What is a Full Email Header?
A full email header is the metadata of an email — it shows every step the message took from sender to recipient. It includes:
-
Sender’s IP address
-
Sending and receiving server details
-
Timestamps for each hop
-
Authentication checks (DKIM, SPF, DMARC)
-
Spam scores
-
Routing path
Why You Might Need to View Full Headers
-
Investigate spoofing or phishing attempts
-
Trace the real source IP of a suspicious message
-
Check delivery delays by reviewing timestamps
-
Verify mail server blacklisting
-
Review spam filtering details (e.g., SpamAssassin score)
-
Ensure a filtering or security gateway processed the message properly
How to View Full Headers (Popular Email Clients)
Gmail (Web)
-
Open the email.
-
Click the three dots (︙) next to the reply button.
-
Select “Show original.”
-
A new tab opens showing the full header and raw message.
Outlook Desktop App (Windows)
-
Double-click the email to open in a new window.
-
Go to File > Properties.
-
Look in the “Internet headers” box at the bottom.
Outlook Web (Outlook.com / Office 365)
-
Open the email.
-
Click the three dots (︙) on the upper right.
-
Choose “View > View message source.”
Important Notes on IP Addresses
-
Private IPs (e.g.,
10.x.x.x,192.168.x.x,172.16-31.x.x) won't trace directly — they are internal to local networks. -
The last public IP before NAT (like
64.18.2.187in your example) is more useful for tracing. -
RFC 1918 outlines private address space for internal use (non-routable over the public internet).
Full headers give you deep insight into the journey of an email, including server hops, IP addresses, spam checks, and more.
They are essential for security analysis, troubleshooting, or tracking the real origin of a message.
