What is the difference between header.from and message from?

The header.from (RFC 5322 From: ) is what recipients see. The message from (RFC 5321 Mail From: or Return-Path) is used by servers for bounces and SPF authentication. They can differ because ESPs often use their own domain for the technical aspects of email sending.

How does DMARC alignment relate to these 'from' addresses?

DMARC alignment requires that either your SPF (Return-Path domain) or DKIM (d= tag domain) matches your From: header domain. This can be a strict (exact) match or a relaxed (base domain) match.

Why is one-click unsubscribe important?

One-click unsubscribe is mandated by major mailbox providers like Gmail and Yahoo Mail for bulk senders. It simplifies the unsubscribe process for recipients, reducing spam complaints and improving sender reputation.

What is the correct way to set up one-click unsubscribe?

Proper setup requires including both List-Unsubscribe and List-Unsubscribe-Post headers. The URL in List-Unsubscribe must use HTTPS, and your DKIM signature must cover these headers. Most ESPs handle this automatically if configured correctly.

How can I troubleshoot one-click unsubscribe issues?

Verify your setup with reliable third-party email testing tools. If Google Postmaster Tools reports errors, cross-reference them. Ensure your unsubscribe URLs are always HTTPS, as HTTP links will fail the compliance check.

Why does my header.from differ from my message from, and what is the correct setup for one-click unsubscribe? - Technical - Email deliverability - Knowledge base

When examining email headers, it is common to notice a discrepancy between the header.from and the message from. This distinction is fundamental to how email protocols operate and impacts deliverability, particularly in the context of authentication standards like SPF, DKIM, and DMARC. Understanding these different 'from' addresses is crucial for ensuring your emails reach their intended inboxes and comply with sender requirements.

The correct configuration of these headers also plays a significant role in modern email practices, such as the implementation of one-click unsubscribe functionality. With major mailbox providers like Gmail and Yahoo now mandating one-click unsubscribe for bulk senders, it is more important than ever to have your email headers configured correctly.

The two 'from' addresses

The confusion between the different 'from' addresses is a common point of misunderstanding. Every email actually has multiple 'from' addresses, each serving a distinct purpose in the email sending and receiving process. The one you see in your inbox is often different from the one used by servers for authentication.

The header.from, also known as the RFC 5322 From: address, is the friendly address displayed to the recipient in their email client. This is the email address that users see and recognize as the sender. The message from, often referred to as the Return-Path or RFC 5321 Mail From: address, is primarily used for bounce handling and SPF authentication checks. It is usually not visible to the end-user. This is also sometimes called the MFROM. If you want to learn more, we have an article on why there are two domains in the Mail From field.

The reason these can differ is often due to the email service provider (ESP) or sending infrastructure. When an ESP sends emails on your behalf, they might use their own domain in the Return-Path to manage bounces, while still displaying your brand's domain in the From: header. This setup is not inherently problematic, provided that authentication mechanisms are correctly configured.

Header.From (RFC 5322 From:)

Visibility: This is the sender address that the recipient sees in their email client (e.g., info@yourdomain.com).
Purpose: Represents the human-readable sender of the email.
Authentication Role: Used for DMARC alignment checks, specifically with DKIM's d= tag.

Message From (RFC 5321 Mail From:/Return-Path)

Visibility: Usually hidden from the recipient, only visible in raw email headers (e.g., bounces@esp.com or tracking@yourdomain.com).
Purpose: Used by mail servers for handling bounces and for SPF authentication checks.
Authentication Role: The domain checked by SPF, and also used for DMARC alignment.

DMARC alignment and its impact

The critical element for email deliverability today is DMARC alignment. DMARC requires that at least one of your authentication methods, either SPF or DKIM, aligns with the header.from domain. This means the domain in your Return-Path (for SPF) or the d= tag in your DKIM signature must match your From: domain. This alignment can be either strict (exact domain match) or relaxed (base domain match for subdomains).

If your header.from is enews.yourdomain.com and your DKIM signature's d= tag also shows enews.yourdomain.com, this is considered strict alignment, which is ideal. However, if your header.from is enews.yourdomain.com but your Return-Path is yourdomain.com, this represents relaxed alignment for SPF. Both are valid for DMARC, but strict alignment is generally preferred for optimal deliverability.

A common configuration for many ESPs is to use a subdomain for the Return-Path and DKIM d= that is different from, but aligns with, the main From: domain. This allows the ESP to manage technical aspects of email delivery while maintaining your brand's identity. However, any misalignment can lead to emails landing in spam or being rejected, especially with the stricter requirements from major mailbox providers.

The mandate for one-click unsubscribe

One of the most significant recent changes in email deliverability is the mandate for one-click unsubscribe functionality. Starting in February 2024, Gmail and Yahoo began requiring bulk senders to implement this feature. This is designed to improve the user experience and reduce spam complaints, as recipients can easily opt-out without navigating through multiple pages or entering login credentials. The absence of an easy unsubscribe option often leads to users marking emails as spam, which severely damages sender reputation (or your email blacklist status).

The one-click unsubscribe feature is primarily implemented through the List-Unsubscribe and List-Unsubscribe-Post headers, as defined in RFC 8058. This standard outlines how a single HTTP POST request can be used to unsubscribe a user, simplifying the process dramatically. Mailbox providers, such as

Microsoft Outlook, now frequently display an unsubscribe button directly in the email client's interface, leveraging these headers. We have another article covering the unsubscribe header functionality on Gmail and other services.

Ignoring this requirement or implementing it incorrectly can lead to severe deliverability issues, including emails being sent directly to the spam folder, or even domain and IP blocklists (also known as blacklists). It is a clear signal to mailbox providers that you are a responsible sender who respects recipient preferences, which is a key factor in maintaining a good email domain reputation.

Implementing one-click unsubscribe correctly

Key Requirements for One-Click Unsubscribe

Two Headers: You must include both the List-Unsubscribe and List-Unsubscribe-Post headers.
HTTPS URL: The URL provided in the List-Unsubscribe header for the one-click option must use HTTPS, not HTTP. This ensures a secure connection.
Specific Value: The List-Unsubscribe-Post header must have the value List-Unsubscribe=One-Click.
DKIM Coverage: Your DKIM signature must cover the List-Unsubscribe headers to prevent tampering.

Setting up one-click unsubscribe typically involves configuring your email sending platform or ESP. Most modern ESPs offer built-in functionality to handle these headers automatically. You will generally provide a URL (which must be HTTPS) that, when accessed via a POST request, unsubscribes the recipient without further interaction. Additionally, it is good practice to include a visible unsubscribe link within the email body itself, which is a separate requirement but complements the header-based unsubscribe.

Here's an example of what these headers might look like in the raw email source. Your ESP will usually manage the exact URL, but you can confirm its presence and format by checking the email's raw headers. For a deeper dive, check out our article on how to add an unsubscribe button to the email header.

Example List-Unsubscribe headers

List-Unsubscribe: <mailto:unsubscribe@example.com?subject=unsubscribe>, <https://www.example.com/unsubscribe?user=123>
List-Unsubscribe-Post: List-Unsubscribe=One-Click

Troubleshooting common alignment and unsubscribe issues

Even with correct configurations, you might encounter issues. One common challenge is when a testing tool, like a new version of Google Postmaster Tools, reports alignment errors, even if your setup appears correct. I have seen instances where these tools can be buggy or misinterpret configurations. It's always a good idea to cross-reference with third-party email testing tools that provide detailed breakdowns of your email's authentication status. For example, some experts recommend About My Email for a comprehensive review. If you're experiencing Gmail not displaying the list-unsubscribe header, a third-party tool can help diagnose.

A crucial, yet sometimes overlooked, detail for one-click unsubscribe is the requirement for the unsubscribe URL to use HTTPS. If your unsubscribe link uses HTTP, it will not be considered compliant, and mailbox providers may ignore your List-Unsubscribe headers. This seemingly small detail can lead to significant deliverability problems. Always ensure your ESP or sending system configures SSL for your unsubscribe links. We also have an article on how to verify if your company's emails have List-Unsubscribe headers configured correctly.

Views from the trenches

Best practices

Ensure DMARC alignment by checking that either your SPF (Return-Path) or DKIM (d= tag) domain strictly or relaxedly matches your visible From: domain.

Always use HTTPS for your List-Unsubscribe URL to comply with modern mailbox provider requirements and ensure security.

Verify that your DKIM signature covers the List-Unsubscribe headers, as this prevents header tampering and ensures compliance.

Regularly monitor your email authentication and header configurations using reliable third-party testing tools for accurate insights.

Provide both a one-click unsubscribe header and a clear, visible unsubscribe link in the email body for optimal user experience and compliance.

Implement a DMARC policy (even at p=none) to gain visibility into your email authentication status and identify potential issues early.

Common pitfalls

Misinterpreting different 'from' addresses, leading to incorrect DMARC alignment assumptions and deliverability issues.

Using HTTP instead of HTTPS for one-click unsubscribe URLs, causing the feature to fail and leading to non-compliance.

Relying solely on Google Postmaster Tools for debugging, as it can sometimes report misleading or buggy alignment errors.

Failing to cover List-Unsubscribe headers with DKIM, which can result in authentication failures and a degraded sender reputation.

Neglecting to monitor DMARC reports, missing critical insights into email authentication and potential spoofing attempts.

Not having any DMARC record published, which prevents mailbox providers from enforcing authentication policies and providing valuable feedback.

Expert tips

For optimal DMARC alignment, strive for strict alignment where your Return-Path domain or DKIM d= tag exactly matches your From: domain, even though relaxed alignment is technically sufficient.

If your ESP's default configuration leads to relaxed alignment, consider working with them to achieve strict alignment if possible, as it can further boost deliverability.

When troubleshooting, send an email through your exact sending setup and use a dedicated email header analysis tool rather than relying on cached or generalized reports.

Pay close attention to provider-specific guidelines, as different mailbox providers may have slight variations or interpretations of unsubscribe and authentication requirements.

Automate the monitoring of your DMARC reports to proactively identify authentication failures and ensure continuous compliance with sender requirements.

Don't forget that email deliverability is a holistic effort, encompassing content quality, list hygiene, and engagement, in addition to technical configurations.

Expert view

Expert from Email Geeks says that emails have more than one from header, and the observed difference likely refers to the return path domain (SPF domain) not matching the visible From: domain, which is a common SPF alignment issue.

2024-11-06 - Email Geeks

Expert view

Expert from Email Geeks says that for DMARC purposes, only DKIM or SPF need to align, not necessarily both, indicating that if either authentication method aligns, it should be sufficient.

2024-11-06 - Email Geeks

Ensuring successful email deliverability

Navigating the complexities of email headers, DMARC alignment, and one-click unsubscribe requirements is essential for modern email marketers and businesses. While the distinction between header.from and message from might seem technical, it underpins your email's ability to be authenticated and delivered successfully. Focusing on proper DMARC alignment, whether strict or relaxed, is your first line of defense against deliverability issues.

Furthermore, the shift towards mandatory one-click unsubscribe is a clear signal from mailbox providers to prioritize recipient experience and consent. Ensuring your List-Unsubscribe headers are correctly formatted with HTTPS URLs and are covered by DKIM is no longer optional—it is a requirement for maintaining good sender reputation and inbox placement. By addressing these technical details, you can significantly improve your email program's performance and ensure long-term deliverability.