如何通过一封邮件,找到真正的发件人?

邮件发送原理和我们传统的邮寄邮件基本一致。需要经过多个邮局中转，最后才能达到收件人手中。

有时由于某种原因，需要查找真正的发件的发件人。因为邮件发送协议本身的不安全性，导致伪造邮件，群发邮件横行。那么如何才能找到真正的发件人呢？

很简单，给大家介绍下。

发信人的地址是可以任意伪造的，查看信头可以让您找到真正的发件人。查看信头的方法是：
　　1)如果您是在web页面上看邮件的话，直接打开邮件，点击信件显示页面上方菜单中的"原文"，就可以看到信头。
　　2)如果是用Outlook Express来收信的话，指向邮件，不要打开，点击鼠标右键，看信件的属性，再点击详细资料，就可以看到信头。如果有sender的话，sender后面就是真正的发件人;如果没有sender，最后一个received from就是发件人所用的SMTP服务器。
　　Receive语句的基本表达格式是：from Server A by Server B，Server A为发送服务器，Server B为接收服务器。

比如我收到一封邮件打开是这样的

2.检视来源


3.我们就可以看到详细的邮件中转过程：

Return-Path: <support@vultr.com>
Delivered-To: service@emailcamel.com
Received: from us2.mx.mailhostbox.com ([172.16.214.10])
    by mss25.mailhostbox.aus-tx.colo (Dovecot) with LMTP id Me4MDHQ/wFq/egAA4StP0Q
    for <service@emailcamel.com>; Sun, 01 Apr 2018 02:09:56 +0000
Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=108.61.150.28; helo=mail1.vultr.com; envelope-from=support@vultr.com; receiver=service@emailcamel.com 
Authentication-Results: us2.mx.mailhostbox.com;
    dkim=pass (2048-bit key; unprotected) header.d=vultr.com header.i=@vultr.com header.b="rZH+7FIZ";
    dkim-atps=neutral
Received: from mail1.vultr.com (mail1.vultr.com [108.61.150.28])
    (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
    (No client certificate requested)
    by us2.mx.mailhostbox.com (Postfix) with ESMTPS id E22D07140006
    for <service@emailcamel.com>; Sun,  1 Apr 2018 02:09:53 +0000 (GMT)
Received: by mail1.vultr.com (Postfix, from userid 0)
    id ED1593960640; Sat, 31 Mar 2018 21:40:27 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vultr.com; s=mail1;
    t=1522548590; bh=qNXvBCSAngmBt3TtrOBbOujGq5+WdsL2AfQb2t5nz5Y=;
    h=Date:To:From:Subject;
    b=rZH+7FIZSSo/o3m9/JYdYdLvOUTYqDXbmVKLxuWoRkGdo9VW772OQju/9rS8Wum26
     fAaHz1jrT04ETamk9Kzc1gsW4BQAxN3e1++T/wR5cubt2JUMSIIpuGfepdvC/CEBhm
     PSGYRLbsLrW5Kvm3rc0brt82l5xYhVUeiW1ffFvwfNTCM6aRSydgmffsd1od307XpL
     IVttkQrePjtNDjFKrEmxa1joM3L0C0fUccM72hBDeGCQg7xJc8ntNiat4SjqTVsIlG
     d+bZ4Zf57Q/ZSBcWg8xcoPwJPv5SKmEXERhFfTyHWEZXU14u/fNe8olDQ332PCirlr
     XAxFS6N1AOX8g==
Date: Sat, 31 Mar 2018 21:40:27 -0400
To: service@emailcamel.com
From: "support@vultr.com" <support@vultr.com>
Subject: Vultr.com: New Invoice
Message-ID: <b231c6fc31427ea80954559ad180d0b8@vultr.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
X-CMAE-Score: 0
X-CMAE-Analysis: v=2.2 cv=S7yp+MkP c=1 sm=1 tr=0
    a=idFnbDuFSKymBMR5dVumXA==:117 a=idFnbDuFSKymBMR5dVumXA==:17
    a=Y2Ni09Y7AAAA:8 a=IkcTkHD0fZMA:10 a=v2DPQv5-lfwA:10 a=JqEG_dyiAAAA:8
    a=9EAx0KQhvRP_c91paSYA:9 a=QEXdDO2ut3YA:10 a=lj81nr4JMVgA:10
    a=2hfT2BMxNXQA:10 a=XQigeDqq3TPZTAXFcf33:22

Your Vultr.com account has a new invoice in the amount of $5.00. Note: Your account currently has enough credit to cover this invoice. No additional deposit is required at this time.

To view your billing statement, please log into your client panel at  https://my.vultr.com/billing/#billinghistory

Thank you for choosing Vultr.com

-- Vultr.com Support Team --

Follow us on Twitter: https://twitter.com/

我们看最后一个Received的就可以了。是通过Postfix邮件发送程序由mail1.vultr.com发送来的。