Why would I need to look at email headers?

Still have a question, spotted an error, or have a better explanation or a source we should cite?

An email lands in spam and you have no idea why. Or a message never showed up, and your ESP says it was delivered. Where do you even start? That's exactly when you pull up the email headers.

Email headers are the hidden metadata attached to every message. They record every hop the email took from sender to inbox, along with the authentication checks that ran along the way. Most people never see them. But when something goes wrong, they're the closest thing you've got to a flight recorder.

Here are the main reasons you'd actually open them up:

Troubleshooting delivery problems. If a message landed in spam, the Authentication-Results header will tell you whether SPF, DKIM, or DMARC passed or failed. If there was a delay, the timestamps inside each Received header show you exactly where the message sat and for how long. If it bounced, the error codes in the bounce headers point to which server rejected it and why.

Verifying your authentication setup. You can check whether SPF and DKIM are actually working by looking at what the receiving server recorded, not just what your sending setup claims. There's a real difference between "SPF is configured" and "SPF passed on this specific message."

Tracing message routing. Received headers stack up in reverse order, one for each server that touched the email. Reading them from bottom to top shows you the full path. If a message was forwarded unexpectedly, or went through infrastructure you don't recognize, that'll show up here (and it can explain why authentication broke).

Spotting suspicious or spoofed email. If something looks like phishing, the headers let you compare the visible From address against the actual originating IP and the envelope sender. A lot of spoofed messages look convincing on the surface and fall apart the moment you check the headers.

You don't need to read headers every day. But when something breaks, they're usually the fastest way to figure out what actually happened. Our free Email Header Analyzer can parse them for you so you're not squinting at raw text.

Contributors

Who worked on this answer

Every name links to their profile. Every company links to their site. Real people, real accountability.

Ask an AI · tailored to your setup

Diagnose my header issue

I'm trying to debug an email delivery problem and need to use headers to figure out what went wrong. My sending domain is domain, the recipient is at recipient domain or provider, and the issue is [describe: landed in spam / delayed / bounced / suspected phishing]. Based on that, what should I look for in the headers first, and what would a pass or fail actually look like?

Edit the yellow boxes, then send to the AI of your choice.