The anatomy of email headers

As defined in RFC 5322, every email is split into two primary segments: the header and the body. The header contains essential metadata required for the transmission, verification, and rendering of the message, while the body contains the actual content intended for the recipient. These segments are strictly separated by a single blank line. For engineers, headers serve as the primary diagnostic tool, providing an interface for programmatically interacting with and validating email traffic.

Standard headers are mandatory or highly conventional fields that dictate basic message properties. These include From (the sender’s address), To (the recipient), Subject, and Date. Additionally, the Message-ID provides a globally unique identifier for the message, while Content-Type specifies the MIME format, such as text/plain or text/html. These fields ensure that mail clients can correctly attribute messages, thread conversations and render multi-part content.

Security and deliverability rely heavily on extended headers that facilitate authentication. For example the DKIM-Signature header contains a cryptographic hash of the message content, ensuring it was not altered in transit. Simultaneously, receiving servers append Authentication-Results headers to summarize whether the message passed SPF, DKIM, and DMARC checks. Engineers also frequently inspect proprietary headers (often prefixed with X-), such as X-Spam-Status or X-Report-Abuse, which include internal metadata provided by mail service providers to explain why a message was filtered or flagged.

A representative example of a technical email header follows:

Delivered-To: [email protected]
Received: from mail-relay.sendstreak.com (mail-relay.sendstreak.com. [192.0.2.1])
        by mx.google.com with ESMTPS id ...
        for <[email protected]>; Wed, 07 Jan 2026 10:00:00 -0800 (PST)
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of [email protected] designates 192.0.2.1 as permitted sender)
       dkim=pass [email protected];
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=sendstreak.com
From: SendStreak Support <[email protected]>
Date: Wed, 07 Jan 2026 18:00:00 +0000
Subject: Your Password Reset Request
Message-ID: <[email protected]>
Content-Type: text/html; charset=UTF-8

An interesting technical fact is that while most headers are generated by the sender or the sender infrastructure, the Received headers are appended by every Mail Transfer Agent (MTA) the email passes through. This creates a chronological audit trail of IP addresses and timestamps, allowing developers to trace the exact routing path of a message across the internet. By analyzing these entries, it is possible to identify exactly where a relay delay occurred or which specific server initiated the transmission.