What are the “full headers” of an email message?

If you report a suspicious message to us, we might ask you for the “full headers” of that message.

The full headers are like Internet postmarks. They include technical information that shows where the message was really sent from (even if the sender’s address was forged) and how it was routed to you.

Among other information, the full headers will always include a line that starts with “Return-Path:” and two or more lines that start with “Received:”, like this:

Return-Path: <someone@example.com>
Received: from a1.tigertech.net (a1.tigertech.net [ 10.1.2.3 ])
    by b2.tigertech.net (Postfix) with ESMTP id 836AA1CD8656
    for <address@example.com>; Fri, 31 Dec 2099 23:59:59 -0800 (PST)
Received: from mail.example.com (mail.example.com [ 10.12.34.56 ])
    by a1.tigertech.net (Postfix) with ESMTP id 378A380C1AA
    for <address@example.com>; Fri, 31 Dec 2099 23:59:58 -0800 (PST)

Every email message has full headers. If you’re using our Webmail system, click the three dots in the top-right-hand corner of a message to see them:

screen shot

With our old Webmail system, click View Source in the top-right-hand corner of a message to see them.

If you use a different email program that isn't showing them to you, the “Working to Halt Online Abuse” site explains how to view full headers in all common mail programs.