What is a header vs. envelope header?

A header is the visible metadata users see inside an email—From, To, Subject, Date, and so on. These are the Header From and Header To fields defined by RFC 5322.

The envelope header, however, operates at the SMTP level and follows RFC 5321. It includes the MAIL FROM and RCPT TO commands, which determine who the message is actually sent from and to at the server level.

The Envelope From (MAIL FROM) is the address where bounces go, and it appears as the Return-Path header in the final message. This is also the address used for SPF checks. The Envelope To (RCPT TO) defines the delivery recipient.

Behind the scenes, this separation is the reason spoofing can happen: the Header From and Envelope From do not have to match. DMARC was created to enforce alignment between the two, ensuring authenticity.

Think of it as the outer packaging around a letter—the post office needs it, but the recipient rarely sees it.