This is a reference guide on how to read the full email headers, also known as long headers or internet headers, from an email message.
This guide is provided to learn how to read and understand an email header. To understand an email header, we need to analyze the life of the email. Most of the time, it appears that email is passed directly from the sender directly to the recipient. This isn't necessarily true: A typical email will usually pass through a number of hops before delivery to the recipient's mailbox.
Headers include such details as the sender, recipient, subject, sending time stamp, receiving time stamps, unique message-id and much more. They are very useful in troubleshooting common issues, such as tracking spam or searching for specific email messages in the MailEssentials debug logs.
How to Read Email Headers
Most mail clients allow access to the message header. This section provides the procedure to obtain the email header by using some of the most common email clients. Please refer to the user manual of your specific mail client if the one you are using is not included in this list.
How to find the Email Header
To find the Email Header of an email in Outlook 2007, right-click an email on the list and choose Message Options from the shortcut menu. A new window will open with the Internet headers section at the bottom (you can copy the section's content to any text editor and use the editor's search options).
Outlook 2010, 2013 and 2016
To find the Internet Headers in Outlook 2010 and later, you need to:
- Open an email in a new window (you can do it by double-clicking any message on your email list).
- Go to the File menu and on the Info tab click the Properties button (Fig. 1.).
- A new window will open with the Internet headers section at the bottom.
- The Message-ID property is displayed in the Internet headers section (Fig. 2.). The easiest way to view the entire header is to copy the whole section's content and paste it into a text editor.
For Email received in a Gmail mailbox, you can obtain the Email headers by following the below steps:
- From a browser, open Gmail.
- Open the email you want to check the headers for.
- Next to Reply , click More Show original.
The headers will show in a new window. To get the full message header, click Download original.
Obtaining the Email header is a critical first step when you are looking to find the Message-ID for a specific Email. MailEssentials debug logs differentiate emails using the Message-ID, so when troubleshooting a problem through reading debug logs, it is important that we get an email containing the email header information.
Analyzing the Email Header
Sample Email Header extract:
Received: from EXCHSVR01.TEST.COM ([fe88::932e:851c:fef:127e]) by
GREEXCH01.GULF-RE.COM ([fe81::152e:831c:fef:120e%20]) with mapi id
14.03.0382.000; Sun, 15 Mar 2020 12:41:44 +0300
Return-Path: "James Doe" <jamesdoe1@TEST.COM>
Content-Type: application/ms-tnef; name="winmail.dat"
From: "James Doe" <jamesdoe1@TEST.COM>
To: John Doe <johndoe@TEST.COM>, Jane Doe
Subject: FW: RE: outstanding payments
Thread-Topic: RE: outstanding payments
Date: Sun, 15 Mar 2020 12:41:43 +0300
Note: It is important to know that when reading an email header every line can be forged, so only the Received: lines that are created by your service or computer should be completely trusted.
A typical header will contain several line items, a few of the most important ones are described below:
The received is the most important part of the email header and is usually the most reliable. They form a list of all the servers/computers through which the message traveled in order to reach you.
The received lines are best read from bottom to top. That is, the first "Received:" line is your own system or mail server. The last "Received:" line is where the mail originated. Each mail system has their own style of "Received:" line. A "Received:" line typically identifies the machine that received the mail and the machine from which the mail was received.
|From||This displays who the message is from, however, this can be easily forged and can be the least reliable.|
|To||This shows to whom the message was addressed, but may not contain the recipient's address.|
|Subject||This is what the sender placed as a topic of the email content.|
|Date||This shows the date and time the email message was composed.|
|Message-ID||A unique string assigned by the mail system when the message is first created.|
|Return-Path||The email address for return mail. This is the same as "Reply-To:".|
|Content-Type||Generally, this will tell you the format of the message, such as html or plaintext.|
|Message Body||This is the actual content of the email itself, written by the sender.|