What's the Difference Between Full & Partial Headers?
Learning about email headers helps you spot fake emails, fix email problems, and keep your Inbox clean and safe. By understanding the difference between full and partial headers, you can better manage your emails and protect your information.
We'll guide you through all of these with this article.
- What is an Email Header?
- Basic Fields of an Email Header
- Why are Email Headers Important?
- How to Trace an Email IP Address
- Summary
What is an Email Header?
The header is a detailed section of information code that contains comprehensive information about where the email came from and how it reached its destination. Email headers will contain the originator's email address and the computer the sender was using. Email headers are located in each and every email around the world, any tool you use to send/receive email online browser, outlook email, webmail, email mobile apps, etc.
Full Email Header vs. Partial Email Header
Partial email headers are the most commonly viewed sections in an email and are vital for managing your daily communications. It contains the headers such as the From Address, To Address, Subject, Date and Time, Reply-To Address, CC, and BCC. Understanding partial email headers allows you to quickly evaluate important details of any email and efficiently prioritize your responses.
The full email headers are more technical information that you check when you want to know the comprehensive details of an email. Occasionally, we will need those complete headers to investigate an issue.
To know more about displaying email headers, please visit this article displaying email headers.
How do I find the header of an email? Many different tools are used to send and receive email; you can learn more about how to get email headers in the following article.
Basic Fields of an Email Header
Here are some popular email header definitions to better understand email features.
- Return-Path: If the message is rejected, it will be sent back to the email address listed here, which is also the sender of the message.
- X-Original-To: The email address listed here is the original recipient of the email that was received.
- Delivered-To: The email user that is listed to the left of the ‘@’ symbol is the user ID of the recipient email address with its specific host. The server listed (to the right of the ‘@’ symbol) is your Bluehost mail server that received this particular message.
- Received: The ‘Received by’ and ‘Received from’ details are listed in the headers. When checking your headers, the ‘Received by’ indicates that it was received by the IP or server name when the message was originally sent. The ‘Received from’ would be the server that sent or relayed the email at any specific point in the header.
- DKIM-Signature: This shows the DKIM signature if the email has one. All emails sent from Bluehost-hosted mail accounts are signed with DKIM. You can read more about DKIM in our blog.
- MIME-Version: 1.0: This shows the MIME version at 1.0, which is irrelevant to troubleshooting mail delivery.
- X-Received: This shows the message being received by the first server - An ID is applied to it so the message can be tracked.
Email Header Example
What does an email header look like? Below is an example of an email header structure and what a usual Internet Email Header looks like. In the header section, you are looking for the IP address, also referred to as the "Originating IP." This can be traced to the Internet service provider (ISP), together with the date and time of the offending email, using the sender's computer's IP address.
Return-path:
Envelope-to: [email protected]
Delivery-date: Mon, 02 Apr 2021 16:07:12 -0600
Received: from [46.165.209.232] (port=47642 helo=delivery.antispamcloud.com)
by [% provinfo.box_prefix %]309.Bluehost.com with esmtps (TLSv1:RC4-SHA:128)
(Exim 4.82)
(envelope-from )
id 1WVSMM-0003oR-Ny
for [email protected]; Mon, 02 Apr 2021 16:07:11 -0700
Received: from mail-ig0-f206.google.com ([209.86.213.196])
by mx7.antispamcloud.com with esmtps (TLSv1:RC5-SHA:340)
(Exim 4.82)
(envelope-from )
id 2XWTNK-00050k-4X
for [email protected]; Mon, 02 Apr 2021 24:07:20 +0300
Received: by mail-ig0-f206.google.com with SMTP id vr21tp323342jhc.3
for ; Mon, 02 Apr 2021 15:07:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha367; c=relaxed/relaxed;
d=gmail.com; s=30231224;
h=mime-version:date:message-id:subject:from:to:content-type;
bluehostbhovkRL3Im017b5m7rMRTWVa1olgzE1U+yr8FXykLSM=;
b=I9n1lRLh2EbEic44CPWv6doKf6m9+z1G9tVmowbugj99p5jn5ImorW2oBqZ1BRbOFD
3CnQkj7koUZfajma0Q0bbjJFB27CHfIMKvFLzOeWjeLP2bu3Z5X/d+lmCdFMSG8FQBoO
c2Pz5n0d85zQyxkzy4lvL4D5kVevuJ5n+s7y6nCZTpYw1iwtQciGgr8XO77wGJq0S2FY
WZC7jqB5c3CmpT8EytMEJwsH3UQAD7hxYq3FZHL7Ici89x8vDG/ZNQOla9TsfSrmC9qO
mMLFWCZs1A1Hfe2gwOxBpRXgAqxf1/hlFfAf0CIIRTcD/03kSaWB7L/lPy++CTvkzpbB
Ro4A==
MIME-Version: 1.0
X-Received: by 10.42.107.67 with SMTP id c3mr2836464icp.28.1396472762166; Mon,
02 Apr 2021 15:07:03 -0800 (PDT)
Received: by 10.50.216.193 with HTTP; Mon, 2 Apr 2021 15:07:03 -0800 (PDT)
Date: Wed, 2 Apr 2021 16:07:03 -0700
Message-ID:
Subject: I can haz headers
From: Bluehost Tutorials
To: [email protected]
Content-Type: multipart/alternative; boundary=31dg413186f5fe82e715g726b7de
Received-SPF: pass (mx7.antispamcloud.com: domain of gmail.com designates 209.86.213.196 as
permitted sender) client-ip=209.86.213.196; [email protected];
helo=mail-ig0-f206.google.com;
X-SPF-Result: mx7.antispamcloud.com: domain of gmail.com designates 209.86.213.196 as permitted sender
X-Filter-ID: XuMfPq7GTMn8G68F0EmQveOvoFo7+05sIaV+aQGjobYi0oqq2x9BytcIxrAv/iEuaWmNOd4i6wDz ASsx7ILyCwmrHcqsgpX7d4SIG6yP47bDMFhiO2el8cbE11y5VERdERWeKKG4PAQYNyavp7c49D8S 6JHQ4xOsiG8cGcHZ9Ju2qts0ILWtXFFZmkE2vL2cG/45LuYWJsWNKzGaBanZ/pq+Kj8XsfH6M2iD r0Pl7cS3GfMaw8TKFNoyhNvdnkCU2LIKoGx11NpkQoCtZTihVFvHjmVhGT2LR+SRHRnJSjexOaEE 7DhwsYoQmALxTDsg5YE5enyccp7RH4WQio3uGcdGxQ6d5hivGO7oPpIAOraJdlCnvQ+khpxZdnh4 Rg+eq6FYx9JcxaWalNnLitersKkGD1ysZpHhKaUh/8HiGlCtDNmfynlhdU0FFMdsJzH+bncTWq+l t3yLUdZkS4XDsBY2SedAejSFbwPNuc/9+9bnfBK9XMz156Rrx4gJt1rfVwqJrV8TZUiWxNy0V3Qu MGYFvf25LVONYbYifH6OzZDcKP8EIfERgwZdrj+yX3bZ9HVqUY3tkBcsuKQ2aA7N/8zfynEUbuPk n06aOthuUeF=
Authentication-Results: antispamcloud.com; spf=pass [email protected]
Authentication-Results: antispamcloud.com; dkim=pass header.i=gmail.com
X-Spampanel-Class: unsure
X-Spampanel-Evidence: Combined (0.15)
X-Recommended-Action: accept
X-Identified-User: {0000:[% provinfo.box_prefix %]309.bluehost:local:local} {sentby:Delivered locally}
The originating IP address, which in the example above is 209.85.210.277, is either called exactly as such and/or is the one near the bottom of the stack- close to the message's actual body.
It's essential to know that this source IP address (209.85.210.277) will not resolve when queried on the internet because it is within a block of IP addresses that are considered "reserved" private IP addresses. These are the kinds used behind corporate firewalls and/or proxy servers. This accesses the external world through a NAT service (Network Address Translation). In order to pinpoint where this IP address is located, you will have to reach out and contact the network administrator responsible for the IP address 64.18.2.187, which, in this case, is the legitimate internet IP address. It is the path that this private IP address passes through on its way to the internet.
The RFC 1918 - Address Allocation for Private Internet describes IP addressing guidelines for private networks, which IANA (stands for Internet Assigned Numbers Authority) has reserved for private networks. There are three sets of reserved private numbers - For each IP network (Class A, B & C), there's one, respectively. These are:
- 10.0.0.0 to 10.255.255.255
- 172.16.0.0 to 172.31.255.255
- 192.168.00 to 192.168.255.255
Why are Email Headers Important?
Listed below are several reasons why it is important to review the headers:
- It allows one to investigate possible spoofing and determine the source of a specific message.
- It enables the analysis of timestamps of the delivery route and identifies the source of any delay.
- It opens a point to test any of the mail servers in the path to check if they are on a blacklist.
- It helps review the SpamAssassin score.
- It determines whether the message was routed through a spam filtering server prior to arrival.
At first, you may think that reviewing email header information is too technical, but internet investigations are NOT rocket science. Like most detective work, once you know what has happened and to whom, all that's left is to find out what happened by reviewing the email header's contents.
How to Trace an Email IP Address
If you need to analyze your emails further, tracing the IP address can provide valuable insight into the email's origin, authenticity, and whether it's legitimate or "potentially" harmful. Tracing an IP address can help identify the sender's location, diagnose email delivery issues, or detect spoofing and/or phishing attempts.
Here are the general steps on how to trace an email IP address.
- Get the full email header. Depending on your email application, the steps to get your email header may vary.
- In your email headers, look for the sender's IP address, which is found in the Received line and typically found at the top of the header. This shows the path the email took to reach your Inbox.
Example: Received: from [123.45.67.890] (example.com [123.45.67.890])
You may find some emails with multiple "Received" lines. This is due to the email passing through multiple servers. The first "Received" line usually contains information regarding the original sender's IP address. - Once you have the IP address, use an email analyzer tool, such as DNS Checker | Email Header Analyzer, or an IP lookup tool to trace it. There are several IP lookup tools available online.
These IP lookup tools will provide details such as:
- Location (City, Country)
- ISP (Internet Service Provider) or hosting provider
- Domain information
- After tracing the email IP address, you may need to take action based on your findings, especially those "red flags."
What to do with the gathered information?
- Check if the location aligns with the sender's claimed location. If you think there's a discrepancy, treat it as a red flag.
- If the IP is associated with suspicious providers or VPN services, that email may be from a malicious source.
- Some online IP lookup tools will tell you that the IP address is included on any blacklist, usually common for spammers or malicious hosts/servers.
What actions should you take?
- If the email is suspicious, flag the email as spam or phishing and report it to your email provider.
- If the email is legitimate, but there are some delivery issues, contact your email service provider to resolve email routing problems.
- If the email poses a security threat, you may need to block the IP address or take further steps to protect your network. For further assistance, you may want to contact your email service provider or IT department.
Summary
You can view your email header information inside your email inbox to review where an email comes from and how it reached its destination. The process involves understanding a header, how to find your email header, and how to read and understand the basic fields of an email header. Additionally, it provides a step-by-step guide on tracing email IP addresses to verify the sender's location and identify potential threats. By following the information presented, readers can learn to use email wisely and protect themselves from online risks.
Take a look at these fantastic email resources, including a guide with tips to improve your email techniques in our blog:
- Business Fundamentals: How To Create a Professional-Looking Email
- How to Start Email Marketing: Step-by-Step Guide
If you need further assistance, feel free to contact us via Chat or Phone:
- Chat Support - While on our website, you should see a CHAT bubble in the bottom right-hand corner of the page. Click anywhere on the bubble to begin a chat session.
- Phone Support -
- US: 888-401-4678
- International: +1 801-765-9400
You may also refer to our Knowledge Base articles to help answer common questions and guide you through various setup, configuration, and troubleshooting steps.