update

phishing/decode-spam-headers/README.md

@@ -1,4 +1,4 @@
-## `decode-spam-headers.py`** 
+## `decode-spam-headers.py`
 
 This tool accepts on input an `*.EML` or `*.txt` file with all the SMTP headers. It will then extract a subset of interesting headers and using **79+** tests will attempt to decode them as much as possible.
 
@@ -6,6 +6,20 @@ This script also extracts all IPv4 addresses and domain names and performs full
 
 Resulting output will contain useful information on why this e-mail might have been blocked.
 
+
+### Example screenshots
+
+![1.png](img/1.png)
+
+![2.png](img/2.png)
+
+![3.png](img/3.png)
+
+![4.png](img/4.png)
+
+
+### Processed headers
+
 Processed headers (more than **67+** headers are parsed):
 
 - `X-forefront-antispam-report`
@@ -107,16 +121,6 @@ Tests:
   -a, --decode-all      Decode all =?us-ascii?Q? mail encoded messages and print their contents.
 ```
 
-### Example screenshots
-
-![1.png](img/1.png)
-
-![2.png](img/2.png)
-
-![3.png](img/3.png)
-
-![4.png](img/4.png)
-
 
 ### Sample run