How to Read Email Headers: A Practical Guide to Diagnosing Delivery Problems

Every email carries headers that document its entire journey from sender to recipient. For anyone troubleshooting delivery problems — messages landing in spam, authentication failures, or delays — email headers are the first place to look.
What Email Headers Are
Headers are lines of metadata above the message body. They record who sent the message, which servers handled it, how long each hop took, and what authentication checks were applied. Each mail server prepends its own Received header as it processes the message. Read them bottom-to-top — the originating server entry is at the bottom, the final receiving server at the top.
How to View Full Headers
- Gmail: Open message, click the three-dot menu, select "Show original"
- Outlook web: Open message, three-dot menu, then "View message details"
- Apple Mail: View menu, Message, All Headers
- Thunderbird: View menu, Headers, All
The Headers That Matter Most
Received
There is one Received header per server hop. Read them bottom-to-top to trace the message path. Timestamps are the key diagnostic tool — a large gap between two consecutive Received entries marks exactly where a delay occurred, whether in a delivery queue, a greylisting check, or a content filter.
Authentication-Results
Added by the receiving server, this records the outcome of SPF, DKIM, and DMARC checks. When something fails here, the reason is usually one of three things: the sending IP is not in the SPF record, the DKIM signature could not be verified due to a key mismatch or message modification in transit, or neither SPF nor DKIM passed alignment with the From domain for DMARC.
Return-Path
The envelope sender address where bounces are routed. Often different from the visible From address when using an ESP. SPF is checked against the Return-Path domain — this is why SPF can pass while DMARC fails when the two domains do not align.
Message-ID
A unique identifier assigned by the originating server. Use this when tracking a specific message across logs — yours, your ESP's, or a receiving server's postmaster records.
Diagnosing Common Problems
Delayed messages
Compare timestamps across all Received headers. The hop with the largest time gap is where the delay happened — whether a content filter, greylisting, or queue backup at a specific server.
SPF failure
The Authentication-Results header tells you which IP was tested. That IP needs to be in your SPF record. If it is not listed, you are either missing a sending service in your record or mail is routing through an unexpected relay.
DKIM failure
Note the selector and domain in the DKIM-Signature header. Verify the public key at that selector exists in DNS and matches what your server uses. Mailing lists and some content scanners modify message bodies, breaking the DKIM hash in the process.
DMARC failure with SPF passing
DMARC requires identifier alignment — the SPF-passing domain must match the From domain. If your Return-Path uses a third-party domain, alignment may fail even when SPF passes. Check whether relaxed alignment is configured correctly for your setup.
Header Analyzers
For complex delivery paths, paste the full headers into Google's Message Header Analyzer or MXToolbox's Header Analyzer. Both tools parse each hop into a readable timeline and call out delays automatically.
Email headers are the closest thing to a flight data recorder for a message in transit. They tell you exactly where to look when something goes wrong. For help diagnosing persistent issues, the MailDog documentation covers common header diagnostics. For more deliverability guides, visit the MailDog blog. For direct support, reach out here. Teams looking for a managed sending setup can explore MailDog's SMTP relay.


