Email headers are the hidden metadata that contain information about the origin, route, and delivery of an email message. They are like the envelope of a letter, which shows the sender, the recipient, the postmark, and the stamps. Email headers can help you troubleshoot email issues, verify email authenticity, and identify spam or phishing emails.

How to View Email Headers

Email headers are usually not visible by default in most email clients or webmail services. However, you can easily access them by following these steps:

  • In Gmail, open the email message and click the three dots icon at the top right corner. Then, select Show original from the menu.
  • In Outlook, open the email message and click the File tab. Then, click Properties from the menu.
  • In Yahoo Mail, open the email message and click the More icon at the top right corner. Then, select View raw message from the menu.

You can also use online tools, such as WeDMARC, to view and analyze email headers.

How to Read Email Headers

Email headers consist of a series of fields that follow the format of name: value. Each field has a specific name and a corresponding value that provide information about the email message. Some of the common fields are:

  • From: This shows the email address of the sender. However, this field can be easily forged or spoofed by malicious parties, so it is not reliable for verifying the sender’s identity.
  • To: This shows the email address of the recipient. It may also show the name or alias of the recipient, if available.
  • Subject: This shows the subject line of the email message. It may also include prefixes, such as Re: or Fwd:, to indicate a reply or a forward.
  • Date: This shows the date and time when the email message was sent. However, this field can also be forged or manipulated by the sender, so it is not accurate for determining the delivery time.
  • Received: This shows the sequence of servers or hops that the email message passed through from the sender to the recipient. Each hop adds a new received field to the header, so the last received field is the first hop and the first received field is the last hop. The received field can help you trace the route and the origin of the email message. However, some received fields may be added or removed by intermediaries, such as mailing lists or forwarding services, so they may not reflect the actual route or origin.
  • Message-ID: This shows a unique identifier for the email message. It is usually generated by the sender’s email client or server and consists of a random string followed by the sender’s domain name. The message-ID can help you track or reference a specific email message.
  • Content-Type: This shows the format or type of the email message, such as plain text, HTML, or multipart. It may also include the character encoding, such as UTF-8 or ISO-8859-1, and the boundary, which separates the different parts of a multipart message.
  • MIME-Version: This shows the version of the Multipurpose Internet Mail Extensions (MIME) standard that the email message conforms to. MIME is a standard that allows email messages to include different types of content, such as images, attachments, or rich text.
  • DKIM-Signature: This shows the digital signature that the sender’s domain added to the email message to prove its authenticity and integrity. DKIM stands for DomainKeys Identified Mail, which is an email authentication mechanism that uses public-key cryptography to verify the sender’s domain and the email content. The DKIM-Signature field contains various parameters, such as the domain name, the selector, the algorithm, the hash, and the signature.
  • SPF: This shows the result of the Sender Policy Framework (SPF) verification for the email message. SPF is an email authentication mechanism that checks the IP address of the sender against a list of authorized IP addresses published by the sender’s domain in a DNS record. The SPF field can have one of these values: pass, fail, neutral, softfail, none, temperror, or permerror.
  • DMARC: This shows the result of the Domain-based Message Authentication, Reporting, and Conformance (DMARC) verification for the email message. DMARC is an email authentication protocol that builds on SPF and DKIM and allows the sender’s domain to specify how the recipient should handle emails that fail SPF and/or DKIM verification. The DMARC field can have one of these values: pass, fail, bestguesspass, none, temperror, or permerror.

Conclusion

Email headers are the hidden metadata that contain information about the origin, route, and delivery of an email message. They can help you troubleshoot email issues, verify email authenticity, and identify spam or phishing emails. To view email headers, you need to access the original or raw source of the email message in your email client or webmail service. To read email headers, you need to understand the meaning and function of the different fields that provide information about the email message.

Was this helpful?

0 / 0

Leave a Reply 0

Your email address will not be published. Required fields are marked *