How to Read Email Headers: A Step-by-Step Guide
What is an Email Header
An email header (also called an internet header or message header) is a snippet of code that contains details about where the email came from and its destination. Email headers record an email's route and show if an email was sent to other addresses before it reached its destination. If the header information looks suspicious, you can avoid the email to prevent phishing attempts or malicious content.
Analyzing the email header can help to:
- Investigate spam and spoofing
- Identify delays in sending or receiving
- Research blocklists
How Do I Find an Email Header
Locating the email header varies based on the email client you use. Choose the location where you send your email to get instructions on finding the email header.
Webmail | Outlook | Mac Mail | Thunderbird | Gmail | Yahoo
Webmail
- Log into webmail.
- Open the message from the inbox, then click on the three-dotted icon.
- Select View source from the options. This will show the email headers. Below is an example:
Outlook
- Double-click an email message to open it outside of the Reading Pane.
- Click File, then Properties.
- The information at the top will be visible in the box labeled Internet headers.
- Click on the three-dotted icon at the top of the message window.
- Select View message source.
- Click on the three-dotted icon at the top of the message window.
- Select View, then View message details.
Mac Mail
- Open the Mail app on your Mac.
- Click on View, then Message.
- Select All Headers.
You have accessed your email header.
Thunderbird
- Open the message you need to view.
- At the top of the message bar, click the More dropdown menu.
- Select View Source.
A window opens, displaying the header and source of your message.
Gmail
- Open Gmail in your browser.
- Open the email for which you want to check the headers.
- Click the More icon next to Reply, then select Show original.
You can see the headers displayed in a separate window, and will contain information such as authentication results. To view the complete message header, you can click on Download original.
Yahoo
- Click on an email to open it. Click the three-dotted icon, then select View Raw Message.
Reading an Email Header
Each line has the definition of that line, and some are self-explanatory (for example, Date). Some headers contain more information than others. This is controlled by the mail client sending the emails, so the information provided varies depending on the server.
| Part | Meaning |
|---|---|
| Return-Path | This is where a bounced email will be sent. |
| Delivered-To | This is the email recipient. This is added by the receiving mail server when it delivers the email to a specific email alias or mailbox. |
| Received | This contains information on all the servers the email traveled through. Here, you can see the items such as the MX records, IP addresses, and dates and times. You will also find the sender's IP address here.  |
| DKIM-Signature | Information about DKIM authentication. In the example below, it passed authentication. |
| Message-ID | The unique ID of the message (generated upon creation of the email). |
| MIME-Version | MIME (Multipurpose Internet Mail Extensions) is an internet standard that extends the format capabilities of email. The MIME-Version header indicates that the email is MIME-formatted. |
| X-VadeSecure | These sections show the results of the email filter. In the example below, the email is clean. In case of a bounce-back, you may see Bounce listed. |
| Received SPF | If an SPF record is set up, you will see the results here. |
| Authentication-Results | Here you can see information about SPF, DKIM, and DMARC authentication results. In the example below, the email passed. |
| Content-Type | How the content of the email is formatted (HTML or plain text). The example below, it’s html. |
| Precedence | This is sometimes used to notify Google that this is a bulk email to prevent the message form being marked as spam. |
Review
It would appear that email headers are a puzzle that requires some sort of technical knowledge to decode. However, once one gets the hang of how to interpret these headers, they can become helpful in minimizing or eliminating spam or any other forms of malicious activities. As such, where you receive emails that are rather unlikely, you can look up the information in the header and assess the relevant email.