An email header is the block of metadata that precedes the visible body of every message. While recipients normally see only a few fields like From, To, Subject, and Date, the full header contains dozens of technical lines that describe exactly how the message was created, routed, and authenticated on its way to the inbox.
The most diagnostically valuable lines are the Received headers, which each mail server stamps as the message passes through, building a bottom-to-top trail of its journey. Reading these in reverse chronological order reveals the true path a message took and can expose delays, unexpected relays, or forged origins.
Headers also carry authentication results. Authentication-Results and related lines report whether the message passed SPF, DKIM, and DMARC, while Return-Path shows the envelope sender used for bounces and Message-ID uniquely identifies the message. Together these fields are how you confirm whether a message is genuine or spoofed.
For senders and support teams, parsing headers is a core troubleshooting skill. When a message lands in spam, bounces, or is suspected of spoofing, the headers hold the evidence — authentication outcomes, the sending IP, and the full delivery path — needed to diagnose and fix the problem.