Email Header Analysis: How to Read and Diagnose Delivery Issues

Troubleshooting

Email headers contain a wealth of diagnostic information that most people never see. When troubleshooting deliverability issues, headers reveal exactly what happened to your message—which servers handled it, whether authentication passed, and why it might have been marked as spam.

What Are Email Headers?

Email headers are metadata attached to every email message. They contain technical information about:

• Message routing — Every server that handled the message
• Authentication results — Whether SPF, DKIM, and DMARC passed
• Timestamps — When each server received the message
• Sender information — Both the envelope sender and display address

How to View Email Headers

Gmail

1. Open the email
2. Click the three dots menu (⋮)
3. Select "Show original"

Outlook

1. Open the email
2. Click File → Properties
3. View the "Internet headers" section

Apple Mail

1. Open the email
2. View → Message → All Headers

Yahoo Mail

1. Open the email
2. Click the three dots menu
3. Select "View raw message"

Key Headers to Analyze

Authentication-Results

This header shows how the receiving server evaluated your authentication:

Authentication-Results: mx.google.com;
       dkim=pass header.i=@example.com header.s=selector1;
       spf=pass (google.com: domain of sender@example.com designates 192.0.2.1 as permitted sender);
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=example.com

Received Headers

Each server adds a "Received" header. Read them from bottom to top to trace the message path:

Received: from mail-out.example.com (mail-out.example.com [192.0.2.1])
        by mx.google.com with ESMTPS id abc123
        for <recipient@gmail.com>;
        Mon, 15 Jan 2025 10:30:45 -0800 (PST)

Key information in Received headers:

• from — The server that sent the message
• by — The server that received the message
• with — The protocol used (SMTP, ESMTPS, etc.)
• timestamp — When the handoff occurred

SPF-Related Headers

Look for SPF results in these headers:

Received-SPF: pass (google.com: domain of sender@example.com designates 192.0.2.1 as permitted sender)

The Received-SPF header tells you:

• Whether SPF passed, failed, or had an error
• Which IP address was checked
• The domain that was verified

DKIM-Signature

The DKIM signature header shows how the message was signed:

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=example.com; s=selector1;
        h=from:to:subject:date:message-id;
        bh=base64encodedvalue;
        b=signaturevalue

Important DKIM fields:

• d= — The signing domain
• s= — The selector used
• h= — Headers included in the signature
• a= — The signing algorithm

X-Spam Headers

Many servers add spam-related headers:

X-Spam-Status: No, score=-2.0 required=5.0
X-Spam-Score: -2.0
X-Spam-Flag: NO

These reveal the spam score assigned by the receiving server.

Diagnosing Common Issues

SPF Failure

Symptom in headers:

spf=fail (sender IP is not authorized)

Common causes:

1. Sending from an IP not in your SPF record
2. SPF record has syntax errors
3. Too many DNS lookups in SPF record

Solution: Add the sending IP to your SPF record or fix syntax errors.

DKIM Failure

Symptom in headers:

dkim=fail (signature did not verify)

Common causes:

1. Message was modified in transit
2. DKIM key doesn't match
3. Selector not found in DNS

Solution: Verify your DKIM key is published correctly and the selector matches.

DMARC Failure

Symptom in headers:

dmarc=fail (p=REJECT dis=REJECT)

Common causes:

1. Neither SPF nor DKIM aligned with From domain
2. SPF or DKIM failed completely
3. Subdomain sending with strict alignment

Solution: Ensure at least one of SPF or DKIM passes AND aligns with the From domain.

Delayed Delivery

Compare timestamps in Received headers to find bottlenecks:

Received: ... Mon, 15 Jan 2025 10:35:00 -0800  ← Received here
Received: ... Mon, 15 Jan 2025 10:30:00 -0800  ← 5 minute delay
Received: ... Mon, 15 Jan 2025 10:29:55 -0800  ← Sent from here

A large gap between Received headers indicates where delay occurred.

Header Analysis Checklist

Tools for Header Analysis

While you can read headers manually, tools make it easier:

• MXToolbox Header Analyzer — Web-based tool that parses headers visually
• Google Admin Toolbox — Includes a message header analyzer
• Mail Header Analyzer extensions — Browser extensions for quick analysis

What Headers Can't Tell You

Headers have limitations:

• Why a message was spam-filtered — Filters don't always explain their reasoning
• Recipient engagement — No visibility into whether messages were opened
• Future delivery — Past success doesn't guarantee future inbox placement
• Content filtering details — Proprietary algorithms aren't exposed

Using Headers for Troubleshooting

When emails aren't being delivered as expected:

1. Get headers from a delivered message — Even spam folder delivery gives you headers
2. Compare with a successfully delivered message — Spot the differences
3. Focus on authentication first — Most delivery issues stem from auth failures
4. Check timestamps for delays — Identify slow servers in the chain

Email header analysis is a fundamental skill for diagnosing deliverability issues. While it takes practice to read headers fluently, the information they contain is invaluable for understanding exactly what happens to your emails between send and delivery.

Related Articles