Home » How To » How to Read Email Headers for Signs of Spoofing?

How to Read Email Headers for Signs of Spoofing?

Published By Siddharth
Aswin Vijayan
Approved By Aswin Vijayan
Published On May 14th, 2020
Reading Time 5 Minutes Reading

Whenever we receive an email, we typically only pay attention to the email address, subject, and body of the email message. However, there is a lot more to pay attention which can provide a wealth of information. There are lots of additional information in the email header section. A majority of people read email header if someone suspects an email is a spoof or to view the routing information of an email. This blog will help users know what is email header analysis and how to read email headers. Keep reading to know the answers in an elaborated way.


The email header consists of routing information of the email message such as the sender’s address, the receiver’s address, date, Cc, Bcc, and subject. Some header also includes the time-stamps of all the emails. Moreover, this header is attached to each email and it provides the information related to the actual source, hops, and end of the source. Additionally, it contains various other attributes such as Spam Score, Return Path, Public Signature, etc.

Let us know how the email header looks like

How to Read Email Headers

Header in Gmail Email Forensics: In this image, the sender mt.kb.user@gmail.com sends an email to the receiver user@example.com. The sender used gmail.com for sending email and the receiver receives the email in his/her respective email clent. Moreover, it is also providing the information such as DKIM signature, message body, mime version, message-id, etc.


In order to read email headers to check spam, the most common identification is to analyze the metadata of an email header (from, to, date, subject). The MTA (Mail Transfer Agent) is used to facilitate email transfers. Whenever an email is sent through one computer to another computer, it travels through an MTA. Each time when an email travels through MTA, it is stamped with a date, time, and recipient. Moreover, to read the email header you must examine all the metadata of an email header.


  • To get information about the sender and recipient
  • To prevent spam emails
  • To analyze the root of the email message
  • To prevent email spoofing


The email header differs between ESPs (Email Service Providers), so to get the answer for “how to read email headers?” First, you need to find the email header and examine the tags of an email header. All the tags that begin from starting tag <From> of the header to the <body> tag represent the email header. Here is the list of tags that appears in the email header.

  • From: Sender’s name and email address (a hidden IP address is also available).
  • To: In this field, the sender adds a name or email address of the receiver.
  • Date: It shows the date and time of the email when it was written by the sender.
  • Subject: The text entered by the sender in the subject heading before sending it.
  • “Received: It shows the address of the received domain as well as the route details from which the email has been transferred.
  • MIME-Version: In MIME Header Analysis, MIME stands for Multipurpose Internet Mail Extension. It is an internet standard that supports text and non-text attachments like video, images, audios, etc.
  • Message-ID Forensics: The message-ID is used in an email message as a unique identifier. The Message-ID format is generated for a specific email address, thus there is no same Message-ID for two messages.
  • DKIM Signatures: DKIM stands for Domain Keys Identified Mail. It confirms the authenticity of the sender by connecting the domain name with the email. It also helps to know about the spammed and spoofed emails.
  • Content-type: It is used to know whether an email is written as HTML or plain text.
  • X-Spam Status: There is a threshold point (required threshold point is 5.0) where it tells the score of an email called X-spam score. It is required to have an X-spam score for every email. If the score of an email reaches more than the threshold point, then the email is considered spam.
  • Message body:  It consists of the main content of the email; the actual message content is displayed in the message body.


People wants to know “how to read email headers” to prevent inbox from spam emails. Users spend a lot of time to analyze the email messages. Unfortunately, no matter what one does, but somehow malicious emails will always make an entry to the inbox. While some of the emails are directly placed in the spam folder once it is received. Moreover, most of them are easy to recognize just by looking at the content of the email. However, there exist some emails, which are not easily detectable and it consumes a lot of time to recognize such emails.

So, here comes the advanced Email Analysis Software known as MailXaminer. This software is used by numerous users and organizations to analyze emails.  It is induced with advanced features such as link analysis, timeline analysis, powerful search mechanism, entity analysis, etc. This Email Examination Tool can ease your email analysis task and save a lot of time. Furthermore, it supports multiple email client applications such as MS Outlook, Mozilla Thunderbird, Gmail, Yahoo, Hotmail, Netscape, Apple mail, etc.


Email messages do not come without any drawback, it may be vulnerable to spamming, phishing, and other malicious attacks. In order to know where the attack has come from, it is important to examine the email headers.

Therefore, in this blog, we have discussed what is email header analysis and how to read email headers. By analyzing the email header, you won’t be completely blindsided when you receive any malicious email.