Hello, aspiring Ethical Hackers. In our previous blogpost, you have learnt what is footprinting and various methods to perform footprinting. One such type of Footprinting is Email Footprinting or Email analysis.
Not just that. Emails are one of the most common ways cyber attacks happen. From phishing scams to malware delivery, attackers often use email as their first point of entry. That’s why learning email analysis is an important skill for anyone interested in cybersecurity or ethical hacking. The good news?
You don’t need advanced skills to start learning it. In this beginner-friendly guide, you’ll learn:
- What email analysis is
- Why it matters
- How to analyze emails step by step
- What suspicious signs to look for
New to Ethical Hacking?
Start your journey with The Beginner Ethical Hacker Starter Kit (2026 Edition).
Inside the free guide, you’ll learn:.
- Ethical hacking fundamentals
- Beginner cybersecurity roadmap
- Essential hacking tools
- Common vulnerabilities explained
What is Email Analysis?
Email analysis is the process of examining an email to determine whether it is safe, suspicious or malicious. This includes checking:
- Sender information
- Links
- Attachments
- Email headers
- Writing style
In simple terms, you investigate an email before trusting it.
Why is Email Analysis Important?
Cybercriminals rely heavily on email attacks because they target people directly. Email analysis helps:
- Detect phishing attempts
- Identify fake senders
- Prevent malware infections
- Protect sensitive information
Why Attackers Use Email:
Email attacks are effective because:
- People trust familiar brands
- Emails can create urgency
- Users may click without thinking
Even experienced users can be fooled.
Common Types of Malicious Emails
Before analyzing emails, you should understand common threats.
1. Phishing Emails:
Designed to steal:
- Passwords
- Banking details
- Personal information
Usually pretend to be:
- Banks
- Companies
- Online services
2. Malware Emails:
Contain:
- Malicious attachments
- Dangerous download links
Goal:
- Infect systems
3. Spoofed Emails:
The sender address is faked to appear legitimate.
4. Scam Emails:
Try to trick victims into:
- Sending money
- Sharing sensitive information
What is Email Analysis?
Email analysis is gathering information from emails. This can be done in two ways. Email Tracing and Email Tracking.
Email Tracking: Email tracking is done when we send an email to a target and then track them.
Email Tracing: Email racing is performed on an email that we receive from our target.
This article deals with Email tracing.
What information does Email Footprinting reveal?
Email Footprinting can reveal information like
- Email address of the sender.
- Name of the sender.
- IP address of the sender
- Posts active sender
- Geo location
- Mail server
- Mail server authentication system being used etc. and much more information that can be useful in a pen test.
How to perform Email Footprintig?
Email Footprinting can be performed either manually or using tools or other online sources. For this blogpost, let’s focus on manual analysis as automated tools can be used by script kiddies too. To perform email footprinting, we need to view the header of the received email. How to view the header of any email? Let’s see an example of a mail received on Gmail. Go to your Inbox and open a mail.
Go to the vertical dots (move button) at the top right of the email and click on it.
Click on “show original”.
This should show you the entire Email headers of the mail.
Let’s learn about each header.
Want to Learn Ethical Hacking Step-by-Step?
If you’re serious about learning cybersecurity, a structured roadmap makes the journey much easier.
Download The Beginner Ethical Hacker Starter Kit (2026 Edition) and discover:
✔ The ethical hacking learning path
✔ Beginner-friendly security concepts
✔ Essential tools ethical hackers use
✔ The most common vulnerabilities explained
Delivered To: Email address to whom the mail has been delivered.
Received: This header indicates all the SMTP servers through which this email has passed through before reaching to your Inbox. This contains server’s IP address, SMTPID etc.
X-Google-SMTP-source: shows the transferring email using a Gmail SMTP server. If this header is present then it means this was transferred by GMAIL SMTP server.
X-Received-BY: This header indicates the last visited SMTP server before reaching your Inbox. It contains Server IP address, SMTP ID of the visited server and Date & time when the email was received by the SMTP server.
ARC-Seal, ARC-Message-Signature, ARC-Authentication-Results: ARC stands for Authenticated Receiver Chain (ARC). This is used to preserve email authentication results and to verify the identity of email intermediaries that forward a manage to its final destination (i.e. your Inbox).
Smtp-mailfrom: You can see the IP address of the sender of the email.
Return-Path: This is the path specified to go when email is bounced or not sent.
Received SPF: SPF stands for Sender Policy Framework. This is used to prevent sender address forgery. It SPF is set to PASS, the Email source is valid, if it is softfail, it is likely the email source is fake and if it is having value Fail, source is invalid.
This is how Email analysis is performed.
Start Your Ethical Hacking Journey Today
Learning cybersecurity can feel overwhelming at first. The best way to start is with a clear roadmap and the right resources.
Download The Beginner Ethical Hacker Starter Kit (2026 Edition) and get instant access to:
✔ Ethical hacking fundamentals
✔ A beginner cybersecurity learning roadmap
✔ Essential hacking tools every beginner should know
✔ Common vulnerabilities explained simply
