Email Headers Guide

Email Headers or Email Metadata document all data related to an email’s route to your inbox, and more. They are an essential part of any email communication and serve various purposes, such as informational and practical. Learning to analyze Email Headers can prove useful for establishing secure email communication, fixing your email deliverability, and delivering email campaigns or transactional messages successfully. 

What are Email Headers?

An Email Header or an Internet Header is metadata that accompanies every email and contains detailed information, such as the sender, receiver, route, timestamp, and more. Mailbox and email service providers use email headers to authenticate the email senders and properly allocate an email in the inbox.

Information in the Email Metadata is automatically generated. Even though there is a standard to what Email Metadata should include, there is no limit to what a mail server can add to it.

How to view Email Headers?

Below we’ll teach you how to view full email headers from popular mailbox providers. 

Depending on your mailbox provider (and whether you’re using an app or webmail), the instructions will differ slightly, yet the information about Email Header metadata remains the same across all emailing platforms. To view headers, you need to first select the email by double-clicking on it. 

Gmail: 

1. Locate a three-dot icon on the top-right corner of the email
2. Select Show Original in the drop-down menu. You’ll be able to view raw data in a new window. 

Apple Mail: 

1. Select View on the panel in the top-left corner
2. Select Message and then All Headers

Microsoft Outlook and Hotmail:

1. Open the email and select a three-dot icon in the top right corner next to the reply button. 
2. Scroll down, locate View, and select View Message Source from the menu. 

Yahoo:

1. Press the three-dot icon in the panel above the email
2. Select View Raw Message

Thunderbird:

1. Open email, click View
2. Select Headers and mark All or 
3. Select Message Source 

Note: The steps we described today are for macOS. They may be slightly different if you’re using Windows, Linux, or other operating systems. 

Email Headers list and how to analyze them

Email Headers format is read in fields. Each field has a corresponding name, followed by a separator character and a value identifier. The main fields located in the email message header are the from, to, subject, and date. The header also contains various technical details, such as return-path, reply-to, message-id, and more, out of which only date and from are mandatory. Every email header is unique and can contain more specifics.

Informational Email Headers

From indicates the sender’s information, such as the address.

From: Mailtrap <mailtrap@mailtrap.io>

To displays the primary and secondary (CC, BCC) recipients’ email addresses and optional names. 

To: Grigori Monaselidze <grigori.monaselidze@railsware.com>

Delivered-To displays the recipient’s name and address, as well as other addresses present in the Cc and Bcc.

Deliver-To displays the address of the recipient who received the delivery. Deliver-To header is added during the event of the delivery.

Delivered-To: recipient_email@railsware.com

Subject refers to the title the sender has indicated in the subject line of the email.

Subject: email_subject_name

Reply-To is an optional field, containing the address to which a recipient responds to.

Reply-To: Sender Name <sender_email@railsware.com>

Content-Type field indicates whether the format of an email body was HTML, TXT, or any other option.

Content-Type: text/plain; or Content-Type: multipart/alternative;

Technical Email Headers

Return-Path is added automatically by the recipient’s email server and records the initial sender during the SMTP session. Any bounces that occurred during the SMTP session return to the Return-Path address.

Received is added automatically after an SMTP server accepts an email. These headers indicate all servers through which the email has passed before reaching its final destination.

Received: from mta-81-96.sparkpostmail.com (mta-81-96.sparkpostmail.com. [192.174.81.96])
        by mx.google.com with ESMTPS id ji12-  20020a170903324c00b0016163a204cfsi12846642plb.334.2022.06.04.10.17.47
        for <grigori.monaselidze@railsware.com><span style="background-color: inherit;font-family: Menlo, Consolas, monaco, monospace;font-size: inherit"> </span> 
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Sat, 00 Jun 2022 00:00:00 -0700 (PDT)

Received: by 2002:a05:7300:7951:b0:62:3ec1:8434 with SMTP id d17csp5155772dyi;
        Sat, 00 Jun 2022 00:00:00 -0700 (PDT)

Message-ID is a unique identifier, generated automatically to prevent multiple deliveries. It includes various (around 50) letters and numbers.

<XYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXYXY@example.railsware.com>

Multipurpose Internet Mail Extensions or MIME is an internet standard that allows for adding media attachments to an email. It is recommended to use MIME-Version: 1.0 when sending out an email containing one of the following:

• Non-text attachments
• Message bodies with multiple parts
• Text in character sets other than ASCII
• Header information in non-ASCII character sets

Security Email Headers

DKIM-Signature or Domain Keys Identified Mail (DKIM) is another authentication method used to confirm that the email was authorized by the owner of the domain. The email is signed with a digital signature, which can be verified by checking the sender’s public key in the DNS records of the sender’s domain. For further details, check out our article on DKIM.

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:subject:date:message-id:mime-version:thread-index:content-language;
        bh=fZjxO4TdlsVYWA6YIXoMF8AS+FOsm2lV1tfhDvYZNQo=;
        b=cMSUNWMGENp4jXuFTInBnZi6Sq2ZcjhBNA0ht8rSEt1SR8b0gGmiiZZ4l52lGSCum5lRtmPPtt/tgnqubiLBBW2fatlarhjo6qRp7FRE9IsE6XBIl6muTGS/kUDwEm9NGXjQRpnxmHp4/JKDKrYHg8cKsm+yr3k17hNXHITIrb9VAh2CtEKpAxSYN3MsC4QplXdnLArQjuU3jAnJf0lLZwZcygBbZSY7ENEAtHSbHpt6LLeQKlzosYARoakAH3j8EaAAAu1TfyAYE4+u7ENqUzddifO6Qty3E2I4Soq00SbOO+e64WIUZ0gxoARQqeuAN7H/jaOkC4t5mhWmkbaEFA==

After a server verifies authentication, it can save the results in this field for consumption by downstream agents.

SPF or Sender Policy Framework is an authentication method used by senders to specify hosts that are allowed to send an email on behalf of the domain. MTA (mail transfer agent) checks the sender’s DNS records to confirm that the email received from a domain is sent by a host listed in the sender’s DNS records. Refer to our article to discover more about SPF and how to set it.

Example: 

spf=pass (google.com: domain of ndr-ff163eaa-da92-11ec-9b2f-0a58a9feac02@s6uvshhpwrq3uiwjnvdw5ksc.mailtrap.io designates 35.171.128.124 as permitted sender) smtp.mailfrom=ndr-ff163eaa-da92-11ec-9b2f-0a58a9feac02@s6uvshhpwrq3uiwjnvdw5ksc.mailtrap.io

It’s recommended to check email headers during the testing stage using solutions such as Mailtrap Email Testing – an Email Sandbox. 

With Email Testing, you can inspect and debug emails in staging without the risk of spamming recipients and also see the original values of email headers for each test email you send to a virtual inbox.

Under Email Headers in the Tech Info tab, you can find, Message-Id, message date and time, Reply-To, and bcc’ed email addresses (if any). Also, depending on the email delivery service, custom headers, e.g., X-Category or X-Tracking, may be included.

Note: An alternative way of viewing original email header values is through the Raw tab of Email Testing; they are just not as conveniently displayed there as in the Tech Info tab.

Mailtrap Email Testing also comes with a range of other email testing features, such as:

• Multiple inboxes for different projects and stages 
• HTML/CSS analysis to check if popular email clients support HTML/CSS and identify problematic elements
• Email preview to see how popular email clients render your emails
• Spam analysis to check the overall spam score for an email and identify rules that can be treated as suspicious by email clients
• Blacklist reports to see if the sender domain or IP is listed on any common blocklists 
• Email forwarding to send test emails to whitelisted recipients automatically or manually

To learn more about the email testing solution, feel free to check out the Mailtrap knowledge base pages dedicated to it.

Other tools to work with Email Headers

There is also a list of smaller tools to quickly view and structure your Email Headers information.

• Messageheader Toolbox is by Google, useful for all Gmail users
• Mx Toolbox is a practical standalone tool for detailed email header analysis
• Mailheader provides email header samples for reviewing, alongside a header analyzer tool
• What Is My IP analyzes email headers and detects the sender’s IP address and location

It’s hard to say if one is better than another since all of them basically perform the same function. They show email headers, format them, and highlight security information. If you don’t want to use any tools, you could also review email metadata manually. 

Why are Email Headers important?

Email Headers can have varying importance depending on your role. As a sender, you would want to focus on deliverability and reputation. As an admin, you would be interested in fields to use in server configuration rules. Yet as a recipient, you can utilize Email Metadata to verify the legitimacy of an email and avoid spamming, phishing, and spoofing attacks. 

Protection against phishing

Mechanisms like DMARC, DKIM, and SPF are valuable for senders to prevent imposters from using their domains. As a recipient, you can locate the above-mentioned security protocols to verify the safety of the email. By doing so, you can follow included links without damaging your email account or exposing personal information.

Improved deliverability

Any email message header contains numerous details, allowing a mailbox provider to automatically identify the email as fraudulent or legitimate. 

By checking your email’s metadata, you will be able to understand what security measures to add to improve your communication. This will help you deliver your emails to inboxes instead of spam folders. Improved deliverability is particularly important for individuals or organizations that send high volumes of transactional emails or email marketing campaigns. 

To gain even more control over your email deliverability though, you will need to take things a step further by using robust email sending tools. 

One such solution is Mailtrap Email Sending – an email infrastructure with high deliverability rates by design. It has several useful features such as: 

• Actionable in-depth analytics with helicopter-view dashboards
• Drill-down reports with mailbox providers and categories 
• Deliverability alerts to troubleshoot any unexpected sending issues if they occur 
• Up to 60 days of email logs 
• Email body preview after the email was went 

You can learn more about Email Sending in the video below:

Protection against scammers

Most scammers do not mask their IP addresses as they do not expect their recipients to analyze the email headers. If you are unsure, you can always use a DNS checker to see if their IP address is blacklisted.

Email route identification

Email Headers allow you to precisely locate the entire route of an email. You will find several IP addresses present, usually identified by four groups of numbers from 0 to 255 separated by the dots. These are senders’ or the servers’ addresses, and are there to ensure the correct people remain in the loop on important emails. 

The first address is displayed at the bottom of the Email Headers, with newer ones appearing above. The first IP address displayed between the brackets with the label “received” is the sender’s IP address.

FAQ

Q: Can you add custom email headers?

A: As a developer, you can add custom email headers directly from the code. Custom headers, such as X-Spam-Status or X-Spam-Score, could also be added by SpamAssassin or similar services 

Q: Are email headers encrypted?

A: Yes, email headers are end-to-end encrypted, meant to only be read by the client.

Q: Are email headers case-sensitive?

A: No, email headers are not case-sensitive.

Q: What are email headers used for?

A: Email headers are mainly used to obtain the entire history an email contains, including various security verifications.

Q: Why are email headers important?

A: Depending on your interest, email headers are important for various reasons. A sender would focus on analyzing the email metadata to improve deliverability and reputation. An admin would utilize fields during the server configuration process. And a recipient can analyze the email metadata to verify the legitimacy of the received email.

Q: Can email headers be spoofed?

A: Technically, Email Headers can not be spoofed, however, they can be used for spoofing. Email Headers can contain fraudulent sender addresses, which may mislead the recipient. In order to avoid such instances, always verify with authentication protocols. View our email authentication guide for more. 

Q: Can email headers be forged?

A: Yes, it is possible to create a forged email header. The “from” header can be forged, which means a recipient could receive an email from banks or celebrities. However, since the creation of an SPF, DKIM, and DMARC, verification of senders and domains is less of an issue.

Q: How to copy and share email headers?

A: There is only a manual option to send email headers. Once you locate your email headers, simply copy them with right-click → copy and forward them to the desired recipient.

Q: Do email headers contain sensitive or private information?

A: Email headers contain sensitive and private information, such as addresses, names, numbers, and more. 

The following list contains Email Headers which might be taken advantage of during an attack:

• Email getaway details
• IP addresses of your organizations
• The anti-virus used to scan the email
• Email addresses of the sender and recipient
• Names of servers (potentially revealing FQDN of your internal domain)
• TLS/SSL information (alongside what ciphers you have or have not used)

Q: Do email headers contain IP addresses?

A: Yes, email headers will contain IP addresses.

Q: Important email headers?

A: To, From, Date, and Subject can be the headers most are familiar with, however, in terms of importance, DKIM and SPF stand out. DKIM and SPF verify the legitimacy of the sender.

Conclusion

Having the correct Email Headers puts you at an advantage in achieving high email deliverability. With knowledge of the Email Headers, you will be able to understand how an email succeeds or fails to reach a recipient’s inbox. That allows you to implement the necessary security measures to improve your sender reputation.

When trying to improve your email deliverability and sender reputation, do remember to use the proper email testing and email sending solutions such as Email Testing and Email Sending of the Mailtrap Email Delivery Platform. These will automate things and help you spot errors along the way!

Sources:

• Official documentation, specs, official/major communities
• Wikipedia, Stack Overflow, Reddit (most upvoted)
• Documentation of 3rd party services (Google, Sendgrid, Godaddy, etc.)
• Quora (most upvoted)