hostname]