Check Email Header for Genuineness

1. When you are suspicious about an email check the email header. most email providers give this facility under name "Show original " (gmail). in this view you can see the raw email message in its low level format

2. There are number of details in this header, but what we are interested in is the "received from " tag
there are multiple "received from " lines. which indicates the name and addresses of the mail servers through which the email passed before it reached your mailbox.

3. The last "received from " line indicates the actual origin of the mail.

consider the following email i got from moneycontrol

---------------------------------------------------------

Delivered-To: abhiapsunde@gmail.com
Received: by 10.150.50.4 with SMTP id x4cs102347ybx;
      Wed, 6 May 2009 22:30:39 -0700 (PDT)
Received: by 10.114.182.1 with SMTP id e1mr1990868waf.163.1241674239169;
      Wed, 06 May 2009 22:30:39 -0700 (PDT)
Return-Path: 
Received: from alertsmails11.moneycontrol.com (alertmails6.moneycontrol.com [124.153.78.87])
      by mx.google.com with ESMTP id q18si1743680pog.5.2009.05.06.22.30.37;
      Wed, 06 May 2009 22:30:38 -0700 (PDT)

-----------------------------------------------------

This header suggests that this email originates from alertmails6.moneycontrol.com
this is sub domain of legitimate sender moneycontrol.com and thus a genuine mail.

4.Thus if the server address in last "Received from" and the from address appearing in the mail is not same the mail is fake