Understanding the origins of an email, including the sending platform and underlying server infrastructure, is crucial for diagnosing deliverability issues, identifying potential spam, or simply understanding a client's setup. Email headers contain a wealth of metadata that, when properly analyzed, can reveal the journey of an email and the systems it traversed. This analysis often involves looking for specific patterns, unique identifiers, or server responses that point to particular email sending platforms or self-hosted mail transfer agents (MTAs).
Key findings
Header analysis: Email headers are the primary source of information for identifying an email sending platform. They contain routing data, sender details, and timestamps that trace the email's path.
Platform clues: Specific header fields, such as Received, X-Mailer, X-Proofpoint-Spam-Details, or List-Unsubscribe, can often contain signatures or naming conventions that hint at the sending platform, whether it is an ESP (email service provider) or a self-hosted MTA (mail transfer agent).
IP address mapping: The IP addresses found in the Received headers can be used to trace back to the hosting provider, which might indirectly indicate a self-hosted solution if it resolves to a general cloud provider like Rackspace.
SMTP server identification: Directly querying (telnetting to) the mail server (on port 25) identified in the MX records or Received headers can reveal the MTA's banner, which often states the software name (e.g., Postfix, Exim, Sendmail).
Key considerations
Full headers are essential: Partial headers provide limited insight; a comprehensive analysis requires access to the complete email header. For more on this, consider reading a guide on how to read email headers.
Customization complexity: Many email platforms allow for significant customization of headers, which can obscure the underlying software or service. This makes definitive identification challenging without deeper investigation.
Chained systems: Emails often pass through multiple systems (e.g., an internal MTA, then an ESP, then a spam filter) before reaching the recipient. Each hop adds its own Received header, requiring careful parsing from bottom (first hop) to top (last hop).
Authentication records: The presence and alignment of SPF, DKIM, and DMARC records can offer clues about the sending infrastructure. Learn more about DMARC, SPF, and DKIM.
Deliverability impact: Identifying a poorly performing sending platform is often the first step in addressing ongoing email deliverability issues and preventing emails from going to spam.
What email marketers say
Email marketers often encounter situations where they need to identify the email sending platform used by a client, competitor, or even their own organization if documentation is lacking. This frequently arises when troubleshooting unexpected deliverability problems or assessing the quality of a sending infrastructure. Their approach typically involves examining email headers for tell-tale signs, understanding common ESP (email service provider) practices, and sometimes resorting to direct inquiry.
Key opinions
Header reliance: Marketers frequently rely on email headers to piece together the sending story, especially when dealing with legacy or custom setups that lack clear identification.
Unsubscribe link patterns: The format of the List-Unsubscribe header is often a strong indicator, as many ESPs use distinct, recognizable patterns for their unsubscribe functionality.
ISP mapping: Checking IP addresses against known providers (like Rackspace for general hosting) can suggest whether the system is self-hosted or managed by a specific ESP. This is a common first step in their investigations.
Performance correlation: Marketers often link observed email performance (e.g., poor deliverability or high spam rates) to the perceived quality of the underlying sending platform, sometimes even assuming a self-hosted solution if performance is consistently bad.
Key considerations
The need for full headers: Marketers quickly learn that partial header information is insufficient for accurate identification, emphasizing the need to extract the complete email header for analysis.
Multiple hops: They recognize that an email might travel through several systems, not just one, before reaching its destination, making it challenging to pinpoint the initial sending platform without detailed header scrutiny.
Direct communication: While technical analysis is valuable, directly asking the client about their email setup is often the most straightforward and efficient approach.
Impact on deliverability strategy: Identifying the platform influences decisions on email authentication (DMARC, SPF, DKIM) and overall email deliverability strategy, particularly when considering whether to authenticate with a personal domain or an ESP's domain.
Marketer view
Email marketer from Email Geeks suggests that to truly understand a client's email platform, analyzing the full email headers is crucial. Partial headers generally provide insufficient information for accurate identification. This is a common starting point for troubleshooting deliverability.
22 Dec 2018 - Email Geeks
Marketer view
Email marketer from Reddit explains that when troubleshooting email issues, the first thing they look for is the Received headers. These headers provide a sequential record of every server that handled the email, offering clues about the path taken and potentially the sending system.
15 Mar 2023 - Reddit
What the experts say
Email deliverability experts emphasize that a deep dive into email headers is non-negotiable for accurately determining the sending platform. They highlight the importance of understanding the SMTP conversation and server identification protocols. Experts often leverage command-line tools and diagnostic utilities to extract precise information that goes beyond what a typical email client reveals, providing a more robust assessment of the underlying infrastructure.
Key opinions
Importance of full headers: Experts consistently stress that only full, unedited email headers contain the complete routing information necessary for accurate platform identification.
SMTP banner grabs: Telnetting to an SMTP server (on port 25) and observing its initial greeting (banner) is a reliable method to identify the specific MTA software, as servers often explicitly state their identity (e.g., Postfix ESMTP).
Reverse DNS and MX records: Checking the reverse DNS (PTR record) of the sending IP and the MX records of the sending domain can often reveal the domain or hostname of the email sending service or server, providing a strong clue about the platform.
Distinguishing self-hosted from ESPs: Identifying whether an email originated from a self-hosted MTA or passed through a commercial ESP is critical for diagnosing deliverability issues.
Key considerations
Header spoofing: While headers are informative, experts caution that some headers, particularly From or Sender, can be easily spoofed. Focus on Received headers for true routing information.
Complex infrastructure: Modern email setups can involve multiple relays and proxy services (like Cloudflare for email), making the direct identification of the initial sending MTA more complex. This requires parsing the Received headers from the bottom up to trace the true origin.
Dynamic IP assignments: Cloud providers often assign dynamic IPs, so a single IP might not consistently map to the same service. This makes historical analysis challenging. Read more about how email works.
Authentication standards: Experts advise verifying SPF, DKIM, and DMARC alignment, as these records often point to authorized sending services associated with a domain. Conflicting authentication results can hint at misconfigured or multiple sending platforms. Consider why authentication results conflict.
Expert view
Deliverability expert from Email Geeks indicates that there are often subtle clues hidden within email headers that can reveal the sending platform. While PowerMTA is a common deployment, its List-Unsubscribe header format can be highly customized, making direct identification based on this field alone challenging.
22 Dec 2018 - Email Geeks
Expert view
Email deliverability expert from Spamresource.com states that the most reliable method for identifying the true origin of an email is to analyze the Received headers from the bottom up. Each Received header documents a hop, and the first Received header at the very bottom often points to the originating server.
03 Feb 2024 - Spamresource.com
What the documentation says
Technical documentation (e.g., RFCs, official MTA guides) provides the foundational understanding of how email headers are structured and what information they convey. This knowledge is paramount for anyone seeking to precisely determine an email's origin or the software used to send it. Documentation outlines the purpose of various header fields and the standard practices mail servers follow when processing and adding headers.
Key findings
Standard header fields: RFCs define core header fields like Received, Message-ID, and Return-Path, which are crucial for tracing an email's journey.
MTA identification: Many MTAs (e.g., Postfix, Sendmail, Exim) append their software name and version to the Received header, providing direct identification.
Authentication results: Headers often include Authentication-Results fields that detail SPF, DKIM, and DMARC checks, implicitly indicating the sending domain and its authorized senders.
Custom X-headers: While not standardized, documentation often mentions that email services may add proprietary X-headers for internal tracking, which can inadvertently reveal the platform.
Key considerations
Sequential processing: Documentation clarifies that Received headers are added in reverse chronological order. The oldest (original) Received header is at the bottom of the raw email source.
Reliability of fields: While some fields like From are easily forged, Received headers added by legitimate mail servers are generally considered trustworthy for routing information. For a full breakdown of email fundamentals, refer to a guide on reading message headers.
Bounce responses: SMTP error codes and bounce messages often contain details about the specific MTA that generated the error, offering another way to identify systems. These are crucial for diagnosing email connection timeout errors.
MTA configuration: Official MTA documentation details configuration options that affect header content and server behavior, which can explain variations in headers from the same platform.
Technical article
RFC 5322 (Internet Message Format) specifies the general format of email messages, including the header fields. It dictates that mail transfer agents (MTAs) must preserve all existing header fields and add new Received fields at the top of the message as it passes through each hop. This standard ensures a traceable path for every email.
01 Oct 2008 - RFC 5322
Technical article
The Postfix MTA documentation outlines how Postfix identifies itself in the Received header, typically including the string ESMTP Postfix. This consistent labeling allows for straightforward identification of servers running Postfix.