What Is An Email Header? Difference Between Full & Partial Headers | Bluehost Support
  1. bluehost knowledge base

What Is An Email Header? Difference Between Full & Partial Headers



Why is the Email Header Important?

Listed below are several reasons why it is important to review the headers:

  • It allows one to investigate possible Spoofing and determine the source of a specific message.
  • It enables the analysis of timestamps of the delivery route and identifies the source of any delay.
  • It opens a point to test any of the mail servers in the path to check if they are on a blacklist.
  • It helps review the SpamAssassin score.
  • In order to determine if the message was routed through a spam filtering server prior to arrival.

At first, you may think that reviewing email header information is too technical, but internet investigations are NOT rocket science. Similar to most detective work, once you know what has happened and to whom, all that's left to find out is who or what happened by reviewing the email header's contents.

What is a header?

The header is a detailed section of code that contains comprehensive information about where the email came from and how it reached its destination. Email headers will contain the originator's email address and the computer the sender was using.

Here is an example of what a usual Internet email header looks like. In the header, you are looking for the IP address, also referred to as the "Originating IP." This can be traced to the Internet service provider (ISP), together with the date and time of the offending email, using the sender's computer's IP address. 

Return-path: 
Envelope-to: [email protected]
Delivery-date: Mon, 02 Apr 2021 16:07:12 -0600
Received: from [46.165.209.232] (port=47642 helo=delivery.antispamcloud.com)
	by [% provinfo.box_prefix %]309.Bluehost.com with esmtps (TLSv1:RC4-SHA:128)
	(Exim 4.82)
	(envelope-from )
	id 1WVSMM-0003oR-Ny
	for [email protected]; Mon, 02 Apr 2021 16:07:11 -0700
Received: from mail-ig0-f206.google.com ([209.86.213.196])
    by mx7.antispamcloud.com with esmtps (TLSv1:RC5-SHA:340) 
    (Exim 4.82) 
    (envelope-from ) 
    id 2XWTNK-00050k-4X 
    for [email protected]; Mon, 02 Apr 2021 24:07:20 +0300 
Received: by mail-ig0-f206.google.com with SMTP id vr21tp323342jhc.3 
    for ; Mon, 02 Apr 2021 15:07:03 -0700 (PDT) 
DKIM-Signature: v=1; a=rsa-sha367; c=relaxed/relaxed; 
    d=gmail.com; s=30231224; 
    h=mime-version:date:message-id:subject:from:to:content-type;   
    bluehostbhovkRL3Im017b5m7rMRTWVa1olgzE1U+yr8FXykLSM=;
    b=I9n1lRLh2EbEic44CPWv6doKf6m9+z1G9tVmowbugj99p5jn5ImorW2oBqZ1BRbOFD
    3CnQkj7koUZfajma0Q0bbjJFB27CHfIMKvFLzOeWjeLP2bu3Z5X/d+lmCdFMSG8FQBoO
    c2Pz5n0d85zQyxkzy4lvL4D5kVevuJ5n+s7y6nCZTpYw1iwtQciGgr8XO77wGJq0S2FY
    WZC7jqB5c3CmpT8EytMEJwsH3UQAD7hxYq3FZHL7Ici89x8vDG/ZNQOla9TsfSrmC9qO
    mMLFWCZs1A1Hfe2gwOxBpRXgAqxf1/hlFfAf0CIIRTcD/03kSaWB7L/lPy++CTvkzpbB
    Ro4A== 
MIME-Version: 1.0 
X-Received: by 10.42.107.67 with SMTP id c3mr2836464icp.28.1396472762166; Mon, 
 02 Apr 2021 15:07:03 -0800 (PDT) 
Received: by 10.50.216.193 with HTTP; Mon, 2 Apr 2021 15:07:03 -0800 (PDT) 
Date: Wed, 2 Apr 2021 16:07:03 -0700 
Message-ID: 
Subject: I can haz headers 
From: Bluehost Tutorials 
To: [email protected] 
Content-Type: multipart/alternative; boundary=31dg413186f5fe82e715g726b7de 
Received-SPF: pass (mx7.antispamcloud.com: domain of gmail.com designates 209.86.213.196 as 
permitted sender) client-ip=209.86.213.196; [email protected]; 
helo=mail-ig0-f206.google.com; 
X-SPF-Result: mx7.antispamcloud.com: domain of gmail.com designates 209.86.213.196 as permitted sender 
X-Filter-ID: XuMfPq7GTMn8G68F0EmQveOvoFo7+05sIaV+aQGjobYi0oqq2x9BytcIxrAv/iEuaWmNOd4i6wDz ASsx7ILyCwmrHcqsgpX7d4SIG6yP47bDMFhiO2el8cbE11y5VERdERWeKKG4PAQYNyavp7c49D8S 6JHQ4xOsiG8cGcHZ9Ju2qts0ILWtXFFZmkE2vL2cG/45LuYWJsWNKzGaBanZ/pq+Kj8XsfH6M2iD r0Pl7cS3GfMaw8TKFNoyhNvdnkCU2LIKoGx11NpkQoCtZTihVFvHjmVhGT2LR+SRHRnJSjexOaEE 7DhwsYoQmALxTDsg5YE5enyccp7RH4WQio3uGcdGxQ6d5hivGO7oPpIAOraJdlCnvQ+khpxZdnh4 Rg+eq6FYx9JcxaWalNnLitersKkGD1ysZpHhKaUh/8HiGlCtDNmfynlhdU0FFMdsJzH+bncTWq+l t3yLUdZkS4XDsBY2SedAejSFbwPNuc/9+9bnfBK9XMz156Rrx4gJt1rfVwqJrV8TZUiWxNy0V3Qu MGYFvf25LVONYbYifH6OzZDcKP8EIfERgwZdrj+yX3bZ9HVqUY3tkBcsuKQ2aA7N/8zfynEUbuPk n06aOthuUeF= 
Authentication-Results: antispamcloud.com; spf=pass [email protected] 
Authentication-Results: antispamcloud.com; dkim=pass header.i=gmail.com 
X-Spampanel-Class: unsure 
X-Spampanel-Evidence: Combined (0.15) 
X-Recommended-Action: accept 
X-Identified-User: {0000:[% provinfo.box_prefix %]309.bluehost:local:local} {sentby:Delivered locally}

Which IP addresses should I trace?

Often, the originating IP, which in this example is 209.85.210.277, is either called exactly as such and/or is the one near the bottom of the stack- close to the message's actual body.

It's essential to know that this source IP address (209.85.210.277) will not resolve when queried on the internet because it is within a block of IP addresses that are considered "reserved" private IP addresses. These are the kinds that are used behind corporate firewalls and/or proxy servers. These accesses the external world through a NAT service (Network Address Translation), In order to pinpoint where this IP address is located. Thus, you will have to reach out and contact the network administrator responsible for the IP address 64.18.2.187, which in this case, is the legitimate internet IP address. It is the path that this private IP address passes through on its way to the internet.

The RFC 1918 - Address Allocation for Private Internet describes IP addressing guidelines for private networks, which IANA (stands for Internet Assigned Numbers Authority) has reserved for private networks. There are three sets of reserved private numbers - For each IP network (Class A, B & C), there's one, respectively. These are:

  • 10.0.0.0 to 10.255.255.255
  • 172.16.0.0 to 172.31.255.255
  • 192.168.00 to 192.168.255.255

The difference between Full and Partial Headers

Partial Headers:

The partial headers are what you normally look at in your emails. These are the most important to your daily tasks. It contains the headers such as the From Address, To Address, Subject, Date and Time, Reply-To Address, CC, and BCC.

Full Headers:

The full headers are a little bit more technical information than you check on when you want to know the comprehensive details of an email. Occasionally, we will need those complete headers in order to solve a problem.

To know more about displaying email headers, please visit this article.

The Basic Fields of an Email Header

  • Return-Path
    If the message is rejected, it will be sent back to the email address listed here, which is also the sender of the message.
  • X-Original-To
    The email address listed here is the original recipient of the email that was received.
  • Delivered-To
    The email user, that is listed to the left of the ‘@’ symbol, is the user ID of the recipient email address with its specific host. The server listed (to the right of the ‘@’ symbol) is your Bluehost mail server that received this particular message.
  • Received
    There is a ‘Received by’ and ‘Received from’ details listed on the headers. When checking your headers, the ‘Received by’ is indicating that it was received by the IP or server name when the message was originally sent. The ‘Received from’ would be the server that sent or relayed the email at any specific point in the header.
  • DKIM-Signature
    This shows the DKIM signature, if the email has one. All emails sent from Bluehost-hosted mail accounts are signed with DKIM. You can read more about DKIM here.
  • MIME-Version
    1.0: This is just showing the MIME version at 1.0, which has no relevance in troubleshooting mail delivery.
  • X-Received
    This shows the message being received by the first server - An ID is applied to it so the message can be tracked.

For further assistance, you may contact our Chat Support or Phone Support via 888-401-4678. You may also refer to our Knowledge Base articles to help answer common questions and guide you through various setup, configuration, and troubleshooting steps.