Every email contains a header section - a block of structured metadata that records information about the message's origin, route, and authentication status. Most email clients hide headers by default, but they are essential for tracing spam, diagnosing delivery problems, and verifying email authenticity.
Key Email Header Fields
| Header Field | What It Contains |
|---|---|
| From | Sender's display name and email address (can be spoofed) |
| To / CC / BCC | Recipient addresses |
| Subject | Message subject line |
| Date | When the message was sent |
| Message-ID | Globally unique identifier for this message |
| Received | Added by each mail server the message passed through (newest on top) |
| Return-Path | Where bounce messages are sent (the actual sender domain) |
| Authentication-Results | SPF, DKIM, and DMARC check results |
| X-Originating-IP | IP address of the original sender (if included by sender's server) |
How to View Email Headers
- Gmail: Open the email, click the three-dot menu in the top right, select "Show original"
- Outlook: Open the email, click File > Properties, view the "Internet headers" box
- Apple Mail: View menu > Message > All Headers
Why Headers Matter
The Received: chain shows every server the email passed through, with timestamps. This lets you trace the origin of a suspicious email and check if it was legitimately sent. Use our Email Trace tool to parse headers automatically.
People Also Ask
- What does the email header include?
- The origin IP, every mail server it passed through with timestamps, the From/To/Subject metadata, and email authentication results (SPF, DKIM, DMARC).
- What to look for in email headers?
- The originating IP in the Received: chain, whether SPF and DKIM passed in Authentication-Results, and whether the Return-Path domain matches the From domain.
Related: How to trace email headers | SPF records | Email Trace