Email Headers

In this article we will explain what are email headers and how to change them.

What is an email header?

An email header is a fragment of code in an HTML email that comprises information about the sender, receiver, email’s route to the inbox, and authentication details.

What does an email header look like?

An example of an email header.

Main points of email headers

1. Received: from

An email code excerpt with the Received: From point.

Received: from reveals which address the email was sent from. It also reveals the sender’s IP address. Timestamps and the destination email address are also included.

ESMPT ID is the Enhanced Simple Mail Transport Protocol ID that computers connected to the Internet use to send emails. It is also the protocol that servers use to transfer email between them.

SMTP transactions typically have 4 parts:

  • HELO (EHLO): Extended Simple Mail Transfer Protocol used by email servers that communicate with one another
  • MAIL FROM: Command that starts a mail transfer
  • RCPT TO: Command that identifies the recipient
  • DATA: Message and message headers, including From: and To:.

Many spam filters run after HELO, MAIL FROM and RCPT TO but before DATA. That is because once you accept the DATA, you cannot bounce the message. This is why the filters that run on the message content, including the filters you set up yourself, cannot bounce mail.

2. Message-ID of Email Header

Message-ID reveals a unique message identification number.

3. MIME-version

MIME (Multipurpose Internet Mail Extensions) extends the format of an email by supporting text and non-text attachments like application files, audio and video files, images and message bodies with multiple parts.

4. X-Spam-Summary

Rules that are set up to identify spam. Used by Spamcop, SpamAssassin and similar services.

5. X-CSA-Complaints

CSA (Certified Senders Alliance) provides a whitelist for bulk email senders.

6. Content-Type

An encryption method that allows viewing older emails using new technology.

7. Email signatures

The DKIM (DomainKeys Identified Mail) signature is included in email messages to reveal information about the sender, the message and the public key location. DKIM is required by such mailbox providers as AOL, Google Mail, Outlook and Yahoo Mail to verify the sender’s identity and prevent email spoofing.

The DKIM signature can include these values:

  • v – version of the DKIM standard that is used
  • a – cryptographic algorithm used to create the hash
  • c – identifies whether changes to the email like line wrapping or adding whitespace is allowed (canonicalization)
  • s – reveals the selector record name to query the correct public key from the d value
  • d – the domain that signed the message
  • h – the SMTP headers that are included in the cryptographic hash
  • i – the identity of the signer in email address format
  • b – the cryptographic signature that is encoded in Base64


How can I see the headers of a message?

  • Gmail: In the top right corner of the message, click the down arrow next to the Reply button. Select the option to display the original.
  • Yahoo!: Select the ellipses (…) in the toolbar at the top of the message and choose View Raw Message.
  • Outlook: In a new window, open the email. Select Properties from the File tab. In the Internet Headers box, look for email headers.
  • Mac Mail app: Click View, then Message and All Headers. As an alternative, you can use shortcut keys: ShiftCommandH.

Why do so many headers start with X-?

Computers that handle messages append their own headers. It is accepted to start custom headers with X-, which helps to ensure that custom headers do not use defined headers.

What is an envelope sender?

An email has envelope sender and From: addresses. The envelope sender address shows where the email originated. The From: address shows where to respond. In most cases, they match, but not in all cases.

Spammers and scammers often abuse the mismatch of addresses. They can change the From: address part to something that recipients are likely to recognize. However, the envelope sender stays in their control.

What to do if you received a spam email with Heficed IP address?

Extract the header from your email and send an abuse report. Our Abuse team will handle the issue as soon as possible.

Was this article helpful?

Need support?

If you need any further help, don't hesitate to send a support request to our support team.