Skip to the content

Kansas State University

Finding your extended headers

To identify and properly process phishing scam emails, we require the full email headers from the email to be sent to the security team. These headers hold information about the sender of the email, as well as the recipient of any replies made to the email.

Different email programs will have different sets of instructions for retrieving these headers. Below you will find instructions for retrieving headers on some of the more common mail clients used at K-State. If your email client is not listed, try to find it at Spamcop.net, or email the security team.

K-State Office 365 Webmail

There are 7 steps to retrieving the extended headers using the Office 365 webmail client.

  1. Locate the scam email in your inbox and click on it.
  2. Click on the ellipsis (3 dots) near the top right corner of the page and select "view message details" in the drop down list. A new window will pop up. Click anywhere in the main body of that window.
  3. Press CTRL+A (command+A on a Mac) to highlight all of the text.
  4. Press CTRL+C (command+C on a Mac) to copy the text from the window, then close the pop-up Window.
  5. Click "Forward" to create a new email. Click at the top of the message body and press CTRL+V (command+V on a Mac) to paste the text into the new email.
  6. Address the email to "abuse@k-state.edu" and update the subject line to reflect that there is a scam email in the body.
  7. Click Send.

Mozilla Thunderbird

There are 5 steps to retrieving the extended headers using Mozilla Thunderbird.

  1. Locate the scam email in your inbox and click on the message.
  2. At the top of the Thunderbird window, find the View drop-down menu and click on it.
  3. From the drop-down menu, mouse over Headers and select All.
  4. You will probably see a whole bunch of stuff appear in your preview pane.
  5. From here all you have to do is select Forward and address the email to "abuse@k-state.edu".

Mac Mail

There are 4 steps to retrieving the extended headers using Mac Mail.

  1. Locate the scam email in your inbox and click on the message.
  2. From the menu, select View, Message, Long Headers.
  3. You will probably see a whole bunch of stuff appear in your preview pane.
  4. From here all you have to do is select Forward and address the email to "abuse@k-state.edu".

Microsoft Outlook 2010/2013

There are 8 steps to retrieving the extended headers using Microsoft Outlook.

  1. Locate the scam email in your inbox and double-click the message.
  2. From the menu, select File, Properties.
  3. In the pop-up box that appears, you will see the headers in the section labeled Internet headers.
  4. Click in the box and press CTRL+A to highlight all of the text.
  5. Press CTRL+C to copy the text from the window.
  6. Close the Properties window.
  7. Click on Forward and place your cursor at the top of the message. Press CTRL+V to paste the headers.
  8. Address the email to "abuse@k-state.edu".

Microsoft Outlook 2003/2007

There are 7 steps to retrieving the extended headers using Microsoft Outlook.

  1. Locate the scam email in your inbox and right-click on the message.
  2. From the drop-down list, select Message Options.
  3. In the pop-up box that appears, you will see the headers in the section labeled Internet Headers.
  4. Click in the box and press CTRL+A to highlight all of the text.
  5. Press CTRL+C to copy the text from the window.
  6. Open a new email and with your cursor in the body of the message press CTRL+V to paste the headers.
  7. Address the email to "abuse@k-state.edu" and update the subject line to reflect that there is a scam email in the body.