Yahoo! Mail Header Format

From Forensics Wiki
Revision as of 09:03, 14 February 2009 by Jessek (Talk | contribs)

Jump to: navigation, search

The Yahoo! Web Mail header format has changed over time, but currently includes the sender's IP address, a domain key signature, and some other helpful information.

DomainKey-Signature 

DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  h=Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID;
  b=ql3kRKrhner1LTFFVBgCYI1uqK4+8hrb6d/Fefr/HkLuObQwIrIpEXA1OiagbuFZU+H+ue1anFvm1cHQ4hjpdUcjpIIPL7ldNL9YnOxauugdVW+
  OpbTvAu0XaGf2t7eBqOWJF0Y5gM7TE27WdElgVRikunfCQca1VFV6KSuQP0o=;

Here is a sample mail header. Note that the 'date' field will change from (PDT) to (PST) depending on the status of daylight savings time in California, USA. The sender's IP address is represented as a.b.c.d in the example below.

Mail Header 

Received: from [a.b.c.d] by web53409.mail.re2.yahoo.com via HTTP; Sat, 14 Feb 2009 05:42:03 PST
X-Mailer: YahooMailWebService/0.7.260.1
Date: Sat, 14 Feb 2009 05:42:03 -0800 (PST)
From: Sender Name <sender@yahoo.com>
Reply-To: sender@yahoo.com
Subject: Test Message
To: recipient@domain.com
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-ID: <695976.86300.qm@web53409.mail.re2.yahoo.com>
Retrieved from "http://www.forensicswiki.org/w/index.php?title=Yahoo!_Mail_Header_Format&oldid=7292"
Personal tools
Namespaces

Variants
Actions
Navigation:
About forensicswiki.org:
Toolbox