What is Header (Email Header)? | Email Verification & Deliverability Glossary

Definition

Metadata lines prepended to every email containing routing, origin, and authentication info.

Expanded Explanation

What Is an Email Header?

An email header is a block of metadata prepended to every email message — invisible to most recipients in their email client's default view, but containing rich information about where the message came from, how it was routed, what authentication checks it passed, and when it was sent. Headers are added by every server the message passes through, creating a chronological record of the email's journey from sender to recipient.

Key Email Header Fields

From: the sender's address (visible to recipients). To/CC/BCC: recipients. Subject: message subject line. Date: when the message was sent. Message-ID: a unique identifier for the message. Reply-To: where replies should go (if different from From). Received: a chain of server-added entries showing routing path. X-Mailer / X-Mailer-Info: often reveals the sending platform. Return-Path (Envelope-From): the bounce address where delivery errors go. Authentication-Results: SPF, DKIM, DMARC pass/fail results added by the receiving server.

Headers and Email Authentication

Email authentication protocols work primarily through headers. The DKIM-Signature header carries the cryptographic signature. The Authentication-Results header (added by the receiving server) records whether SPF, DKIM, and DMARC passed or failed. Spam filters read these headers to make filtering decisions. If you're troubleshooting deliverability problems, the Authentication-Results header is often the first place to look — it tells you exactly what the receiving server concluded about your message's authentication.

Received Headers and Email Tracing

Each server that handles a message adds a Received: header. These headers accumulate in reverse chronological order — the first Received: header at the top is the most recent, and the last one at the bottom is closest to the original source. Tracing a message through its Received headers reveals the path it took, including any third-party services, forwarding servers, or unexpected routing. This is essential for diagnosing delivery delays, identifying spoofed messages, and understanding your sending infrastructure.

The From Header and Phishing

The "From" header is the primary identity signal visible to email recipients — and it's also the most frequently abused in phishing and email spoofing attacks. An attacker can send an email with a forged From: header claiming to be from any domain, regardless of where the email actually originated. This is precisely what DMARC is designed to prevent: it requires alignment between the From header domain and the domain validated by SPF or DKIM, closing the gap that makes header spoofing dangerous.

Reading Email Headers

Most email clients allow you to view the full headers of a message (usually under "View Source" or "Show Original"). Tools like Google Admin Toolbox's Message Header Analyzer make headers human-readable by parsing them into structured format. Understanding headers is an important skill for anyone involved in email deliverability troubleshooting — it's the ground truth of what actually happened to a specific message.