User-friendly guide to email headers
With this guide you’ll learn how to analyze email headers.
What are email headers?
Full email headers (or email message source, Internet headers, etc) are raw and unedited records of an email message we all are accustomed to, but which were not yet encoded by the server.
Why do we need them?
Headers contain information about place, time and way the message is sent and transmitted to the recipient’s side. You can use it to find out why and where important message was delayed or rejected, or how unwanted message found its way to your inbox.
How do they look like?
This is how an ordinary message looks in email client:
And this is how its full headers look like:
You can check this guide on how to get email headers in different interfaces.
So, what should they tell me?
In order to understand headers it’s necessary to comprehend the way mail travels from the sender to the recipient. Headers are being attached to the message several times, each time it passes through certain mail host. Headers are being attached to the top of the message, which means that it’s necessary to check them starting from the end in order to trace it’s flow through the mail system.
We will use a diagram to illustrate each part of the system and corresponding headers.
User A (sender) and user B (recipient) are named as Alice and Bob for your convenience:
Once Alice composes and sends the message, her mailing program attaches the first portion of headers. These are located at the bottom part of the full headers output. Here is an explanation of what happens at this stage:
Stage 2 - Alice's message comes to Google mail system and travels through it.
Corresponding headers are attached by each MTA (Mail Transfer Agent):
Stage 3 - Alice’s message is being sent from Google mail servers to Bob’s mail servers. So, mail is delivered to Bob’s mail account. It’s up to him how and when to connect to it and check for new mail:
All of these headers are added by Bob’s mail server, premium8.web-hosting.com:
How can I use mail headers to fight spam?
If Bob has Spam protection software enabled on his mail server, than a spam report is attached to mail headers (you can check this guide to learn how to enable spam protection - SpamAssassin in your cPanel. For Private Email users it is enabled by default).
So, Alice sends a message including few words that draws spam protection software attention:
We are interested in this particular part. Let’s analyze it step by step:
In our example, spam threshold was set to 2, so the message was considered to be spam.
You can set spam threshold in SpamAssassin settings, if you have web hosting account with us. If you are a Private Mail subscription owner, please contact our support team, so we can adjust spam filtering settings for your account.
As an alternative, you can blacklist the sender or send complaint to the registrar of his domain name or to the owner of the IP address.
My message is not delivered. Why?
If a message is not delivered, in most cases bounce-back message should be expected. Bounce-back is an email delivery report, sent by a certain mail server, which was not able to deliver the message further due to specific error. Just like in regular mail, when a letter is being returned to a sender if a post stamp is not applied.
For example, Alice tries to send a message to firstname.lastname@example.org, but makes a typo in the address and the message is being sent to email@example.com instead. Her mail provider contacts Bob’s mail provider to check whether they have somebody with firstname.lastname@example.org address. If there is no such address, it reports that this user is not available - you will see No mailbox by that name or No such user here errors. Alice’s mail provider sends a bounce-back message to her to let her know that it was not possible to send the message and attaches the reply of Bob’s mail provider for her reference.
A message is being rejected with such code on two conditions:
1. A typo is detected in the address > it should be checked.
2. Mail server is being looked up in the wrong place > MX record for destination address should be checked.
If the bounce-back error received is Mailbox full or Quota exceeded it means that destination mail server (Bob’s one) refuses to receive the message, because webspace, dedicated to storing mail for this address is over the limit. In order to fix this error, Bob should either delete some of the messages he has stored on the server or purchase additional space.
If the bounce-back message says Host unknown, Domain Lookup Failed, it means relatively the same as No such user here, but the typo occurs in the domain part of the address: email@example.com instead of firstname.lastname@example.org. In case the domain name is entered in the correct way, something might be wrong with the way how domain name resolved in the DNS system. It can either get expired or something might go wrong on the side of its name server. Support on the destination side should be contacted in such case.
Another group of bounce-back error messages is spam-related messages, IP Blacklisted / Listed in Spam report list or sending failed due to Poor MTA reputation. The error indicates that the IP address of the mail server has been compromised by spammers, hackers, or virus propagators.
If you have private email subscription or shared/reseller hosting account with us, please submit a ticket to our legal and abuse department and attach corresponding bounce-back message to it. Corresponding actions will be taken by us to resolve the issue. If you have User-Responsible VPS or Dedicated server with us you will need to delist your IP addresses with the corresponding organizations on you own.
So email headers are very important part of the mail system and they are essential for the mail issues diagnostics. They help to quickly identify the servers that report the error in the chain and thus fix the issues effectively.
Need any help? Contact our HelpDesk