ATTENTION: The new home of the Digital Forensics Wiki is at Yeah, it's a silly name, but it was cheap.
This wiki will be going offline permanently in the near future. An exact date will be announced soon. Thank you for being a part of this community.
If you wish to work on the new forensicswiki, please join the Google Group forensicswiki-reborn

Difference between revisions of "Yahoo! Mail Header Format"

From ForensicsWiki
Jump to: navigation, search
Line 45: Line 45:
<pre>Message-ID: <></pre>
<pre>Message-ID: <></pre>
[[Category:Mail Analysis]]
[[Category:Email Analysis]]

Revision as of 05:29, 23 July 2012

The Yahoo! Web Mail header format has changed over time, but currently includes the sender's IP address, a domain key signature, and some other helpful information.


DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;

Here is a sample mail header. Note that the 'date' field will change from (PDT) to (PST) depending on the status of daylight savings time in California, USA. The sender's IP address is represented as a.b.c.d in the example below.

Mail Header

Received: from [a.b.c.d] by via HTTP; Sat, 14 Feb 2009 05:42:03 PST
X-Mailer: YahooMailWebService/
Date: Sat, 14 Feb 2009 05:42:03 -0800 (PST)
From: Sender Name <>
Subject: Test Message
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-ID: <>

Message IDs

The Message-ID header in yahoo emails is a good identifier for the device that sent the message. Below are some samples:

Sent via Yahoo!® Mail for Android application on Android (Jelly Bean):

Message-ID: <>

Sent via Yahoo Webmail from Chrome:

Message-ID: <>

Sent via Android browser on via mobile webmail interface:

Message-ID: <>

Sent via Android email application configured for SMTP (jelly bean):

Message-ID: <>

Sent via iPod (IOS 5.0.1)

Message-ID: <>