Why would I need to look at email headers?

Headers reveal what happened to a message between sending and delivery. You'll examine them when troubleshooting problems or verifying configuration.

Troubleshooting delivery issues:

Why did this land in spam? Check Authentication-Results and X-Spam headers

Why was it delayed? Trace timestamps in Received headers

Which server rejected it? Error codes appear in bounce headers

Verifying authentication:

Did SPF pass? Look for Received-SPF or Authentication-Results

Did DKIM validate? Authentication-Results shows dkim=pass or fail

What was the DMARC verdict? Authentication-Results includes dmarc=pass/fail

Tracing message routing:

Which servers handled this? Read Received headers bottom to top

Did it go through expected infrastructure? Verify IP addresses and hostnames

Was it forwarded? Multiple Received headers from different organizations suggest forwarding

Investigating suspicious email:

Is this phishing? Compare header From with envelope and authentication results

Where did it really come from? Trace originating IP in first Received header

Headers are the black box recorder. When something goes wrong, they tell you what happened and where.