mailmodo-hamburger

How to Analyze an Email Header to Trace Email Route, Spam, or Phishing

clock
  • Linkedin
  • Facebook
  • Whatsapp
  • Twitter

When you open an email, you can see the sender details, subject line, date and time of the email, and your email address. This is the simplified version of an email header. There are many other hidden gems that you might find difficult to understand and analyze.

This guide will help you become a pro at understanding email headers by breaking down the header component.

Table of contents

What is an email header?

The email header contains the technical details of an email that shows the sender and recipient details, the path of the email, return address, authentication status, and much more.

When you open an email, you can see the following basic information in the email header:

  • From: This section refers to the name and email address of the sender.
  • To: This section refers to the name and email address of the recipient. If there are multiple recipients, each recipient's name and email address will appear in this section.
  • Date: This section refers to the sent email's day and time.
  • Subject: This is the subject line displayed in your inbox.

Email header visible when email is opened - Subject line, date, time, receiver address, and subject line

But, there is much more in the background that you cannot see without clicking on the original message source in your respective email client. We will be discussing that in a bit, but first, let's discuss the importance of the email header.

What is the purpose of an email header?

The email header serves the following purpose:

• Gives information about the sender

The email header gives you the sender's detailed information - authetication status, return path, sender IP address, and much more. Without this information, you might struggle to find the sender's details and if the email is safe to open or not.

Besides, if you view the email source in your respective ESP, you can get more insights into the sender, such as a reply-to address, authentication status, etc.

• Helps you identify phishing or spam emails

Headers are the source for differentiating the legitimate and spam emails. Mailbox spam filter analyzes the email header to check for authentication status, sender details, email route, etc.

Such detailed information helps ESPs detect phishing and spam emails and put them in the junk folder.

Related guide: How To Detect Phishing Emails And Safeguard Against Them

• Helps you identify the email route

You can analyze the time and route of the email from the sender's mail server to your inbox with headers.

When a user sends an email, it travels through several Mail Transfer Agents (MTAs) before reaching the intended recipient.

The information under the Received from section can help you track the email route — allowing them to check all the MTAs the email passed through to arrive at its destination.

Furthermore, you can also obtain the IP address of the sender to track the message source further.

What are the components of an email header?

Some of the major things you can see in an email header are as follows:

1. Authentication check

This section shows the status of email authentication protocols - SPF, DKIM, and DMARC. If all three authentications are shown as passed, the email provider validates the sender's IP address.

Authentication - SPF, DKIM, and DMARC = pass

2. Return Path

If an email fails to land in the intended inbox or bounces, it will be delivered to the address mentioned in the return path section. The return path can be the same as the sender's address, but it might make sense to have an email that will collect bounces and do something if there is high volume.

Return path shown in email header

3. Received from

This section shows the SMTP hop or the path email took when it was sent by the sender server and reached your inbox.

Multiple SMTP hop can indicate the multiple touchpoints email went through while reaching the recipient's inbox.

Received from shown in email header

Related guide: A Guide to Understanding SMTP or Simple Mail Transfer Protocol

4. Transport layer security (TLS )

TLS is a protocol that encrypts and delivers email securely. It helps prevent eavesdropping between mail servers – keeping the messages private while moving between email providers.

Transport layer security (TLS ) shown in email header

Gmail is one of the email clients that includes TLS in the header. If the TLS is not there, the Internet Service Provider (ISP) will show a red unlocked icon near the front address, indicating that the message reached the recipient but wasn't encrypted.

5. Authenticated received chain (ARC)

ARC encapsulates all the authentication pieces.

ARC-seal, ARC-signature, and ARC-authentication result shown in email header

Other information you can find in the header

  • Content-type: This section refers to media types of email content, consisting of a type and subtype. The content-type here is set to multipart/alternative, which means if an email client doesn't render any elements of an email, it'll show its fallback version.
  • MIME-Version: Multipurpose Internet Mail Extensions (MIME) -version is an internet standard that supports email attachments outside of the main message, like static images, video, GIFs, and audio components. MIME-Version is a required header indicating that this message is to use the rules of MIME. "MIME-Version: 1.0" is the only currently defined MIME-Version header allowed.
  • List-Unsubscribe: When you unsubscribe from an email, your email address is collected on the email address mentioned in this section.
  • X-Report-Spam: When you mark the email as spam, the notification goes to the email address mentioned in this section
  • X-Report-Abuse: When you mark the email as abuse, the notification goes to the email address mentioned in this section.

Content-type, MIME Version, List unsubscribe, X-Report-Spam, X-Report-Abuse section in email header

How to find an email header in different email clients?

All mail providers allow you to see the source of the incoming email or the email header, which we have discussed in the following sections:

Read and find an email header in Gmail

In Gmail webmail, follow these steps to check the email header:

  • Open the message, and in the left corner, click on the three dots.

  • Then click on the 'Show original.'

Steps to find an email header in Gmail - click on three dots and then click on "Show original."

An email header in Gmail webmail looks like this:

A real example of email header in Gmail

Read and find an email header in Outlook

On the Microsoft Outlook website, follow these steps to check the email header:

  • Click the three dots in the upper right corner of the email.

Step 1 to find an email header in Outlook - Open the message and click on three dots

  • Then, click on the “View ” in the menu to view the full email header.

Step 2  to find an email header in Outlook - Go to "View"

An email header in Outlook will look like this:

Representation of email header in Outlook

Read and find an email header in Apple Mail

In Apple Mail, follow these steps to check the email header:

  • Select the “View” option in the menu pane and choose the “Message” option.

  • Then, click on the “Raw Source” option.

Steps to find an email header in Apple Mail - Go to "View". Click on "Message" and then "Raw source."

Read and find an email header in Yahoo

In Yahoo Mail, follow these steps to check the email header:

  • Open the message and click the “More” button above it.

  • Then, click “View Raw Message".

5 best email header analyzer

These email header analyzers are free and easy to use. Follow these steps to use them:

  • Copy the email header from your respective email client
  • Paste it into one of these header analyzers.

Screenshot of Google Admin Toolbox's Messageheader tool

Source: Screenshot of Google's Message analyzer

Here are 5 of the best and free analyzer you can use:

  1. MXToolBox

  2. WhatIsMyIP.com

  3. MessageHeader by Google

  4. DNSchecker

  5. Mailheader.org

Conclusion

Analyzing an email header might seem daunting due to technical details. But, it helps understand the email infrastructure and spot any spam email by verifying the sender's authenticity.

But, you don't need to go through the entire header; just check the major component we mentioned in this guide, and you'll become a pro at it in no time. Furthermore, you can read guides on identifying and safeguarding against spoofed email addresses to protect yourself from potential email scams.

What you should do next

Hey there, thanks for reading till the end. Here are 3 ways we can help you grow your business:

  1. Talk to an email expert. Need someone to take your email marketing to the next level? Mailmodo’s experts are here for you. Schedule a 30-minute email consultation. Don’t worry, it’s on the house. Book a meet here.

  2. Send emails that bring higher conversions. Mailmodo is an ESP that helps you to create and send app-like interactive emails with forms, carts, calendars, games, and other widgets for higher conversions. Sign up now and send 10k free emails/month. Sign up here.

  3. Get smarter with our email resources. Explore all our knowledge base here and learn about email marketing, marketing strategies, best practices, growth hacks, case studies, templates, and more. Access guides here.

Send 10k free emails/month

close