You can also see the headers -- without opening the email -- by viewing the Message Source. This is done by highlighting the email in question then selecting the Message Source option from the View menu (or by using the Control-U shortcut). You will see the entire email source in a new window, including all the headers.

I find this approach more convenient because you can see the full headers plus the details of any links in the body of the email (to inspect for origin). Other advantages are that it is safer (harder to click on links accidentally), doesn't trigger web bugs, wraps the headers for easier viewing (the View All Headers option lets them run off the screen to the right, making it harder to see them), and is easier to invoke because of the Control-U shortcut. YMMV.

On 9/30/2010 9:31 AM, Andrew Hendrickson wrote:
[log in to unmask]" type="cite">You're using Thunderbird 3.0.8 (which is out of date BTW).  To view full headers open the message, select View then Headers then All

You'll see a scroll bar in the header now and you'll need to scroll down to view the entire header.

NOTE:  this setting will stay this way until you set it otherwise.  In addition, if you print messages with "view all headers" turned on, you get the full header in the print out as well.

On Sep 30, 2010, at 9:07 AM, Deb Smith wrote:

I received an email this morning from Linkedin but did not open it.  I have a question though, how do you check the full header to see what the spam probability is?

On 9/30/2010 9:03 AM, Dean Williams wrote:
[log in to unmask]" type="cite">Yes, I received several (pointing to a variety of addresses).  They even sent it to [log in to unmask] (gotta love it when spammers report their own abuses).  

If you check the full headers, you'll see that UVM's PureMessage spam filters ranked it "Probability=28%", not high enough to earn the "[SPAM?:#]" designation in the Subject line.  Best way to fix that is to send the message as an attachment, or at least with full headers, to: 

    Sophos Spam Reporting <[log in to unmask]>

If you do that, you can cc:

    FTC UCE Spam Reporting <[log in to unmask]>
    CERT Phishing Report <[log in to unmask]>

Oh, one other thing.  When you examine the full headers in messages like these, please check the message's origin to be sure it's not coming from UVM.  Spam from outside is a nuisance; spam from a bot-infected on-campus computer rises to a whole 'nother level of seriousness.  FOr example, the first "Received" header in today's message is: 

Received: from ( []) by (8.13.8/8.13.8) with ESMTP id KQZB6L1434584 for <[log in to unmask]>; Thu, 30 Sep 2010 20:35:14 +0800 (EDT)

Forgery, anyone?  

-Dean Williams  

On Sep 30, 2010, at 8:47 AM, Moody, Michael D wrote:

It appears that messages that are purportedly from LinkedIn Communications are being received by some UVMers.  The subject, today, is “LinkedIn Messages, 9/30/2010.”  Hovering over the message links shows that the destination is anything but LinkedIn.  Has there been other reports of this spoofing attempt?
Michael Moody