This is the third in a series of articles on reading internet message headers. If you haven’t already done so, please read the first two articles, Reading Internet Message Headers, and Where’d That Email Come From?
Messages sent through mailing lists are a bit different than those sent directly to one or more email addresses. There are many different programs that run mailing lists, and each of them seems to do slightly different things to the headers depending on the software and how it is configured. Unless you have access to the messages before they go through the mailing list software, it can be very difficult to really know the origin of those messages. Listowners may or may not have access to the records of where the messages originated, depending on whether they run their own server and list software or are using a service like EGroups or ListBot.
Here’s an example of a message sent through EGroups:
Received: (from root@localhost) by zeus.larp.com (8.10.2/8.10.2) id e6M6ouU25336 for email@example.com; Sat, 22 Jul 2000 02:50:56 -0400 Received: from hn.egroups.com (hn.egroups.com [184.108.40.206]) by zeus.larp.com (8.10.2/8.10.2) with SMTP id e6M6olc25331 for <firstname.lastname@example.org>; Sat, 22 Jul 2000 02:50:47 -0400 X-eGroups-Return: email@example.com Received: from [10.1.10.37] by hn.egroups.com with NNFMP; 22 Jul 2000 06:48:27 -0000 Received: (qmail 11241 invoked from network); 22 Jul 2000 06:48:22 -0000 Received: from unknown (10.1.10.26) by m3.onelist.org with QMQP; 22 Jul 2000 06:48:22 -0000 Received: from unknown (HELO shell21.ba.best.com) (220.127.116.11) by mta1 with SMTP; 22 Jul 2000 06:48:22 -0000 Received: from localhost (spoons@localhost) by shell21.ba.best.com (8.9.3/8.9.2/best.sh) with ESMTP id XAA04661 for <firstname.lastname@example.org>; Fri, 21 Jul 2000 23:48:22 -0700 (PDT) X-Authentication-Warning: shell21.ba.best.com: spoons owned process doing -bs X-Sender: email@example.com To: firstname.lastname@example.org Message-ID: <Pine.BSF.email@example.com> From: Barbara Mikkelson <firstname.lastname@example.org> MIME-Version: 1.0 Mailing-List: list email@example.com; contact firstname.lastname@example.org Delivered-To: mailing list email@example.com Precedence: bulk List-Unsubscribe: <mailto:firstname.lastname@example.org> Date: Fri, 21 Jul 2000 23:48:22 -0700 (PDT) Reply-To: email@example.com Subject: [ulrp-update] Urban Legends Reference Pages Update #33 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Status:
As you can see, EGroups is configured so that you can tell where the message originated — from a shell acount user at best.com who had the IP address 18.104.22.168 when she sent the message. The following lines:
Mailing-List: list firstname.lastname@example.org; contact email@example.com
Delivered-To: mailing list firstname.lastname@example.org
differ from messages sent without mailing list software, but all are fairly clear. The first is used by EGroups to track messages that bounce. The second is used to indicate which mailing list the message came from (email@example.com) and gives the contact address for the owner of that list. The third is, again, just the mailing list name. The fourth gives the address to which an unsubscribe request would be sent, in case the recipient doesn’t want to receive further messages from that list.
I’m also on mailing lists run through ListBot, and some are configured so that I can see where messages originated, while some are not. I’m assuming that’s something controlled by the individual list owners.
Return-Path: <firstname.lastname@example.org> Delivered-To: email@example.com Received: (qmail 17645 invoked from network); 24 Nov 2000 21:23:22 -0000 Received: from unknown (HELO lbmail4.listbot.com) (22.214.171.124) by zeus.larp.com with SMTP; 24 Nov 2000 21:23:22 -0000 Received: (qmail 3820 invoked by uid 0); 24 Nov 2000 22:08:24 -0000 Date: 24 Nov 2000 22:08:24 -0000 Message-ID: <975103704.2299.qmail@ech> To: List Member <firstname.lastname@example.org> Mailing-List: ListBot mailing list contact email@example.com From: "Dead Troll News" <firstname.lastname@example.org> Delivered-To: mailing list email@example.com Subject: Dead Trolls & Lost Scrolls at Christmas
All I know about the above message is that it was sent through ListBot by the owner of the Dead Troll mailing list (they’re a comedy group, in case you were wondering). That list is only for announcements, so only the list owner can send messages. If I had reason to try finding out where the message originated, I’d have to try to contact the list owner or someone at ListBot.
In the next article we’ll talk about messages posted to newsgroups.
Originally published 12 February 2001. Last updated 17 February 2019.