Email Header or Email Metadata, documents all data related to an email’s route to your inbox, and more. They are an essential part of any email communication and serve various purposes, such as informational and practical. Learning to analyze Email Headers can prove useful to establish secure email communication and can help you fix your email deliverability.
What are Email Headers?
An Email Header is metadata that accompanies every email and contains detailed information, such as the sender, receiver, route, time, and more. Mailbox providers use email headers to authenticate the email senders and properly allocate an email in the inbox.
Information in the Email Metadata is automatically generated in accordance with how the email was built and sent. Even though there is a standard to what Email Metadata should include, there is no limit to what an email server could add to it.
How to view Email Headers?
The instructions below will direct you to the Email Headers’ location. Depending on your mailbox provider, the instructions will slightly differ, yet the Email Headers’ metadata readability remains the same across all emailing platforms.
- Locate a three-dot icon on the top-right corner of the email
- Select Show Original
- Select View on the panel in the top-left corner
- Select Message and then All Headers
- Open the email and select Properties from the File menu
- Scroll down and locate Email Headers in the Internet Headers box
- Select More on the panel above the email
- Select View Full Header
- Select Show Source from the More menu
- Select email and right-click for a drop-down
- Select View Message Source
- Open email, click on View
- Select Message Source
Email Headers list and how to analyze them
Email Headers format is read in fields. Each field has a corresponding name, followed by a separator character and a value identifier. The main fields located in the email message header are the from, to, subject, and date. The header also contains various technical details, such as return-path, reply-to, message-id, and more, out of which only date and from are mandatory. Every email header is unique, it can contain more specifics.
Informational Email Headers
From indicates the sender’s information, such as the address.
From: Mailtrap <email@example.com>
To displays the primary and secondary (CC, BCC) recipients’ email address and optional names.
To: Grigori Monaselidze <firstname.lastname@example.org>
Delivered-To displays the recipient’s name and address, as well as other addresses present in the CC and BCC.
Deliver-To displays the address of the recipient who received the delivery. Deliver-To header is added during the event of the delivery.
Subject refers to the title the sender has indicated in the subject line of the email.
Reply-To is an optional field, containing the address to which a recipient responds to.
Reply-To: Sender Name <email@example.com>
Content-Type field indicates whether the format of an email was HTML, TXT, or any other option.
Content-Type: text/plain; or Content-Type: multipart/alternative;
Technical Email Headers
Return-Path is added automatically by the recipient’s email server and records the initial sender during the SMTP session. Any bounces that occurred during the SMTP session return to the Return-Path address.
Received is added automatically after an SMTP server accepts an email. These headers indicate all servers through which the email has passed before reaching its final destination.
<code>d: from mta-81-96.sparkpostmail.com (mta-81-96.sparkpostmail.com. [18.104.22.168])
by mx.google.com with ESMTPS id ji12-20020a170903324c00b0016163a204cfsi12846642plb.334.2022.06.04.10.17.47
for <firstname.lastname@example.org><span style="background-color: inherit;font-family: Menlo, Consolas, monaco, monospace;font-size: inherit"> </span>
(version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
Sat, 00 Jun 2022 00:00:00 -0700 (PDT)
Received: by 2002:a05:7300:7951:b0:62:3ec1:8434 with SMTP id d17csp5155772dyi;
Sat, 00 Jun 2022 00:00:00 -0700 (PDT)
Message-ID is a unique identifier, generated automatically to prevent multiple deliveries. It includes various (around 50) letters and numbers.
Multipurpose Internet Mail Extensions or MIME allows various media attachments to the email. It is recommended to use MIME-Version: 1.0 when sending out an email containing one of the following:
- Non-text attachments
- Message bodies with multiple parts
- Text in character sets other than ASCII
- Header information in non-ASCII character sets
Security Email Headers
DKIM-Signature or Domain Keys Identified Mail (DKIM) is another authentication method used to confirm that the email was authorized by the owner of the domain. The email is signed with a digital signature, which can be verified by checking the sender’s public key in the DNS records of the sender’s domain. For further details, our article explains DKIM entirely.
<code>DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
After a server verifies authentication, it can save the results in this field for consumption by downstream agents.
SPF or Sender Policy Framework is an authentication method used by senders to specify hosts that are allowed to send an email on behalf of the domain. MTA checks the sender’s DNS records to confirm that the email received from a domain is sent by a host which is listed in the sender’s DNS records. Refer to our article to discover more about SPF and how to set it.
spf=pass (google.com: domain of email@example.com designates 22.214.171.124 as permitted sender) firstname.lastname@example.org
You can perform all these checks from your Mailtrap inbox. Subject, From, and To headers are available once you open the message. To view more, click on Show Headers or head directly to the Tech Tab.
Or view more email metadata details in the RAW section.
Other tools to work with Email Headers?
The is also a list of smaller one-feature tools to quickly view and structure your Email Headers information.
- Messageheader Toolbox is by Google, useful for all Gmail users
- Mx Toolbox is a practical standalone tool for detailed email header analysis
- Mailheader provides email header samples for reviewing, alongside an analyzing tool
- What Is My IP analyzes email headers and detects the sender’s IP address and location
We can’t say one is better than another since all of them basically perform the same function – showing email headers, formatting the headers. and highlighting security information. It is also worthwhile manually reviewing the email metadata.
Why are Email Headers important?
Depending on who you are, different things might be important for you in Email Headers. As a sender, you would want to focus on deliverability and reputation. As an admin, you would be interested in fields to use in server configuration rules. Yet as a recipient, you can utilize Email Metadata to verify the legitimacy of an email.
Locating, analyzing, and decoding Email Headers is most useful against spamming, phishing, and spoofing. Here are four main reasons why Email Headers are important:
Protection against phishing
Mechanisms like DMARC, DKIM, and SPF are valuable for senders to prevent imposters from using their domains. As a recipient, you can locate the above-mentioned security protocols to verify the safety of the email. By verifying its safety, you are able to refer to any links present in the email. An unsafe email could otherwise have posed a risk of damaging your email account or exposing personal information.
Most useful to improve your deliverability, you can send and test your emails by checking their metadata. By checking your email’s metadata, you will be able to identify what security measures to add and improve your communication. This will help to ensure the successful delivery of your emails to the inbox, instead of a spam folder.
Any email message header contains numerous details, allowing a mailbox provider to automatically identify the email as a fraudulent or legitimate email. With a comprehensive email testing solution such as Mailtrap, you will be able to ensure the success of your email delivery.
Protection against scammers
Most scammers do not mask their IP addresses as they do not expect their recipients to analyze the email headers. If you are unsure, you can always use a DNS checker to see if their IP address is blacklisted.
Email route identification
Email Headers allow you to precisely locate the entire route of an email. You will find several IP addresses present, usually identified by four groups of numbers from 0 to 255 separated by the dots. These addresses are of the sender or the server which the email passed through, which are useful to ensure the correct people remain in the loop on important emails.
The first address is displayed at the bottom of the Email Headers, with newer ones appearing above. The first IP address displayed between the brackets with the label “received” is the sender’s IP address.
Q: Can you add custom email headers?
A: As a developer, you can add custom email headers directly from the code.
Q: Are email headers encrypted?
A: Yes, email headers are end-to-end encrypted, meant to only be read by the client.
Q: Are email headers case sensitive?
A: No, email headers are not case-sensitive.
Q: What are email headers used for?
A: Email headers are mainly used to obtain the entire history an email contains, including various security verifications.
Q: Why are email headers important?
A: Depending on your interest, email headers are important for various reasons. A sender would focus on analyzing the email metadata to improve deliverability and reputation. An admin would utilize fields during the server configuration process. And a recipient can analyze the email metadata to verify the legitimacy of the received email.
Q: Can email headers be spoofed?
A: Technically, Email Headers can not be spoofed, however, they can be used for spoofing. Email Headers can contain fraudulent sender addresses, which may mislead the recipient. In order to avoid such instances, always verify with authentication protocols. View our Email Authentication Guide for more.
Q: Can email headers be forged?
A: Yes, it is possible to create a forged email header. The “from” header can be forged, which means a recipient could receive an email from banks or celebrities. However, since the creation of an SPF, SKIM, and DMARC, verification of senders and domains is less of an issue.
Q: How to copy and share email headers?
A: There is only a manual option to send email headers. Once you locate your email headers, simply copy and forward them to the desired recipient.
Q: Do email headers contain sensitive or private information?
A: Depends on your classification and definition of sensitive. The following list contains Email Headers which might be taken advantage of during an attack:
- Email getaway details
- IP addresses of your organisations
- The anti-virus used to scan the email
- Email addresses of the sender and recipient
- Names of servers (potentially revealing FQDN of your internal domain)
- TLS/SSL information (alongside what cyphers you have or have not used)
A: Yes, email headers contain sensitive and private information, such as addresses, names, numbers, and more. This article elaborates further on the contents of the email headers.
Q: Do email headers contain IP addresses?
A: Yes, email headers will contain IP addresses.
Q: Important email headers?
A: To, From, Date, Subject can be the headers most are familiar with, however, in terms of importance, DKIM and SPF stand out. DKIM and SPF verify the legitimacy of the sender.
Having the correct Email Headers puts you at an advantage to achieve high email deliverability. With knowledge of the Email Headers, you will be able to understand how an email succeeds or fails to reach a recipient’s inbox. That allows you to implement necessary security measures to improve your sender’s reputation.
Mailtrap offers a comprehensive email testing platform for you to validate and analyze the data of your emails before sending them out. Using the Mailtrap Sending platform, you will know exactly how to improve your deliverability.
- Official documentation, specs, official/major communities
- Wikipedia, Stack Overflow, Reddit (most upvoted)
- Documentation of 3rd party services (Google, Sendgrid, Godaddy, etc.)
- Quora (most upvoted)