Skip to main content

What are email headers?

Every email has two parts: the headers and the body. The body is the content you see — the message, images, and links. The headers are metadata attached to the email that describe where it came from, how it got to you, and whether it passed authentication checks. Headers are like a shipping label on a package. The recipient doesn’t usually look at them, but they contain all the routing and verification information.

How to view email headers

Gmail

  1. Open the email
  2. Click the three dots menu (top right)
  3. Click Show original

Outlook

  1. Open the email
  2. Click File > Properties
  3. Headers are in the Internet headers box

Apple Mail

  1. Open the email
  2. Click View > Message > All Headers

Key headers

From

The visible sender address. This is what the recipient sees in their inbox. 
From: SendKit <hello@mail.sendkit.dev>
The From header can be spoofed — anyone can set it to any address. This is why authentication protocols (SPF, DKIM, DMARC) exist.

To

The recipient’s address. 
To: paulo@acme.com

Subject

The email subject line. 
Subject: Your API key is ready

Date

When the email was sent. 
Date: Mon, 14 Mar 2026 10:32:00 -0300

Message-ID

A unique identifier for the email. No two emails should have the same Message-ID. 
Message-ID: <abc123@mail.sendkit.dev>

Reply-To

The address that receives replies. Can be different from the From address. 
Reply-To: support@acme.com

Return-Path

The envelope sender — where bounce notifications are sent. This is what SPF checks against (not the From header). 
Return-Path: <bounces@send.acme.com>

Received

The most important header for debugging. Each mail server that handles the email adds a Received header. They’re read bottom to top — the bottom one is the first server, the top one is the last. 
Received: from send.acme.com (send.acme.com [1.2.3.4])
        by mx.google.com with ESMTPS id abc123
        for <paulo@gmail.com>;
        Mon, 14 Mar 2026 10:32:05 -0300
This tells you:
  • from — the sending server (send.acme.com)
  • by — the receiving server (mx.google.com)
  • with ESMTPS — the connection used TLS encryption
  • for — the recipient
  • timestamp — when this hop occurred

Authentication-Results

Added by the recipient’s mail server. Shows the results of SPF, DKIM, and DMARC checks. 
Authentication-Results: mx.google.com;
       dkim=pass header.d=acme.com header.s=sendkit;
       spf=pass (google.com: domain of bounces@send.acme.com designates 1.2.3.4 as permitted sender);
       dmarc=pass (p=REJECT sp=REJECT) header.from=acme.com
This is the header to check when debugging deliverability issues.

DKIM-Signature

The DKIM signature added by the sending server. 
DKIM-Signature: v=1; a=rsa-sha256; d=acme.com; s=sendkit;
  h=from:to:subject:date;
  bh=abc123...;
  b=xyz789...

List-Unsubscribe

Tells email clients how to let the recipient unsubscribe. Gmail and other providers show an “Unsubscribe” link next to the sender name when this header is present. 
List-Unsubscribe: <mailto:unsubscribe@acme.com>, <https://acme.com/unsubscribe?id=123>
List-Unsubscribe-Post: List-Unsubscribe=One-Click

Reading headers for debugging

When debugging delivery issues, focus on these headers in order:

1. Authentication-Results

Are SPF, DKIM, and DMARC all passing? If any show fail, that’s likely your problem.

2. Received headers

Read bottom to top. Check the timestamps to find delays. If there’s a large gap between two Received headers, that hop is where the delay occurred.

3. X-Spam headers

Some providers add headers indicating spam scoring: 
X-Spam-Status: No, score=-1.2
X-Spam-Flag: NO
A negative score is good. A positive score means the filter found suspicious signals.

4. DKIM-Signature

If DKIM is failing, verify the d= (domain) and s= (selector) values match your DNS record.

FAQ

Some headers can be set by the sender (From, Reply-To, Subject). But headers added by receiving servers (Received, Authentication-Results) are trustworthy because they’re added after the email is received. This is why authentication checks are important — they verify the headers that the sender controls.
Each mail server that processes the email adds its own Received header. An email typically passes through 2–4 servers: the sending server, possibly an intermediary, and the recipient’s server(s). Each hop adds a header.
ESMTPS means the connection used TLS encryption. ESMTP means no encryption. In the Received header, this tells you whether that hop was encrypted.