How to Read Email Headers
Learn which email headers explain sender identity, delivery path, and authentication results.
Start with Authentication-Results
Authentication-Results is the quickest summary of SPF, DKIM, and DMARC. If one of them is missing or failing, delivery and trust can suffer.
Look for pass, fail, neutral, or none values, then compare the domains shown next to each result.
Read Received from bottom to top
Each Received line is added by a mail server. The oldest hop is usually near the bottom and the newest hop is near the top.
Unexpected hops, private relays, or mismatched hostnames can explain delays or suspicious routing.
Email Tools
FAQ
Can headers prove who sent an email?
They provide useful evidence, but spoofed or incomplete headers still need careful interpretation.
Which header is best for spam troubleshooting?
Start with Authentication-Results and Received, then compare SPF, DKIM, DMARC, From, and return-path domains.