Abstract: Objetive E-mail heads were studied in order to provide a technical method to authenticate E-mails.Method The construction mechanism of the key fields in E-mail header was analyzed.Result A case of E-mail authentication was presented for example.Multiple key fields in the E-mail header violate rules of delivery time and delivery address,so it was a forged E-mail.Conclusion E-mail head analysis can not only ensure the effectiveness of E-mail evidence,but also can provide evidence in criminal investigation.

Key words: E-mail header, E-mail forensics, MUA, MTA, MDA, electronic signature

摘要： 目的通过分析电子邮件头,鉴别电子邮件的真伪,为电子邮件的真实性鉴定提供一些技术方法。方法运用邮件头的关键字段的构建机制对电子邮件的邮件头进行分析处理。结果示例邮件的邮件头的多处关键字段按照邮件传递时间和邮件传递地址的分析,不符合正常规律,系伪造的电子邮件。结论利用邮件头分析电子邮件不仅为确保电子邮件证据的证据效力提供了强有力的支持,也为获取破案的线索提供了条件。

关键词: 电子邮件头, 电子邮件取证, 邮件客户端程序, 邮件传输代理程序, 邮件发送代理程序, 电子签名