[Tutor] Parsing email headers
Mats Wichmann
mats at wichmann.us
Sun Apr 26 19:25:20 EDT 2020
On 4/26/20 3:13 PM, Jim wrote:
> OS = linux Mint 18,xx
>
> This may be a little OT, as I am as interested in the process leading up
> to parsing the header as I am in the results of parsing it.
>
> What I want to do is figure out where an email came from without
> actually opening it. We all get possible malicious emails. Some are
> obvious but some look pretty real. Many times the From line just says
> "Google" or "Chase", etc. I wrote a little bare bones script that will
> print out the From:, Return-Path: and the Sender: names from the header.
you're going to have to dig deeper than that for reliability...
> Right now using Thunderbird, I right-click on the email in question.
> Then I click Save As and give it a name. It is then saved as a .eml
> file. Then I give the file name to my script and see the header info.
>
> I worry about discarding a legitimate email or getting some type
> infection by opening an email to check if it is legitimate. So am I
> protecting myself with the above procedure or will the above procedure
> still subject me to risks of opening a bad email?
>
> Right now it is a fairly manual process. If it is worth while I would
> like to spend the time making it a one click process if possible.
I'm not sure you can easily do this any longer in a way that integrates
with Thunderbird... waiting for a barrage of comments to "use Mutt
instead", etc. After Mozilla changed the way plugins are authorized to
work, I think the work which let Python integrate with it was lost - at
least *I* can't find anything, which doesn't count for much.
If you're willing to work outside of Thunderbird, the story improves.
More information about the Tutor
mailing list