Email Header Analyzer

Paste your email headers or upload an .eml file to see what every header means in plain English.

Copy the full headers from your email client. Not sure how? See the guide below for Gmail, Outlook, Yahoo, and Apple Mail.
Drop .eml file here or click to browse
Export the email as .eml from your email client, then drag it here.

How to Find Email Headers

Gmail
Open the email → Click the three dots (⋮) → "Show original" → Copy the headers
Outlook (Web)
Open the email → Click the three dots (⋯) → "View" → "View message source" → Copy the headers
Apple Mail
Open the email → View menu → "Message" → "All Headers" → Select and copy
Yahoo Mail
Open the email → Click the three dots (⋯) → "View raw message" → Copy the headers
You can also export the email as an .eml file and upload it directly. Browse all 168 email headers below →

Step-by-Step Instructions for Every Email Client

Select your email client below for detailed instructions on how to view and copy the full message headers.

  1. Open the email you want to inspect.
  2. Click the three-dot menu (⋮) next to the Reply button in the top-right corner.
  3. Select "Show original" from the dropdown menu.
  4. A new tab opens with the full headers and raw message source.
  5. Click "Copy to clipboard" at the top, or select all text and copy manually.

Tip: The same steps work for Google Workspace accounts.

  1. Open the email you want to examine.
  2. Click the three-dot overflow menu (⋯) at the top of the message.
  3. Select "View" and then choose "View message source".
  4. A new window or panel appears showing the full message source with all headers.
  5. Select all text (Ctrl+A or Cmd+A) and copy it.

Tip: These steps also work for Hotmail, Live.com, and MSN email accounts.

  1. Open the email in Yahoo Mail.
  2. Click the three-dot overflow menu (⋯) at the top of the message.
  3. Select "View raw message" from the dropdown.
  4. A new tab opens with the complete raw message including all headers.
  5. Select all the text and copy it to your clipboard.
  1. Open the email in AOL Mail.
  2. Click the three-dot overflow menu (⋯) at the top-right of the message.
  3. Select "View message source" or "View raw message".
  4. A new window displays the full raw headers and body.
  5. Select all and copy the text.

Tip: AOL Mail uses a similar interface to Yahoo Mail since both are owned by the same company.

  1. Open the email in Zoho Mail.
  2. Click the dropdown arrow next to the "Reply" button, or click the three-dot menu.
  3. Select "Show original" from the menu.
  4. The full headers and raw source appear in a new panel or tab.
  5. Copy the entire content.
  1. Open the email in ProtonMail.
  2. Click the "More" button (three dots) at the top of the message.
  3. Select "View headers" from the dropdown.
  4. A dialog box appears with the full email headers.
  5. Click "Copy headers" or manually select and copy the text.

Tip: ProtonMail decrypts the message body but the transport headers are still available.

  1. Open the email in FastMail.
  2. Click the three-dot overflow menu (⋯) in the message toolbar.
  3. Select "Show raw message" or "View source".
  4. The full raw message opens in a new view with all headers visible.
  5. Select all and copy.
  1. Open the email you want to check.
  2. Click the "i" information icon or the three-dot menu at the top of the message.
  3. Select "Show header information" or "View all header information".
  4. A panel or popup appears with the full headers.
  5. Select all the header text and copy it.

Tip: Mail.com and GMX share the same underlying platform, so the steps are identical.

  1. Open the email in iCloud Mail on the web (icloud.com/mail).
  2. Select the message, then click the gear icon or action menu.
  3. Choose "Show message source" or "View raw source".
  4. A new window displays the complete raw message.
  5. Select all and copy the headers.

Tip: For the iCloud Mail app on macOS, use the Apple Mail instructions below instead.

  1. Open the email by double-clicking it so it opens in its own window.
  2. Go to File > Properties.
  3. Look for the "Internet headers" text box at the bottom of the Properties dialog.
  4. Click inside the text box, press Ctrl+A to select all, then Ctrl+C to copy.

Tip: If the text box is too small, paste the headers into a text editor to read them more easily.

  1. Double-click the email to open it in a separate window.
  2. Click File in the top-left, then select Properties.
  3. The "Internet headers" box at the bottom of the dialog contains the full headers.
  4. Click inside the box, select all (Ctrl+A), and copy (Ctrl+C).
  1. Double-click the message to open it in its own window.
  2. Go to File > Info > Properties (or click the small dialog launcher arrow in the Tags group).
  3. Scroll down to the "Internet headers" section.
  4. Select all header text and copy it.
  1. Open the email by double-clicking it.
  2. Go to the View menu and select "Message Options" (or right-click the message and choose "Message Options").
  3. The internet headers appear in the text box at the bottom of the dialog.
  4. Select all text in the box and copy it.
  1. Select the email in the message list (do not open it).
  2. Go to File > Properties.
  3. Click the "Details" tab.
  4. Click the "Message Source" button to see the full raw source.
  5. Select all and copy the text.

Tip: Outlook Express was discontinued and replaced by Windows Mail. Consider upgrading to a current client.

  1. Open the email in Apple Mail.
  2. Go to the View menu in the menu bar at the top of the screen.
  3. Select "Message" and then "All Headers" (or press Shift+Cmd+H).
  4. All headers now appear at the top of the message view.
  5. Select the header text and copy it. Alternatively, use View > Message > Raw Source for the complete raw message.

Tip: Pressing Shift+Cmd+H toggles between default and full header views.

  1. The built-in Mail app on iPhone and iPad does not provide a way to view full email headers directly.
  2. The easiest workaround is to forward the email as an attachment to yourself, then view the headers on a desktop client or webmail.
  3. Alternatively, log in to your email provider's webmail interface (e.g., Gmail, Outlook.com) using Safari and follow the web-based instructions.

Tip: Some third-party iOS email apps like Spark or Edison offer header viewing options.

  1. Open the email in Mozilla Thunderbird.
  2. Go to View > Headers > All (this shows expanded headers in the message pane).
  3. For the full raw source, press Ctrl+U (or Cmd+U on Mac) to open the message source window.
  4. Select all header text (everything above the first blank line) and copy it.

Tip: SeaMonkey uses the same key shortcut (Ctrl+U) to show the raw message source.

  1. Open or select the email in eM Client.
  2. Right-click the message and choose "View mail source" (or press Ctrl+F9).
  3. A new window shows the full raw message source including all headers.
  4. Select all and copy the header portion.
  1. Open the email in The Bat!
  2. Press F9 or go to Special > View Source.
  3. The complete message source is displayed, with headers at the top.
  4. Select the header lines and copy them.
  1. Open the email in Mailspring.
  2. Click the three-dot menu at the top-right of the message.
  3. Select "Show original" or "View raw message".
  4. The raw message source opens in a new window.
  5. Copy the headers from the top of the source text.
  1. Select the email in Claws Mail.
  2. Go to View > Message Source (or press Ctrl+U).
  3. The full raw source appears in a separate window.
  4. Copy the header section from the top.

Tip: You can also toggle full headers in the message pane via View > Show all headers.

  1. The Gmail mobile app does not have a built-in option to view full email headers.
  2. Open Gmail in your phone's web browser (mail.google.com) and request the desktop site.
  3. Open the email, click the three-dot menu (⋮), and select "Show original".
  4. Copy the headers from the page that opens.

Tip: Requesting "Desktop site" in your mobile browser is usually in the browser's menu.

  1. Samsung Email does not provide a direct way to view full message headers.
  2. Forward the email as an attachment to yourself and open it on a desktop client or webmail that supports header viewing.
  3. Alternatively, log in to your email provider's web interface to view the headers there.
  1. Open the email in Spark.
  2. Tap the three-dot menu at the top of the message.
  3. Select "View raw headers" or "View original".
  4. Copy the displayed header text.

Tip: On Mac, you can also right-click a message and choose "Show raw source".

  1. Open the Exchange Admin Center (EAC) or use Exchange Management Shell.
  2. In EAC, go to Mail Flow > Message Trace to locate the message.
  3. Click on the message trace result and view the detail report for full header information.
  4. Alternatively, use PowerShell: Get-MessageTrackingLog for transport-level header data.

Tip: End users should use the Outlook desktop instructions above. Admin tools show transport logs rather than full RFC headers.

  1. Open the email in the Zimbra web client.
  2. Right-click the message in the message list (or click the dropdown arrow next to the message actions).
  3. Select "Show original" from the context menu.
  4. The full raw message source opens in a new browser tab.
  5. Select all and copy the headers.
  1. Open the email in Roundcube webmail.
  2. Click the "More" button (or three-dot menu) in the message toolbar.
  3. Select "View source" or "Show source" from the menu.
  4. The full message source appears in a new tab or window.
  5. Copy the header portion from the top of the source.

Tip: Some Roundcube installations also show a "Headers" toggle in the message view to expand all headers inline.

  1. Open the email in Horde webmail.
  2. Click the "View Source" link or icon, usually located at the top of the message view.
  3. The raw message including headers is displayed.
  4. Select all and copy the header text.
  1. Log in to cPanel Webmail (usually at yourdomain.com/webmail or yourdomain.com:2096).
  2. Open the email using whichever webmail app is configured (Roundcube or Horde).
  3. Follow the Roundcube or Horde instructions above depending on your interface.
  4. If using Roundcube: "More" > "View source". If using Horde: click "View Source".

Tip: cPanel typically defaults to Roundcube. You can switch webmail apps from the cPanel Webmail selection screen.

  1. Open the email in Lotus Notes (HCL Notes).
  2. Go to View > Show > Page Source.
  3. The raw message is shown including all Internet headers.
  4. Select and copy the header section from the top.

Tip: In newer versions of HCL Notes, you may also right-click the message and choose "View Internet Headers".

All 168 Email Headers Explained

A complete reference to every email header you might encounter. Search for any header name or keyword.

Sender

Headers that identify who sent the email and where replies should go.

FromSender
The email address and display name of the person who sent the message. This is the primary 'from' address visible to recipients.
Reply-ToSender
The address where replies should be sent, if different from the From address. Commonly used by mailing lists and no-reply senders. If it points to a completely different domain than From, it can be a phishing red flag.
SenderSender
The actual sender of the message when it differs from the From address. For example, when an assistant sends on behalf of a manager.

Recipient

Headers that specify who the email is addressed to.

ToRecipient
The primary recipient(s) of the email. This is the main address the message is directed to.
CcRecipient
Carbon copy recipients who receive a copy of the email. All recipients can see who was CC'd.
BccRecipient
Blind carbon copy recipients who receive a copy without other recipients knowing. This header is stripped before delivery.

Routing

Headers that trace how the email traveled from sender to recipient.

The bounce address where undeliverable notifications are sent. Set by the receiving server from the SMTP envelope. This is the domain checked for SPF alignment.
ReceivedRouting
Added by each mail server that handles the message during transit. Read bottom-to-top, these create a traceable path showing every hop the email took from sender to recipient.
The final recipient email address the message was delivered to. Added by the receiving mail server to confirm delivery.
The recipient address from the SMTP envelope, which may differ from the To header. Used internally by mail servers for routing.
The original recipient address before any alias expansion or forwarding took place. Helpful for diagnosing delivery routing.
X-ReceivedRouting
Similar to the standard Received header but used by Google and some other providers for internal routing within their infrastructure.
Records the address a message was forwarded to. Shows the forwarding chain when email forwarding rules are applied.
Records the original recipient address before forwarding. Helps trace the forwarding path of a message.
Errors-ToRouting
An older header specifying where error notifications should be sent. Largely replaced by Return-Path but still used by some legacy systems.
The internal queue identifier assigned by the Postfix mail server. Useful for correlating log entries when troubleshooting delivery.
X-SieveRouting
Indicates the message was processed by a Sieve mail filtering script on the server. Sieve is a standardized language for server-side email filtering.
Identifies the transport mechanism or protocol used for message delivery. Some servers add this to record whether TLS was used.

Authentication

Headers related to SPF, DKIM, DMARC, and ARC verification.

Records the results of email authentication checks (SPF, DKIM, DMARC) performed by the receiving server. The primary header for understanding whether an email passed or failed authentication.
Received-SPFAuthentication
Records the result of the SPF (Sender Policy Framework) check, showing whether the sending server is authorized to send on behalf of the domain.
DKIM-SignatureAuthentication
A cryptographic signature added by the sending domain that proves the email has not been tampered with in transit. The core of DKIM authentication.
DomainKey-SignatureAuthentication
The predecessor to DKIM-Signature, used by Yahoo's original DomainKeys system. Now largely obsolete but may still appear in older systems.
A snapshot of the original authentication results captured by an intermediary server (like a mailing list). Part of the ARC protocol that preserves authentication through forwarding.
ARC-Message-SignatureAuthentication
A DKIM-like signature created by an intermediary as part of the ARC chain. Allows downstream servers to verify the message was not altered after the intermediary handled it.
ARC-SealAuthentication
A signature over the previous ARC headers that chains together all intermediary authentication snapshots. Ensures the integrity of the entire ARC chain.
Preserves the original Authentication-Results header when a message is forwarded or processed by an intermediary that adds its own results.
X-DKIM-ResultAuthentication
An alternative header for recording DKIM verification results. Some mail servers use this instead of or alongside Authentication-Results.

Metadata

Headers for message identification, dates, threading, and priority.

SubjectMetadata
The subject line of the email. It summarizes the content and is the first thing recipients see alongside the sender name.
DateMetadata
The date and time the message was composed by the sender. Required by RFC 5322 for every email.
Message-IDMetadata
A globally unique identifier assigned to each email. Used to track messages, prevent duplicates, and link replies to originals.
In-Reply-ToMetadata
Contains the Message-ID of the email being replied to. Helps email clients thread conversations together.
ReferencesMetadata
A list of Message-IDs for the entire conversation thread. Email clients use this to display messages as threaded discussions.
Indicates the message was generated automatically (auto-generated, auto-replied) rather than by a human. Prevents mail loops by telling servers not to send auto-replies.
X-MailerMetadata
Identifies the email client or software used to compose the message (e.g., Microsoft Outlook 16.0, Thunderbird). Can reveal the sender's email setup.
User-AgentMetadata
Similar to X-Mailer, identifies the email client software. More commonly used by non-Microsoft email clients like Thunderbird.
The IP address of the computer that originally sent the email. Can reveal the sender's geographic location and ISP. Some providers strip this for privacy.
X-PriorityMetadata
Sets the message priority on a 1-5 scale (1=Highest, 3=Normal, 5=Lowest). Email clients may display a flag or icon for high-priority messages.
ImportanceMetadata
Indicates the sender's assessment of message importance (High, Normal, Low). Used by Outlook and other clients to flag important messages.
A Microsoft-specific priority header (High, Normal, Low). Works alongside X-Priority for compatibility with Outlook and Exchange.
SensitivityMetadata
Indicates message sensitivity (Personal, Private, Company-Confidential, Normal). Outlook displays a banner for non-normal sensitivity levels.
Requests a read receipt from the recipient. When the recipient opens the message, their client may send a notification back to this address.
OrganizationMetadata
The name of the sender's organization or company. An informational header set by the sending email client.
Thread-TopicMetadata
The conversation topic, typically set by Microsoft Outlook. Used by Exchange to group related messages in a conversation view.
Thread-IndexMetadata
A Microsoft-specific identifier that encodes the conversation thread hierarchy. Used by Outlook to properly nest replies in a thread.
A reference identifier used by some services to link a message to a specific entity. Gmail uses this to deduplicate similar messages.
Identifies the marketing campaign associated with the email. Used by various ESPs and marketing platforms for campaign-level analytics.

MIME

Headers that describe the message format, encoding, and attachments.

Declares the MIME version used (almost always 1.0). Required for emails containing attachments, HTML, or non-ASCII content.
Specifies the media type of the message body (e.g., text/plain, text/html, multipart/mixed). Tells the email client how to display the content.
Indicates how the message body is encoded for safe transit (e.g., base64, quoted-printable, 7bit). Ensures binary or special characters survive email transport.
Tells the email client whether to display content inline or as a downloadable attachment. Also specifies the suggested filename for attachments.
A unique identifier for a MIME body part, used to reference embedded content like inline images within HTML emails.
A human-readable description of a MIME body part. Provides context about an attachment or embedded content.
Specifies the natural language(s) of the message content (e.g., en, fr, de). Helps email clients with language-specific rendering.

Spam

Headers containing spam scores and filtering verdicts.

The primary SpamAssassin verdict showing Yes/No, the spam score, the required threshold, and which tests were triggered. The most informative SpamAssassin header.
The numerical spam score assigned by SpamAssassin or similar filters. Higher scores mean more likely spam. Typically, 5.0+ is considered spam.
A simple YES or NO flag set by SpamAssassin indicating whether the message exceeded the spam threshold.
A visual representation of the spam score using asterisk characters (e.g., **** for a score of 4). Each asterisk represents one point.
A detailed report from SpamAssassin listing every test that fired, the points assigned, and a short description of each. Useful for diagnosing why a message was flagged.
The version of SpamAssassin or similar tool that scanned the message.
A report explaining why a message was classified as legitimate (ham). The opposite of X-Spam-Report.
Spam classification results from rspamd, a high-performance spam filter. Contains the score and triggered rules.
A visual representation of the rspamd spam score using plus or minus characters, similar to SpamAssassin's X-Spam-Level.
Spam classification from Bogofilter, a Bayesian spam filter. Values include Ham, Spam, or Unsure with a probability score.
Spam classification result from the DSPAM statistical filter (Innocent, Spam, or Whitelisted).
The confidence level (0 to 1) of the DSPAM filter's classification. Higher values indicate greater certainty.

Security

Headers for virus scanning, abuse tracking, and encryption.

Indicates that the message was scanned for viruses and which scanner was used (e.g., ClamAV). Added by mail servers to confirm antivirus processing.
The result of the virus scan (Clean or Infected). Added alongside X-Virus-Scanned to indicate whether threats were found.
X-AntiAbuseSecurity
Added by cPanel/Exim servers to record information about the sending user, including their username and UID. Helps trace abuse to specific hosting accounts.
X-SourceSecurity
Identifies the source of the message within a hosting environment (e.g., the script or user that generated it).
The command-line arguments used to invoke the mail-sending program on the server. Helps hosting providers identify which script sent the email.
X-Source-DirSecurity
The directory on the server from which the email was sent. Helps hosting providers locate the script responsible.
Added by PHP when sending mail via the mail() function. Records the PHP script filename and UID for abuse tracing.
Alert information from Amavis, an email filter that integrates with SpamAssassin and ClamAV. Indicates detected threats.
TLS-RequiredSecurity
Indicates the message must be transmitted over a TLS-encrypted connection. If TLS is not available, the message should not be delivered.
Requests that the recipient's provider only deliver the message if the account has existed since the specified date. Prevents delivery to recycled email addresses.

Security Gateway

Headers added by enterprise email security appliances.

Indicates the message was processed by a Cisco IronPort anti-spam filter.
Contains the encoded anti-spam scan results from a Cisco IronPort appliance.
X-IronPort-AVSecurity Gateway
Antivirus scan results from a Cisco IronPort appliance, including the engine version and scan status.
X-Mimecast-Spam-ScoreSecurity Gateway
The spam score assigned by a Mimecast email security gateway.
X-Mimecast-OriginatorSecurity Gateway
Records the original sender information as determined by the Mimecast gateway.
Results from Mimecast's impersonation protection scan. Indicates whether the message was flagged as a potential impersonation attack.
Detailed spam analysis results from a Proofpoint email security gateway, including rule hits and scores.
The version of the virus scanning engine used by the Proofpoint gateway.
X-Barracuda-Spam-ScoreSecurity Gateway
The spam score assigned by a Barracuda email security gateway.
X-Barracuda-Spam-StatusSecurity Gateway
The spam verdict from a Barracuda gateway (Yes/No).
X-Barracuda-Spam-ReportSecurity Gateway
A detailed report of the spam tests triggered by the Barracuda email gateway.
X-Brightmail-TrackerSecurity Gateway
Tracking information from Symantec/Broadcom Brightmail anti-spam gateway.
X-TMASE-ResultSecurity Gateway
Anti-spam engine result from Trend Micro's email security product.
X-KLMS-AntiSpam-StatusSecurity Gateway
The anti-spam classification result from Kaspersky's mail security product.
X-KLMS-AntiPhishingSecurity Gateway
Phishing detection results from Kaspersky's mail security product.
X-KLMS-AntiVirusSecurity Gateway
Antivirus scan results from Kaspersky's mail security product.

Mailing List

Headers used for mailing list management and loop prevention.

List-UnsubscribeMailing List
Provides a URL or email address to unsubscribe from the mailing list. Gmail, Yahoo, and other clients show an 'Unsubscribe' button based on this header. Required for bulk senders since Feb 2024.
Enables one-click unsubscribe via a POST request. Works with List-Unsubscribe so recipients can unsubscribe without visiting a webpage. Required by Gmail and Yahoo for bulk senders.
List-IdMailing List
A unique identifier for the mailing list. Allows email clients to identify and filter messages from specific lists.
List-PostMailing List
The address to use for sending new messages to the mailing list.
List-HelpMailing List
A URL or email address where list members can get help or information about the mailing list.
List-SubscribeMailing List
The address or URL to subscribe to the mailing list.
List-ArchiveMailing List
A URL pointing to the online archive of the mailing list where past messages can be browsed.
List-OwnerMailing List
Contact information for the mailing list administrator.
PrecedenceMailing List
Indicates the priority class of the message (bulk, list, junk). Used to suppress auto-replies and out-of-office responses for mailing list messages.
A Microsoft header that suppresses specific types of automatic responses (OOF, AutoReply, etc.). Prevents out-of-office storms on mailing lists.
X-Mailman-VersionMailing List
The version of GNU Mailman mailing list software that processed the message.
X-BeenThereMailing List
Set by GNU Mailman to indicate the message has already been processed by this list. Prevents mail loops when lists are cross-posted.
X-Original-SenderMailing List
The original sender address preserved by mailing list or forwarding systems that rewrite the From header for DMARC compliance.

Deliverability

Headers for feedback loops, abuse reporting, and complaint handling.

Feedback-IDDeliverability
A structured identifier used by Gmail's Feedback Loop. Allows senders to track spam complaints broken down by campaign, mail stream, or business unit.
X-Complaints-ToDeliverability
The email address where abuse complaints about this message should be sent. Helps ISPs and recipients report unwanted emails.
X-Report-AbuseDeliverability
Provides instructions or a URL for reporting the message as abuse.
Feedback-TypeDeliverability
Used in Abuse Reporting Format (ARF) messages to classify the type of feedback (abuse, fraud, virus, etc.). Part of the feedback loop between ISPs.
X-CSA-ComplaintsDeliverability
The complaint address for senders certified by the Certified Senders Alliance (CSA). Indicates the sender is part of a trusted sender program.

Google

Internal headers added by Google and Gmail infrastructure.

An additional DKIM signature added by Google for internal verification. Used by Gmail to authenticate messages as they pass through Google's infrastructure.
An internal Gmail header containing encrypted state information about the message. Used by Google for internal processing and spam filtering.
Identifies the Google SMTP server that processed the message. Used by Google for internal tracking and diagnostics.
Records the original recipient address before Gmail alias expansion or forwarding. Helpful for diagnosing delivery when using Gmail aliases.
Records the original From address when Gmail rewrites it, such as when sending through a configured send-as address.
An internal identifier for Google Groups messages. Used to associate emails with specific Google Groups.
The original Message-ID before Google's servers may have rewritten it. Preserves the original identifier for tracking purposes.
X-Gm-SpamGoogle
An internal Gmail spam classification flag. Used in Gmail routing rules to tag messages identified as spam.
An internal Gmail phishing classification flag. Used in Gmail routing rules to tag messages identified as phishing attempts.
The Google App Engine application ID that sent the message. Present on emails sent from applications hosted on Google Cloud.
Indicates the message was sent via Google Workspace's delegate access feature, where one user sends on behalf of another.

Microsoft

Internal headers added by Microsoft, Outlook, and Exchange.

The Spam Confidence Level assigned by Microsoft Exchange. A score from -1 to 9 where -1 means trusted sender, 5+ goes to junk, and 7+ may be blocked.
Identifies which Exchange server authenticated the sender. Helps trace the authentication path within a Microsoft environment.
Indicates how the sender was authenticated (Internal, Anonymous, Partner). Helps distinguish internal emails from external ones in Exchange.
A flag set by Exchange indicating whether the message contains attachments. Used for compliance and filtering rules.
Links a message to its TNEF (winmail.dat) attachment, used by Microsoft for rich formatting in Outlook-to-Outlook emails.
The unique tenant identifier (GUID) for the Microsoft 365 organization that sent the message. Used for cross-tenant mail flow tracking.
Records the original arrival time of a message in a cross-tenant Exchange scenario. Useful for diagnosing delivery timing in Microsoft 365.
Indicates the type of entity that originated the message in a cross-tenant scenario (Hosted, HybridOnPrem, etc.).
The server that performed authentication in a cross-tenant message flow. Helps verify the authentication chain across Microsoft 365 tenants.
How the message was authenticated in a cross-tenant scenario (Anonymous, Internal). Used by Exchange Online Protection for trust decisions.
A unique identifier for tracking a message across different Microsoft 365 tenants. Useful for administrators tracing message flow.
Contains additional spam filtering details from Microsoft, including the Bulk Complaint Level (BCL) which rates how likely a message is unwanted bulk mail (0-9).
Detailed antispam analysis from Microsoft Defender for Office 365. Contains the Spam Filter Verdict (SFV), country of origin (CTRY), sender IP category, and other diagnostic fields.
Indicates the mailbox-level delivery action taken by Microsoft's antispam system: delivered to inbox, junk, or quarantined.
An encoded blob containing detailed antispam and anti-phish scan results from Microsoft. Used by Microsoft support for deep diagnostics.
Records the antivirus scan result and engine version used by Exchange's malware scanner. Confirms the message was scanned for viruses.
The originating organization's domain in Microsoft 365. Added by Exchange Online to identify which tenant sent the message.
The Phishing Confidence Level assigned by Exchange. Indicates how likely the message is a phishing attempt.
Properties set by Microsoft Defender for Office 365 Advanced Threat Protection. Indicates whether Safe Attachments or Safe Links scanning was performed.

Yahoo

Internal headers added by Yahoo Mail.

Yahoo Mail Inbound Spam Guard identifier. An internal Yahoo header used to track spam filtering decisions.
Indicates that Yahoo classified the message as bulk/marketing mail. Used internally by Yahoo for filtering decisions.
An internal Yahoo infrastructure identifier related to their message processing system.
Identifies the Yahoo property (e.g., ymail) associated with the message.
Added by Yahoo to disclose the recipient's email address and delivery timestamp. Can reveal the actual delivery address even for aliased accounts.

AWS SES

Headers added by Amazon Simple Email Service (SES).

Added by Amazon SES to outbound messages, including the sending IP address. Identifies the message as sent through Amazon's email service.
The unique identifier Amazon SES assigns to each email it sends. Essential for tracking delivery, bounces, and complaints in AWS.
Specifies the Amazon SES configuration set used for sending. Controls which event destinations apply to the message.
Custom tags attached to an Amazon SES message for categorization and event tracking.
An Amazon SES receipt confirmation token. Confirms that SES accepted the message for delivery.
An additional DKIM signature added by Amazon SES using their own signing domain.

SendGrid

Headers added by SendGrid and Twilio Email.

X-SG-EIDSendGrid
A SendGrid internal tracking identifier for click and open tracking analytics.
X-SG-IDSendGrid
A SendGrid internal identifier for message tracking within their platform.
X-SMTPAPISendGrid
A JSON-encoded header to pass advanced instructions to SendGrid's API (categories, filters, scheduling, etc.).

Mailgun

Headers added by the Mailgun email service.

A tag applied to a Mailgun message for categorization and analytics.
Custom JSON data attached to a Mailgun message. Included in webhook event payloads.
Controls whether Mailgun enables open and click tracking for the message.
Specifies which dedicated IP address Mailgun should use to send the message.

Postmark

Headers added by the Postmark email service.

The unique message identifier assigned by Postmark for tracking delivery and viewing details in their dashboard.
X-PM-TagPostmark
A tag applied to a Postmark message for categorization and analytics.
Specifies which Postmark message stream (transactional or broadcast) the message belongs to.

Mailchimp

Headers added by Mailchimp and Mandrill.

X-MC-MetadataMailchimp
Custom metadata attached to a Mandrill/Mailchimp Transactional message as a JSON object.
X-MC-TagsMailchimp
Tags for categorizing messages in Mandrill/Mailchimp Transactional.

Mailjet

Headers added by the Mailjet email service.

A custom identifier for tracking a specific Mailjet message. Appears in event webhooks.
Custom payload data attached to a Mailjet message. Included in webhook event callbacks.

OVH

Headers added by OVH hosting and the Vade Retro anti-spam engine.

The reason code for OVH's spam classification. OVH is a major European hosting and email provider.
The spam score assigned by OVH's email filtering system.
Encoded spam cause information from OVH's Vade Retro anti-spam engine.
The spam score from OVH's Vade Retro anti-spam engine.

Authentication

Sender Info

Message Route

All Headers 0 headers

Check Your DMARC Setup

See if your domain's DMARC record is properly configured. Our free generator walks you through it step by step.

Open DMARC Generator

Analyze DMARC Reports

Upload your DMARC aggregate report XML files to see which sources are authenticated and which might be spoofing your domain.

Open DMARC Analyzer
Need help with email deliverability?

We help businesses fix their email infrastructure so every message lands in the inbox.

📧

Get My List Cleaned

Expert list hygiene and deliverability audit. We read your data the way experience taught us.

Get Started
🚨

SOS Hotline

Emails suddenly landing in spam? Blacklisted? We're here to help you diagnose and fix it.

Get Help Now
📞

Book a Free Call

Not sure where to start? Talk to us about your setup and we'll point you in the right direction.

Book Now

Your headers are analyzed entirely in your browser. Nothing is uploaded to our servers.
Learn more about email authentication in the Email Almanac.