> ## Documentation Index
> Fetch the complete documentation index at: https://docs.sendkit.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Email Headers

> Learn what email headers are, how to read them, and what they tell you about an email's journey.

## What are email headers?

Every email has two parts: the **headers** and the **body**. The body is the content you see — the message, images, and links. The headers are metadata attached to the email that describe where it came from, how it got to you, and whether it passed authentication checks.

Headers are like a shipping label on a package. The recipient doesn't usually look at them, but they contain all the routing and verification information.

## How to view email headers

### Gmail

1. Open the email
2. Click the three dots menu (top right)
3. Click **Show original**

### Outlook

1. Open the email
2. Click **File** > **Properties**
3. Headers are in the **Internet headers** box

### Apple Mail

1. Open the email
2. Click **View** > **Message** > **All Headers**

## Key headers

### From

The visible sender address. This is what the recipient sees in their inbox.

```
From: SendKit <hello@mail.sendkit.dev>
```

<Note>
  The `From` header can be spoofed — anyone can set it to any address. This is why authentication protocols (SPF, DKIM, DMARC) exist.
</Note>

### To

The recipient's address.

```
To: paulo@acme.com
```

### Subject

The email subject line.

```
Subject: Your API key is ready
```

### Date

When the email was sent.

```
Date: Mon, 14 Mar 2026 10:32:00 -0300
```

### Message-ID

A unique identifier for the email. No two emails should have the same Message-ID.

```
Message-ID: <abc123@mail.sendkit.dev>
```

### Reply-To

The address that receives replies. Can be different from the `From` address.

```
Reply-To: support@acme.com
```

### Return-Path

The envelope sender — where bounce notifications are sent. This is what [SPF](/academy/authentication/spf) checks against (not the `From` header).

```
Return-Path: <bounces@send.acme.com>
```

### Received

The most important header for debugging. Each mail server that handles the email adds a `Received` header. They're read **bottom to top** — the bottom one is the first server, the top one is the last.

```
Received: from send.acme.com (send.acme.com [1.2.3.4])
        by mx.google.com with ESMTPS id abc123
        for <paulo@gmail.com>;
        Mon, 14 Mar 2026 10:32:05 -0300
```

This tells you:

* **from** — the sending server (`send.acme.com`)
* **by** — the receiving server (`mx.google.com`)
* **with ESMTPS** — the connection used TLS encryption
* **for** — the recipient
* **timestamp** — when this hop occurred

### Authentication-Results

Added by the recipient's mail server. Shows the results of SPF, DKIM, and DMARC checks.

```
Authentication-Results: mx.google.com;
       dkim=pass header.d=acme.com header.s=sendkit;
       spf=pass (google.com: domain of bounces@send.acme.com designates 1.2.3.4 as permitted sender);
       dmarc=pass (p=REJECT sp=REJECT) header.from=acme.com
```

This is the header to check when debugging deliverability issues.

### DKIM-Signature

The [DKIM](/academy/authentication/dkim) signature added by the sending server.

```
DKIM-Signature: v=1; a=rsa-sha256; d=acme.com; s=sendkit;
  h=from:to:subject:date;
  bh=abc123...;
  b=xyz789...
```

### List-Unsubscribe

Tells email clients how to let the recipient unsubscribe. Gmail and other providers show an "Unsubscribe" link next to the sender name when this header is present.

```
List-Unsubscribe: <mailto:unsubscribe@acme.com>, <https://acme.com/unsubscribe?id=123>
List-Unsubscribe-Post: List-Unsubscribe=One-Click
```

## Reading headers for debugging

When debugging delivery issues, focus on these headers in order:

### 1. Authentication-Results

Are SPF, DKIM, and DMARC all passing? If any show `fail`, that's likely your problem.

### 2. Received headers

Read bottom to top. Check the timestamps to find delays. If there's a large gap between two `Received` headers, that hop is where the delay occurred.

### 3. X-Spam headers

Some providers add headers indicating spam scoring:

```
X-Spam-Status: No, score=-1.2
X-Spam-Flag: NO
```

A negative score is good. A positive score means the filter found suspicious signals.

### 4. DKIM-Signature

If DKIM is failing, verify the `d=` (domain) and `s=` (selector) values match your DNS record.

## FAQ

<AccordionGroup>
  <Accordion title="Can email headers be faked?">
    Some headers can be set by the sender (`From`, `Reply-To`, `Subject`). But headers added by receiving servers (`Received`, `Authentication-Results`) are trustworthy because they're added after the email is received. This is why authentication checks are important — they verify the headers that the sender controls.
  </Accordion>

  <Accordion title="Why are there multiple Received headers?">
    Each mail server that processes the email adds its own `Received` header. An email typically passes through 2–4 servers: the sending server, possibly an intermediary, and the recipient's server(s). Each hop adds a header.
  </Accordion>

  <Accordion title="What does 'ESMTPS' mean vs 'ESMTP'?">
    **ESMTPS** means the connection used TLS encryption. **ESMTP** means no encryption. In the `Received` header, this tells you whether that hop was encrypted.
  </Accordion>
</AccordionGroup>
