01-01-0001

Basic e-mail header analysis

Although the need to do e-mail header analysis comes up quite often in the work of SOCs, CSIRTs and law enforcement, I find that it is not unusual for analysts and investigators to know very little about this issue, besides the fact that “the last IP address not from RFC 1918 range is the important one”.