People who have been using the internet for a while have probably heard of email headers and most likely know that they’re often used when experts investigate email scams. However, very few actually know what an email header is and what sort of information it carries. The goal of this article is to change this.
What is an email header?
It may not be immediately apparent, but email messages consist of HTML code. The text and the links and images you interact with are locked between the <body> and </body> tags, but there’s more data that often remains invisible to the user.
For example, the code before the opening <body> tag is the header, and it contains a lot of information about who sent the message, when they did it, who the recipient is, and how it got to their inbox.
Part of this information is displayed by virtually every client and browser-based email application. Whenever you receive an email, you can see who it’s from, what the subject is, and, often, when it was sent. This is the so-called partial header.
The full header contains a lot more information that usually isn’t of much interest to the regular user. That’s why email clients tend not to show it by default.
However, this data is vital for the correct deliverability of an email.
What is an email header used for?
What the header looks like and how the information is organized depends on the email service provider. In addition to ensuring that the message gets delivered to the right place, the header can be helpful for:
- Identifying the sender and the recipient
The data in the header can help experts determine whether an email’s sender address has been spoofed. It contains detailed information about the sender and the device they were using, as well as an exact timestamp.
- Preventing spam
Email service providers use email headers to identify and report patterns frequently associated with spam campaigns. This intelligence can be instrumental in updating the spam filters and making them more efficient.
- Tracing the email’s route
Every email goes through mail transfer agents that leave details in the header about the recipient and the origin of the message. All this can be extremely helpful if you’re investigating a spoofing attack or an email deliverability problem.
How can I open an email’s header?
Pretty much every desktop email client lets you view an email’s full header. We’ll now find out how to do it with Thunderbird and Microsoft Outlook – two of the most popular applications of this kind.
By default, in Thunderbird, you only get to see the From, Subject, and To fields.
You can set it to display more details by opening the menu in the top-right corner and going to View > Headers > All.
If it’s enabled, this option tells Thunderbird to display additional information like the delivery date and time, the sender’s user agent, etc.
However, if you want to see the full header, you need to open the menu in the top-right corner and go to View > Message Source (or simply press Ctrl+U). This launches a popup with the message’s entire source code. The header is the snippet before the opening <body> tag.
To view an email’s header in Outlook, double-click on the message to open it in a new window and click File > Properties.
The message’s full header is available in the window that appears.