Now days, sending information or sharing a data has become a task of clicks. Simply type the message, click "Send" button and the message will be delivered to the required person. However, there are various facts that take place at the backend and having a basic understanding of the technologies that help in electronic communication helps in forensic email investigation. An email is generated and passed to another through mail Server. Basically, the Server here acts as an electronic Post Office that is responsible to send, receive, and manage emails.

An email comprises of three major components: The Body, Attachment, and Header. From these elements, Header helps a lot in e-discovery of evidences by giving information like who is the sender, how many Servers it has passed through to reach the recipient, with which email client it has been created, the IP address and much more. This generally helps forensic experts to determine the actual source of the mail.

However, thinking that a header is 100 percent genuine source to check the sender of email is wrong. Header of an email can be forged due to which the message appears to have originated from different source. Such attempts are made by Spammers and it is possible because there is no authentication mechanism used by SMTP (protocol for sending messages). However, the client working with SMTP negotiates with security level but that is not enough.

So, if no precaution is taken, chances are anyone can connect to the Server with basic requisite and intellect and utilizes it to send emails. Certain commands are used to modify the information in message and thus it is possible to send an email from anyone to anyone.

However, it is still possible to analyze a forged header. The information related to the actual sender of an email can be discovered through "Received:" lines of a header. These lines represent the hop of mail Servers, i.e. keeps a record of path followed by mail to move from Sender to Receiver. These lines can be forged but there is a way to discover fraudulent.

The header forging is possible at the malicious Server but it will definitely pass to the legitimate Server. The genuine Server will detect the IP address of the Server from which the mail is being received and there is absolute assurance that this information will be true. The spammers fortunately do not have any control over the "Received:" lines of an email header and they acts as a hop of mail message.