Email Headers

What Are Email Headers?

An email header is a code snippet in an HTML email containing information about the sender, recipient, email’s route to the inbox and authentication details.

What it looks like?

Main points of email headers

1. Received: from

Received: from reveals which address the email was sent from. It also reveals the sender’s IP address. Timestamps and the destination email address are also included.

ESMPT ID is the Enhanced Simple Mail Transport Protocol ID that computers connected to the Internet use to send emails. It is also the protocol that servers use to transfer email between them.

SMTP transactions typically have 4 parts:

  • HELO (EHLO) – an Extended Simple Mail Transfer Protocol used by email servers that communicate with one another
  • MAIL FROM – a command that starts a mail transfer
  • RCPT TO – the command that identifies the recipient
  • DATA – the message and message headers, including From: and To:.

Many spam filters run after HELO, MAIL FROM and RCPT TO, but before DATA. That is because once you accept the DATA, you cannot bounce the message. This is why the filters that run on the message content, including the filters you set up yourself, cannot bounce mail.

2. Message-ID

Message-ID reveals a unique message identification number.

3. MIME-version

MIME (Multipurpose Internet Mail Extensions) extends the format of an email by supporting text and non-text attachments like application files, audio and video files, images and message bodies with multiple parts

4. X-Spam-Summary

Rules that are set up to identify spam. Used by Spamcop, SpamAssassin and similar services.

5. X-CSA-Complaints

CSA (Certified Senders Alliance) provides a whitelist for bulk email senders.

6. Content-Type

An encryption method that allows viewing older emails using new technology.

7. Email signatures

The DKIM (DomainKeys Identified Mail) signature is included in email messages to reveal information about the sender, the message and the public key location. DKIM is required by such mailbox providers as AOL, Google Mail, Outlook and Yahoo Mail to verify the sender’s identity and prevent email spoofing.

The DKIM signature can include these values:

  • v – version of the DKIM standard that is used
  • a – cryptographic algorithm used to create the hash
  • c – identifies whether changes to the email like line wrapping or adding whitespace is allowed (canonicalization)
  • s – reveals the selector record name to query the correct public key from the d value
  • d – the domain that signed the message
  • h – the SMTP headers that are included in the cryptographic hash
  • i – the identity of the signer in email address format
  • b – the cryptographic signature that is encoded in Base64


How can I see the headers of a message?

  • Gmail: Click the down arrow next to the Reply button in the top right corner of the message. Select Show original.
  • Hotmail: Click the down arrow next to the Reply button in the top right corner of the message. Select View Message Source.
  • Yahoo!: Click the Full Headers link in the bottom right corner of the message.
  • Outlook 2010: Open the email in a separate window. Click the File tab and select Properties. See headers in the Internet Headers box.
  • Outlook 2007: Click the arrow on the right of Options. See headers in the Internet headers box.
  • Outlook 2003: Right-click the message from your mailbox and select Options. See headers in the Internet Headers box.
  • Thunderbird: Click View and then Message Source.
  • Mac Click View, then Message and Full Headers. Alternatively, tap ShiftCommandH keys.
  • Microsoft Exchange: Click File, then Properties and Internet.
  • Eudora Pro: Go to the toolbar above the message and click the button that reads blah blah blah.
  • AOL Mail: Right-click the message and select View Message Source.
  • Mutt: Use the H key on the keyboard.
  • Pegasus Email: Use the CtrlH key combination.

Why do so many headers start with X-?

Computers that handle messages append their own headers. It is accepted to start custom headers with X-, which helps to ensure that custom headers do not use defined headers.

What is an envelope sender?

An email has envelope sender and From: addresses. The envelope sender address shows where the email originated. The From: address shows where to respond. In most cases, they match, but not in all cases.

Spammers and scammers often abuse the mismatch of addresses. They can change the From: address part to something that recipients are likely to recognize. However, the envelope sender stays in their control.

What to do if you received a spam email with Heficed IP address?

Extract the header from your email and send an abuse report. Our Abuse team will handle the issue as soon as possible.

Was this article helpful?

Still need help?

Heficed Slack Community

Get involved in Heficed Slack community. Get updates, ask questions, connect with peers.

Heficed Slack

Need support?

If you need any further help, don't hesitate to send a support request to our support team.