1. bluehost knowledge base

What Is An Email Header? Difference Between Full & Partial Headers

What is the value of the Internet Email Header?

Here are a few reasons it may be necessary to review the headers:

  • Investigate possible Spoofing and determine the source of the message.
  • Analyze timestamps along the delivery route and identify the source of any delay.
  • Test any of the mail servers in the path to see if they are on a blacklist.
  • Review the SpamAssassin score.
  • Determine if the message was routed through a spam filtering server prior to arrival.

While you may think reviewing email header information is too technical, Internet investigations are NOT rocket science. As with most detective work, you know what has happened and to whom. All you need to do now is find out who or what happened by reviewing the email header's contents.

What is a header?

The header is a section of code that contains information about where the email came from and how the message reached its destination. Headers will contain the originator's email address and/or the computer the perpetrator/sender was using.

Here is what the typical Internet email header looks like. In the header, you are looking for the IP address, sometimes conveniently identified as the "Originating IP." We can trace to the Internet service provider (ISP) with the date and time of the offending email using the sender's computer's IP address. The IP addresses in the example below are shown in bold font.

Envelope-to: [email protected]
Delivery-date: Wed, 02 Apr 2014 15:06:11 -0600
Received: from [] (port=36531 helo=delivery.antispamcloud.com)
	by [% provinfo.box_prefix %]309.Bluehost.com with esmtps (TLSv1:RC4-SHA:128)
	(Exim 4.82)
	(envelope-from )
	id 1WVSMM-0003oR-Ny
	for [email protected]; Wed, 02 Apr 2014 15:06:10 -0600
Received: from mail-ig0-f195.google.com ([])
	by mx7.antispamcloud.com with esmtps (TLSv1:RC4-SHA:128)
	(Exim 4.82)
	(envelope-from )
	id 1WVSMJ-00049k-3X
	for [email protected]; Wed, 02 Apr 2014 23:06:10 +0200
Received: by mail-ig0-f195.google.com with SMTP id uq10so212231igb.2
        for ; Wed, 02 Apr 2014 14:06:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
MIME-Version: 1.0
X-Received: by with SMTP id c3mr2836464icp.28.1396472762166; Wed,
 02 Apr 2014 14:06:02 -0700 (PDT)
Received: by with HTTP; Wed, 2 Apr 2014 14:06:02 -0700 (PDT)
Date: Wed, 2 Apr 2014 15:06:02 -0600
Subject: I can haz headers
From: Bluehost Tutorials
To: [email protected]
Content-Type: multipart/alternative; boundary=20cf302075e4ed71d604f615a6cd
Received-SPF: pass (mx7.antispamcloud.com: domain of gmail.com designates as permitted sender) client-ip=; [email protected]; helo=mail-ig0-f195.google.com;
X-SPF-Result: mx7.antispamcloud.com: domain of gmail.com designates as permitted sender
X-Filter-ID: XtLePq6GTMn8G68F0EmQveOvoFo7+04sHaU+aQGjobYi0opp2x9AytcIxrAv/iEuaWmMHd4i6wCz
Authentication-Results: antispamcloud.com; spf=pass [email protected]
Authentication-Results: antispamcloud.com; dkim=pass header.i=gmail.com
X-Spampanel-Class: unsure
X-Spampanel-Evidence: Combined (0.15)
X-Recommended-Action: accept
X-Identified-User: {0000:[% provinfo.box_prefix %]309.Bluehost.com:local:local} {sentby:Delivered locally}

Which of the IP addresses above should you trace?

Usually, the originating IP (in this case, is either called that and/or is closer to the bottom of the stack, nearer to the message's actual body.

It is important to note that this source IP address ( will not resolve on the Internet as it is within a block of IP addresses that are "reserved" private IP addresses. They are used behind corporate firewalls and proxy servers. They access the outside world through a NAT service, which stands for Network Address Translation. To find where this IP address is located, you will have to contact the network administrator responsible for the IP address, which is a legitimate internet IP address and through which this private IP address passes on its way to the internet.

RFC 1918 describes IP addressing guidelines for private networks and for which IANA (Internet Assigned Numbers Authority) has reserved for private networks. There are three sets of reserved private numbers, one respectively for each IP network Class A, B & C. They are:

  • to
  • to
  • 192.168.00 to

The difference between Full and Partial Headers

Partial Headers:

This is what you normally look at in your emails. The partial headers are the most important to your daily tasks. Such headers are the From Address, To Address, Subject, Date and Time, Reply-To Address, CC, and BCC.

Full Headers:

The full headers are simply more technical information than you normally see when you check your email. Sometimes we need those extra headers to solve a problem.

For further assistance, you may contact our Chat Support or Phone Support via 888-401-4678. You may also refer to our Knowledge Base articles to help answer common questions and guide you through various setup, configuration, and troubleshooting steps.