What do “Received” headers mean?

Received headers are added by every mail server that processes a message. Each header records one hop in the delivery chain. Reading them reveals the complete path from sender to recipient.

A typical Received header:

Received: from mail.example.com (mail.example.com [192.0.2.1]) by mx.recipient.com with ESMTPS id abc123 for <user@recipient.com>; Tue, 5 Feb 2026 10:30:00 -0500

Breaking it down:

from: The server that sent the message (claimed hostname and verified IP)

by: The server that received it

with: Protocol used (SMTP, ESMTP, ESMTPS for TLS-encrypted)

id: Server's internal tracking ID

for: Recipient address

timestamp: When this server received the message

Reading order: Received headers stack on top. The newest (last server) is at the top; the oldest (origin) is at the bottom. Read bottom-up for chronological order.

Forensic use: Compare timestamps to find delays. Check IPs against reputation databases. Verify the path matches expected routing.

Each Received header is a port-of-call stamp in the ship's passport.