What is Email Header Analysis?
Examining the metadata in email headers to trace the path of a message, identify the true sender, and detect spoofing attempts.
Email headers contain a wealth of information about the message's journey from sender to recipient.
What Headers Reveal
- Received: Each server that handled the message (includes IP addresses)
- From/Reply-To: The displayed sender (easily forged)
- Message-ID: Unique identifier generated by the sending server
- X-Originating-IP: Sometimes reveals the sender's real IP
- Authentication-Results: SPF, DKIM, DMARC verification results
- Date: When the message was sent and received at each hop
Privacy Implications
- Your IP address may be included in outgoing email headers
- Webmail services (Gmail, Proton) typically don't include your IP
- Desktop email clients often include your device's IP
- Header information persists even if the email content is encrypted
Viewing Headers
- Gmail: Open message → ⋮ → "Show original"
- Outlook: Open message → File → Properties
- Thunderbird: View → Message Source
Related Terms
Metadata
Data about data. In the context of communications, metadata includes information like who you contacted, when, for how long, and from where—everything except the actual content of your message. Metadata can reveal intimate details about your life even when content is encrypted.
PGP
Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication. It's used for signing, encrypting, and decrypting texts, emails, files, and directories, and is the gold standard for email encryption.
S/MIME
A standard for public key encryption and signing of email messages, supported natively by most email clients.
Have more questions?
Use our guided flow to get the right next privacy step for Email Header Analysis.
Open Guided Flow