How to read email headers
Learn how to read email headers, including Authentication-Results, Received headers, Return-Path, From, and other fields used in email troubleshooting.
Why email headers matter
Email headers contain the routing and authentication metadata for a message. They are often the first place to look when troubleshooting spoofing concerns, deliverability problems, or routing anomalies.
A good header review can tell you how a message travelled, whether SPF, DKIM, and DMARC passed, and which systems handled it.
Important headers to check
- Authentication-Results
- Received
- From
- Return-Path
- Reply-To
- Message-ID
- Date
- Subject
Authentication-Results
Authentication-Results usually contains SPF, DKIM, and DMARC evaluation results added by a receiving system.
This is often the quickest place to see whether email authentication passed, failed, or produced softer outcomes such as softfail.
Received headers
Received headers show the path a message took through mail systems. Reading them from the bottom upward often gives the clearest sense of the route.
Multiple Received headers are normal. They are one of the best sources for tracking handoff points.
From vs Return-Path
The From header is the user-visible sender identity. Return-Path is related to bounce handling and envelope sender behaviour.
These two values can differ, and that difference can matter when looking at SPF and DMARC alignment.
What to look for in practice
- Whether SPF passed or failed
- Whether DKIM passed or failed
- Whether DMARC passed or failed
- Whether the Received chain makes sense
- Whether From, Return-Path, and Reply-To relationships look suspicious