E-mail headers have a lot of data about which you need not be concerned. They do, however always carry at least one item about which you should care greatly.
Let’s dive in with an example. The following are the headers from an email message written on the webmail service, GMX.com through our user account safe...@gmx.com. The message was sent to our own email server to moni...@securesurfing.net. You note those two things in the very beginning of this particular header scheme:
X-Account-Key: account11 X-UIDL: UID27-1247275555 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 X-Mozilla-Keys: Return-path: <safe...@gmx.com> Envelope-to: moni...@securesurfing.net
The “envelope-to” just means that the entire contents, message and any attachments, are addressed to go to moni...@securesurging.net.
Now look at the following, after the Delivery-date line. You will see a sequence of Received notices. Disregard the X- items for now.
Delivery-date: Sat, 05 Sep 2009 19:48:20 -0700 Received: from ipoin0 by demeter.lunarmania.com with local-bsmtp (Exim 4.69) (envelope-from <safe...@gmx.com>) id 1Mk7nc-0004gA-NP for moni...@securesurfing.net; Sat, 05 Sep 2009 19:48:20 -0700 X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on demeter.lunarmania.com X-Spam-Level: * X-Spam-Status: No, score=1.2 required=5.0 tests=HTML_MESSAGE,MIME_HTML_MOSTLY, MPART_ALT_DIFF,RDNS_NONE,SPF_PASS shortcircuit=no autolearn=no version=3.2.4 Received: from [213.165.64.42] (helo=mail.gmx.com) by demeter.lunarmania.com with smtp (Exim 4.69) (envelope-from <safe...@gmx.com>) id 1Mk7nb-0004fi-W6 for moni...@securesurfing.net; Sat, 05 Sep 2009 19:48:16 -0700 Received: (qmail 8004 invoked by uid 0); 6 Sep 2009 02:48:14 -0000 Received: from 209.59.47.14 by www-eu001.v300.gmx.net with HTTP Content-Type: multipart/related;
The sequence reads backward from the destination to the origin of the message. So the first line, “Received: from ipoin0 by demeter.lunarmania.com … for moni...@securesurfing.net” tells us the message is for us. We are user ipoin0 on the demeter server.
A side note here is the distinction between securesurfing.net and demeter.lunarmania.com. If you are an SSO member then you will see a similar header even though your pop3 server points to mail.securesurfing.net.
This is because lunarmania handles all of our email server needs. The name “mail.securesurfing.net” exists for the convenience of users, and in reality the server handling your email is demeter.lunarmania.com.
Okay, so we know that we received the message, so we haven’t exactly learned anything yet.
If you skip to the next Received item you will see that before demeter dropped it to ipoin0, it first picked it up from IP address 213.165.64.42which identified itself (the “helo” part) as mail.gmx.com.
Each intermediate server between the originating source and the destination will have its own Received from entry in the header.
The key piece of information is the final Received entry.
Received: from 209.59.47.14 by www-eu001.v300.gmx.net with HTTP
This tells us the IP address of the original writer of the message. (it also tells us it was sent from web mail because gmx.net received it via HTTP).
This final IP address is the actual address of the person who wrote the message. So when you send email, your IP address is embedded in the headers that travel over all the different servers that transmit your message.
Anyone can use that IP address for their own purposes. For example, it is not exactly rare that someone sends an email that triggers the displeasure of another and that other uses DoS tactics to attack the writer’s system.
In this case, such an attack would be entirely futile because the IP address is not in fact our own. Because we subscribe to Anonymizer when we wrote the message on gmx web mail, the only IP address that could be detected was the IP address of the anonymizing proxy. So any attack will be received by Anonymizer, and handled by them through their own tested methods, not the least of which is routine switching of addresses.
This method does not work for “client side” email sending, such as when you use Thunderbird, Outlook or some other client to write and send your mail as compared to using a web interface/web mail. This is because your email client connects directly to an outbound email server, usually an SMTP server. Because the connection is not a web (http/s) connection it cannot be automatically routed through the Anonymizer web proxies.
However, if you are a subscriber to the Anonymizer Total Net Shield product, you can not only hide your IP address, but your name/identity altogether. This is so because the TNS service includes access to Anonymizer’s own anonymous SMTP servers, so you would have an address of the form john...@mail.anonymizer.com. Mail sent this way does not contain the IP address of the sender and will come from whatever user name you chose when you signed up for the service.
Have a look at the relevant headers from just such a message:
Delivered-To: GMX delivery to safe...@gmx.com Received: (qmail invoked by alias); 10 Nov 2009 01:35:07 -0000 Received: from mx1.anonymizer.com (EHLO mx1.anonymizer.com) [168.143.113.241] by mx0.gmx.net (mx103) with SMTP; 10 Nov 2009 02:35:07 +0100 X-ASG-Debug-ID: 1257816904-6adb00100000-SKNFIe X-Barracuda-URL: http://168.143.113.241:8000/cgi-bin/mark.cgi Received: from tnsmail1.anonymizer.com (localhost [127.0.0.1]) by mx1.anonymizer.com (Spam Firewall) with ESMTP id A7B4713EA6A for ; Mon, 9 Nov 2009 17:35:04 -0800 (PST) Received: from tnsmail1.anonymizer.com (tnsmail1.anonymizer.com [168.143.113.34]) by mx1.anonymizer.com with ESMTP id ccXWshX8LIs8qQOn for ; Mon, 09 Nov 2009 17:35:04 -0800 (PST) X-ASG-Whitelist: Sender Received: from [127.0.0.1] (archangel.anonymizer.com [168.143.113.111]) by tnsmail1.anonymizer.com (Postfix) with ESMTP id 4411684065 for ; Mon, 9 Nov 2009 17:34:34 -0800 (PST) Message-ID: <4AF8...@mail.anonymizer.com>
You can see that the last Received from entry is from 127.0.0.1 which is the “local host” address of every computer in the world. The archangel and 168.143.113.111 are Anonymizer’s own server and IP address.
Now, note the last part of the header:
Received: from 209.59.47.14 by www-eu001.v300.gmx.net with HTTP
Every e-mail message carries a Message-ID.
What this means is that just because you are able to protect your IP address or even your full identity, you are not immune from legal consequences if you do criminal things using e-mail. The message id will uniquely identify the email message with your user account on that provider. In this example, if the user were conducting illegal activities, a search warrant would require Anonymizer to disclose who held the account to which the message id belonged. (In some jurisdictions, like the United States, and for some matters, like terrorism threats, a search warrant is not always required.)
There are ways to maintain virtually impenetrable anonymity with email, but for the vast majority of people the effort required is just not worth it. By using Anonymizer services, you achieve a high degree of security and by following our other advice on email accounts (such as getting one @securesurfing.net) you gain anonymity from all but the most extreme cases.
Members of the Secure Surfing Organization automatically receive email accounts and we are contractually committed to not disclosing your identity unless compelled by a lawful authority, and that, even when a lawful authority demands your identity we will try to defend against that authority by challenging demands not accompanied with a reasonable cause search warrant.
Be mindful of our Privacy Policy restriction “If we have reason to believe a person is a child predator, fraud artist including identity thieves, or is a risk to themselves or others, WE WILL SHARE ALL INFORMATION WITH RESPONSIBLE LAW ENFORCEMENT AUTHORITIES. BY BECOMING A MEMBER OR USING THIS SITE, YOU GRANT US THE RIGHT TO DO SO WITHOUT RECOURSE TO ANY REMEDY.” Thus if you truly are up to active evil, we won’t protect your anonymity either. We are not willing to undo your privacy for claims of petty acts, linguistic wrongs, RIAA offenses or even civil litigation. But if you cross the line, we will lead the charge to get you in front of a jury.
