What Are Email Headers?

The email header is a code snippet in an HTML email, that contains information about the sender, recipient, email’s route to get to the inbox and various authentication details.

What it looks like?

Main points of E-mail headers

1. Received: from

Received: from indicates us from which e-mail address we received e-mail, also we can see IP address from which e-mail was sent.

Timestamps and destination e-mail also included.

ESMPT ID – Enhanced Simple Mail Transport Protocol.

It is the method that computers connected to the Internet use to send email.

It is also the method that servers use to transfer email between them.

SMTP transactions typically have 4 parts:

· HELO (EHLO) Extended Simple Mail Transfer Protocol, where the computers talking identify themselves

· MAIL FROM, the envelope sender of the message is given

· RCPT TO, the address or addresses that the message will be sent to

· DATA, the actual message (which also has all the message headers, including From: and To:)

Many spam filters, run after HELO, MAIL FROM and RCPT TO, but before DATA. That's because, once you accept the DATA, you can no longer bounce the message. That is why any filters that run on the message content, including filters you set up yourself, cannot bounce mail.

2. Message-ID

Message-ID reveals us a unique message identification number which is genuine

3. MIME-version

Multipurpose Internet Mail Extensions are an Internet standard that extends the format of email by supporting text and non-text attachments like audio, video, images, message bodies with multiple parts, etc.

4. X-Spam-Summary

Spamcop, SpamAssasin and etc. Rules which identifies Spam mail.

5. X-CSA-Complaints


CSA acts as a neutral interface between mailbox providers and senders of commercial e-mails. The quality standards arise out of prevailing law and the technical requirements for mailbox providers.

6. Content-Type

Encryption method to view older e-mails on new technology.

7. E-mail signatures

DKIM - special header placed into each email message containing information about the sender, the message, and the public key location required for verification. This header field is required by all mailbox providers that use DKIM to verify your identity, including AOL, Gmail, Outlook.com, and Yahoo!

v, Version—version of DKIM standard being used

a, Algorithm—cryptographic algorithm used to create the hash

c, Canonicalization—whether changes to the email like whitespace or line wrapping is allowed.

s, Selector—selector to query the correct public key from the d value

d, Domain—the domain that signed the message

h, Headers—the SMTP headers that are included in the cryptographic hash

i, Identity—the identity of the signer, in email address format

b, Signature—the cryptographic signature of the headers and email body


1. How can I see the headers of a message?

Gmail: Click on the down arrow, next to the Reply button, at the top right corner of the message. Select "Show original".

Hotmail: Click on the down arrow, next to the Reply button, at the top right corner of the message. Select "View Message Source".

Yahoo!: At the bottom right corner of the message, click the link for "Full Headers".

Outlook 2010: Open the email in a separate window. Click the "File" tab. Select the Properties button. They are in the Internet Headers box.

Outlook 2007: Click on the small arrow to the right of Options. They are in the Internet headers box.

Outlook 2003: Right clicking on the message from your mailbox and select Options. They are in the Internet Headers box.

Thunderbird: Click View > Message Source.

Mac Mail.app: Click View->Message->Full Headers, or Shift-Command-H.

Microsoft Exchange: Click on File->Properties->Internet.

Eudora Pro: Go to the toolbar just above the message, and click the button that reads "blah blah blah".

AOL Mail: Right click on the message, then select "View Message Source".

Mutt: Hit "h".

Pegasus E-mail: press Ctrl-H.

2. Why do so many headers start with X-?

Any computer that handles a message is allowed to append its own headers. By convention, if a system wants to add its own custom header, it starts with X-. This is so they can be sure their custom headers don't accidentally take the name of any defined header, current or future.

3. What is an envelope sender?

An email has two addresses associated with sending it: the envelope sender, and the From: address. The envelope sender is where computers should respond (in the case of bounce messages or errors); the From: address is where people should respond. In most cases, the envelope sender and the From: address match. But they don't always, and they don't have to. Unfortunately, this is a "feature" of email that spammers and scammers can and do abuse. When you get a message picked up as spam that's "from" your bank, or another trusted institution, they've generally changed the From: address to be at a domain you recognize, while leaving the envelope sender as something they control.

4. What to do if you received SPAM e-mail with Heficed IP address?

First of all you need to extract header from your e-mail, check out above then to open https://www.heficed.com/report-abuse website and fill the form, our lovely team will handle all issues efficiently.

Did this answer your question?