What is an email header?
When you create and send an email it has two parts: the email header and the email body. The email header contains special information (including at least sender's and recipients email addresses, the local time and date when the email was written) that allows to deliver the email and track down its origin. The body of your email contains your message and attachements if you attach any files to your email. Attachments are separate files (pictures, applications, audios, videos, documents) that should be added to the original email message and then sent along with it as a regular email message only allows the transmission of simple text characters.
What information can be parsed from email headers
Each email header consists of fields which have names and values. The email header always includes the From, To and Date fields that show the email address, and optionally the name of the sender, the email address(es), and optionally name(s) of the recipient(s), and when the email was composed.
The header can additionally contain Subject, Cc, Reply-To, Received, X-Mailer, References, Message-ID, In-Reply-To, MIME-Version, Content-Type, DKIM-Signature, Thread-Index, Content-Language, DomainKey-Signature and other fields which are not mandatory and which can be added by sender's or recipient's email client and/or email server. Normally email headers are not fully visible to recipients but most email clients provide the "View source" option that allows you to check all fields in the email header.
Initially the header is generated by your email client when you click Send. It doesn't matter if you use a client-based or web-based email.
While transmitting through the Internet additional information can be added to the header as each new email server adds its own routing information and the date and the time of passing to the top of the header.
How to analyze an email header
Let's look at some header fields to understand email structure and find out what information they may contain.
Received: from [sender's IP address and/or host name] by [receiver's hostname] with [used protocol] for [recipient's email address]; [date][time][time-zone-offset]
Depending on the path the email took from a sender to recipient, the email header may contain from one to several "received" lines.
Return-Path: [sender's email address]
This field is collected by the email server that first picked up the email for sending, and contains the address given to the outgoing email host during authentication.
References: [contains information if the email was sent in reply to your previous email]
Message-ID: [contains a globally unique identifier used to prevent multiple delivery and for reference in In-Reply-To]
While generating a Message-ID many message systems use a time and date stamp, the local host's domain name, etc.
Date: [Mon, 14 May 2012 05:26:12 -0700 (PDT)]
Displays the date and the local time when the email was composed.
From: [sender's name(optionally)] [sender's email address]
In many email clients this information can be changed in the account settings.
Reply-To: [email address for reply]
Subject: [email subject]
To: [recipient's name(optionally)] [recipient's email address]
Multiple recipients are allowed.
In-Reply-To: [original Message-ID]
This field is presented if you reply to someone's email.
Multipurpose Internet Mail Extension is the encoding standard that allows users to send and receive multimedia email attachments.
MIME headers include the version of MIME, the type of the attached file and the encoding method used. It helps the recipient to find the appropriate application that will open and handle the attached file.
Each attachment in the email has its own MIME headers.
MIME headers examples:
Content-Type: [text/plain; charset="us-ascii"; format=flowed]
Content-Disposition: [attachment; filename="picture.jpg"]
Content-Type: [image/jpeg; name="picture.jpg"]
Content-Type: [application/octet-stream; name="file.zip"]
Content-Disposition: [attachment; filename="file.zip"]
Headers starting with 'X-' (X-headers) can be inserted by email clients and/or applications.
Here are examples of some X-headers inserted into emails.
X-Mailer: [email client/program used for sending the email]
X-Mailer: Microsoft Outlook 14.0
X-Mailer: GMX.com Web Mailer
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-Priority: [email priority]
X-MSMail-Priority: [email priority]