Email Headers¶
Email headers are the technical notes attached to a message as it moves from the sender to the recipient. They are usually hidden by email apps because most people only need the subject, sender, recipient, date, and message body. When you view the full headers, you are seeing the delivery history and authentication details behind the message.
TL;DR
Email headers are the message's delivery trail. They help show where a message came from, which mail servers handled it, whether authentication passed, and why it may have been delayed, rejected, marked as spam, or treated as suspicious.
Need to find them in your mail app? See Viewing the full headers of an email.
Think of an email message like a letter moving through several postal offices.
Each postal worker who handles the letter adds a line showing when they received
it, where it came from, and where they sent it next. The next worker can then see
who handled the letter immediately before them. Email servers do something
similar with Received headers: each mail server adds its own record as the
message travels across the internet.
What Headers Can Show¶
Headers often include:
- the mail servers that accepted, relayed, or delivered the message
- timestamps for each handoff
- the sender and recipient addresses used during delivery
- message IDs used to identify the message in mail logs
- spam filtering results
- SPF, DKIM, and DMARC authentication results
- the email app or system that generated the message, when that information is available
Not every header is equally trustworthy. Some headers are added by the sender's system and can be forged. Headers added by your receiving mail server are more useful because they record what your provider actually saw when the message arrived.
Why Headers Are Useful¶
Headers help troubleshoot delivery issues because they provide a timeline. If a message was delayed, the timestamps can show where it paused. If a message bounced, the headers and bounceback can help identify the server, filter, or authentication check involved. If support needs to search mail logs, the message ID and delivery path can make that much faster.
Headers also help with spam and phishing investigations. A suspicious message may display a familiar name, but the headers can show whether it was really sent from an expected mail server. Authentication results such as SPF, DKIM, and DMARC help receiving systems decide whether a message is likely legitimate, suspicious, or forged.
For example, headers can help answer questions like:
- Did this message actually come through Fused mail servers?
- Which server accepted the message?
- Was the message delayed before it reached the mailbox?
- Did SPF, DKIM, or DMARC pass?
- Was the visible sender different from the authenticated sender?
- Was the message filtered because of spam scoring or policy checks?
When To Include Headers¶
Send the full headers when you are asking support to review:
- a delayed message
- a missing message that eventually arrived
- a bounceback or rejection
- a suspected phishing message
- a message that was incorrectly marked as spam
- a message that should have been blocked but was delivered
Forwarding a message normally is often not enough because many email apps remove or rewrite the original technical details. If possible, copy the full headers or attach the original message source.
Viewing Full Headers¶
The steps are different depending on the mail app or webmail service you use. Use Viewing the full headers of an email for client-specific instructions.