Introduction:
We can't find (apart from deliverability itself), a more obscure thing than an email header. Besides, we wonder if the famous "Gloubiboulga" recipe was not invented in reference to an e-mail header 😀
I will try in a few lines to decipher this so that you too will be able to read, understand and interpret the precious information found there.
1/ What is an SMTP header?
Definition
More commonly called "header", the header of an e-mail is a grouping of technical information related to the sending of a message (meaning that each message has one and only one SMTP header).
Be careful though, this information is not in the clear in the email, so you'll have to search your mailbox :p
How to find it?
Unfortunately, there are as many ways to find it as there are Webmails.
To help you, here is how to find it on the main Webmails of the market:
- Gmail:
After opening your message, simply click on the small button to the right of the "reply" button, then click on "View original".
- Microsoft:
After opening your message, simply click on the small button to the right of the "reply all" button, and then click on "View message source".
- Yahoo:
After opening the message, just go to "More" and then "View message in plain text" to find the email header.
- Orange:
After opening the message, simply click on the "View full header" link on the right to view the entire header.
- SFR:
After opening the message, just click on "Other actions" and then "View headers" to see the message header.
- The Post:
After opening the message, simply click on "Actions" then "Show original" to discover the header under the Laposte.net Webmail.
- Free :
After opening the message, simply click on "More" and then "View Source".
Visually, what does it look like?
Did you find it? Come on, I'll show you what it looks like in Gmail :
2/ How to read/interpret header information
Finally, what do we find inside?
Since the beginning of the article, I've been talking about headers but without really telling you what you can find inside...
Here is a (non-exhaustive) list of elements contained in a header (beware, this information varies from one Webmail to another), we will take the Gmail header as an example:
- Information related to the delivery of the message
Delivered-to Contains the e-mail address of the recipient who will receive the message.
Received, X-Received Contains the time, the date the message was sent and the time zone used.
Return-Path Contains an e-mail address. This will receive an automatic message if the e-mail cannot be delivered correctly (see e-mail address where bounces are sent)
Received Contains the various technical information between the router's sending server and the ISP/Webmail's mail server (IP used for sending, name of the Google mail server, recipient's e-mail address, time & date of sending, etc.).
- Information related to the authentication of the message
Received-SPF Contains the result of the SPF signature.
Authentication-Results Contains the results of the SPF/DKIM and DMARC signatures.
DKIM-Signature Contains the DKIM signature data.
To understand what SPF, DKIM & DMARC are, I refer you to the excellent articles published by Jonathan: Délivrabilité : SPF, DKIM, DMARC, ... what you need to know about email authentication!
- Information related to the router, the campaign
Date Contains the date, time of sending the message and its time zone.
From Contains the sender address used to send your message.
Reply-to : Contains the reply address given in your message.
Need help?
Reading content isn't everything. The best way is to talk to us.
To Contains the e-mail address of the recipient who will receive the message.
Message-ID Contains the e-mail identification number.
Subject : Contains the subject of your e-mail.
Mime-Version Contains the version of the mail format used (here MIME, the standard format of an email).
Content-Type Contains the type of message sent (here multipart format: html/txt).
X-EMV... : Contains different information about the router (for example : its name, the platform or server used, the id of the campaign or the id of the targeted user).
List-Unsubscribe Contains the information (usually an email address and an unsubscribe link) to unsubscribe from the mailing (this information can be used by a user or by an automatic unsubscribe system of an ISP - for example SFR with Vade Retro Unsubscribe).
List-Id Contains the identification number of your mailing list.
Filtering indication
Some ISPs/Webmails go further in their header by including filtering elements, for example :
- Yahoo:
X-YahooFilteredBulk: 87.253.234.28
=> The mentioned IP delivers in spam (this tag appears when the message is delivered in spam).
- Microsoft:
X-Forefront-Antispam-Report: EFV:NLI;SFV:NSPM;SFS:(78900001);DIR:INB;SFP:;SCL:1;SRVR:DB5EUR03HT121;H:COL004-MC5F35.hotmail.com;FPR:;SPF:None;LANG:fr;
=> Here, the message is declared by the Anti-Spam filtering as unwanted
=> Feel free to read Jonathan's article about the new Microsoft filtering: https://www.badsender.com/2016/09/08/delivrabilite-x-forefront-antispam-report/
- Orange:
X-me-spamlevelmed (or low / high)
=> Your message will be delivered in junk mail
X-me-spamlevel: Not-spam
=> Your message will be delivered to your inbox
Web applications available
Either you are a "Warrior" (or you have a lot of time to waste) and you decipher yourself the different information contained "in raw" in the header, or you use (like me) a web application that will "parse" the information for you in a clear, neat and concise table 🙂
Personally, I use two (free) tools:
- Analyze Headers from MXTOOLBOX:
In addition to clearly organizing your header in a nice table, Mxtoolbox shows you the delivery time of your message to your recipient.
- Header Analyzer from Gmail:
Gmail's tool goes straight to the point and only files the information deemed important, the rest being displayed "in raw" by clicking on "Show Raw header".
Detecting a problem
Thanks to your SMTP headers, you can finally see quite quickly where a problem lies.
- Delivery time
The two header analysis tools can point you to delays in delivery:
- Problem related to the router's sending server (delay between the departure date and the delivery date)
- Reputation problem at the ISP/Webmail (messages are waiting or delayed)
- Filtering information
Even if the filtering information is limited, you already have a clue as to which technical indicator has a problem (e.g. an IP) or what type of filtering is applied by the ISP/Webmail's anti-spam filter.
Conclusion:
To conclude, you no longer have any reason to panic in front of your screen when you receive a late or spam email, just look at your headers and see where the problem lies.
If you have any doubts or questions, as always, we're here to help 😉
7 réponses
Thank you for this very accurate article.
Question: What is the X-binding information?
Thank you
it "works
Thanks for this super clear analysis of the message header.
I take this opportunity to ask a question: Is it normal that there is a different value between 'Delivered To' and 'To'? For some time I receive messages (Free mail) with my address in 'Delivered To' and another one that has nothing to do with 'To'. The body of these messages are not intended for me, and I don't know what to think about it.
Sincerely,
P. ROUGERIE
Hello Patrick,
In itself this is not problematic from a purely technical point of view. For example, when you send emails with hidden copies, but no one in "To:" this is a normal behavior.
After that, it can be used by some "pirates" (note the quotation marks) to try to fool the world...
See you soon
Hello. Is it possible to have two or more ip addresses in the **received** header?
And in the case where many SMTP servers have been used to relay the message, it is possible to see their addresses appear in the **received** field?
Sincerely.
Didier