Why would I need to look at email headers?

Headers reveal what happened to a message between sending and delivery. You'll examine them when troubleshooting problems or verifying configuration.

• Troubleshooting delivery issues:
• Why did this land in spam? Check Authentication-Results and X-Spam headers
• Why was it delayed? Trace timestamps in Received headers
• Which server rejected it? Error codes appear in bounce headers
• Verifying authentication:
• Did SPF pass? Look for Received-SPF or Authentication-Results
• Did DKIM validate? Authentication-Results shows dkim=pass or fail
• What was the DMARC verdict? Authentication-Results includes dmarc=pass/fail
• Tracing message routing:
• Which servers handled this? Read Received headers bottom to top
• Did it go through expected infrastructure? Verify IP addresses and hostnames
• Was it forwarded? Multiple Received headers from different organizations suggest forwarding
• Investigating suspicious email:
• Is this phishing? Compare header From with envelope and authentication results
• Where did it really come from? Trace originating IP in first Received header
• Headers are the black box recorder. When something goes wrong, they tell you what happened and where.