Email headers are lines of code that provide information about an email message, such as the sender, recipient, subject, and date of the message. Headers are used to route emails from the sender to the recipient and can contain a variety of information about the email's journey.
Headers are typically hidden from the user by default but can be accessed by viewing the raw source code of the email.
This article describes how to read message headers for Thexyz Email. See Displaying and Hiding the Full Header for detailed information on viewing email headers.
Log in to your mailbox at webmail.thexyz.com
Select the message for which you want to view the headers.
In the message preview pane toolbar, click More, and then select View Full Header.
Looking at an Email Header
The email header will show some important characteristics, including perhaps the most important part of an email - this is the KEY:VALUE pairs contained in the header. Looking at the below image, you can tell some of the KEY:VALUE pairs used.
Now you have successfully viewed the message headers in Thexyz Email, you can analyze them by referencing the below.
Understanding email headers
The following header is an example of a spoofed message. If you suspect that you have received a spoofing email, see What is email spoofing? for more information.
Delivered-To: firstname.lastname@example.org<br> Return-Path: <email@example.com><br> Delivered-To: firstname.lastname@example.org<br> Received: from sapps.net ([000.00.00.0]) by sapps.net (Dovecot) with LMTP id asdkasdfiwlefj for <email@example.com>; Tue, 11 Oct 2020 13:32:15 -0400 Received: from proxy.net ([000.00.00.0]) by sapps.net; Tue, 11 Oct 2020 13:32:15 -0400 Received: from smtp (000.00.00.0) by apps.net; Tue, 11 Oct 2020 13:32:15 -0400 Return-Path: <firstname.lastname@example.org> X-Originating-Ip: [00.000.000.00] Received: from [000.00.00.0] ([000.00.00.0] server.com) by apps.net; Tue, 11 Oct 2020 14:52:40 -0400 Received: from server.com (localhost [000.00.00.0]) by server.com for <email@example.com>; Tue, 11 Oct 2020 14:52:40 -0400 (EDT) Received: from apps.net (sapps.net [000.00.00.0]) by server.com (SMTP Server) for <firstname.lastname@example.org>; Tue, 11 Oct 2020 14:52:40 -0400 (EDT) X-Sender-Id: email@example.com Received: from (apps.net [000.00.00.0]) by 0.0.0.0:00; Tue, 11 Oct 2020 14:52:40 -0400 Received: from exampledomain.com (localhost.localdomain [000.00.00.0]) by apps.net (Postfix) with for <firstname.lastname@example.org>; Tue, 11 Oct 2020 14:52:40 -0400 (EDT) Received: by webmail.thexyz.com (Authenticated sender: email@example.com, from: firstname.lastname@example.org) with HTTP; Tue, 11 Oct 2020 14:52:40 -0400 (EDT) Date: Tue, 11 Oct 2020 14:52:40 -0400 (EDT) Subject: Send $$$ From: "Assistant" <email@example.com> To: firstname.lastname@example.org Reply-To: email@example.com Message-ID: <firstname.lastname@example.org>
- From: Displays the message sender. Spammers can easily fake sender addresses. See What is email spoofing? for guidance on detecting phishing emails.
- Subject: The topic of the message as indicated by the sender.
- Date: The date and time when the email message was composed.
- To: Displays the addresses listed in the To: and CC: fields. Headers do not show any addresses that were included in the BCC: field, as these addresses were intended to remain private.
- Received: Displays a sequential list of computer and servers that received this message, the time they received this message, and the final destination of the message. Received appear many times in a message header and should be read from bottom to top, as the first recipient is at the bottom of the header.
- Reply-To: Determines which email address is auto-populated when you click the reply button to reply to an email in your email client. Spammers can easily fake reply-to addresses. See What is email spoofing? for guidance on detecting fraud email.
- Return-Path: Like the Reply-To: address, this is where return mail is sent. Spammers can easily fake a return path. See What is email spoofing? for guidance on detecting fraud email.
- Message-ID A unique identifier assigned to a message. The Message-ID is useful for diagnosing a duplicate email issue. If you compare the Message-ID for multiple emails, and the IDs match, you know those messages are duplicates.
- X-Originating-Ip: The IP address of the computer that sent the message. While this is slightly more difficult to fake, it is still possible. The originating IP address is typically the most reliable information about where the message actually came from. See What is email spoofing? for guidance on detecting fraudulent emails.