Skip to main content
0
  1. Wiki/

Email Encyclopedia: What is Delivery Path Tracking

Table of Contents

Alibaba Mail More Products and Services

Delivery Path Tracking is a technology used in email systems to record and display the server path an email travels through from sender to recipient. It is typically accomplished by analyzing the “Received” fields in the email header, enabling users to understand the transmission process of emails in the network and providing diagnostic evidence when issues such as email loss, delay, or spam flagging occur.

Basic Concepts #

Every email contains a header that includes various metadata about the email, such as sender address, recipient address, send time, subject, etc. Additionally, the header records information about each mail server the email passes through during network transmission, primarily reflected in the “Received” fields.

Received Field #

The “Received” field is the core content of delivery path tracking. Each time an email is received by a mail server, that server adds a new “Received” record to the email header, formatted as follows:

Received: from [sending hostname] ([IP address]) by [receiving hostname] with [protocol/encryption method]; timestamp

For example:

Received: from mail.example.com (mail.example.com [192.0.2.1])
    by mx.google.com with ESMTPS id a1si12345678wrs.123.2024.04.05.12.00.00;
    Fri, 05 Apr 2024 12:00:00 -0700 (PDT)

This record indicates: the email was sent from mail.example.com, with IP address 192.0.2.1, received by mx.google.com, using the ESMTPS protocol, at 12:00 noon on April 5, 2024.

Multiple “Received” fields stack in order, forming the complete delivery path of the email, with the most recent record at the top and the earliest record at the bottom.

Functions of Delivery Path Tracking #

1. Email Troubleshooting #

When users report not receiving emails or emails being incorrectly flagged as spam, technical personnel can check the “Received” records in the email header to track the actual transmission path of the email, determining whether it was lost en route, rejected by an intermediate server, or incorrectly classified by the final server.

2. Detecting Forged Emails and Spam #

Spam or phishing emails often forge header information to hide their true origin. By analyzing the “Received” chain, the true source of the email can be identified, thus determining its legitimacy. For example, if an email claiming to be from a bank was actually sent from a dynamic IP address, it is likely a fraudulent email.

3. Performance Optimization and Network Monitoring #

Enterprises or service providers can use delivery path tracking to analyze email transmission efficiency, identify bottlenecks or delay nodes, and thereby optimize mail server configurations or network architectures.

4. Compliance and Audit Requirements #

In certain industries (such as finance, healthcare, etc.), email communications need to meet specific compliance and traceability requirements. Delivery path tracking can help organizations prove that emails have been successfully delivered and record their entire transmission process for subsequent audits.

How to Perform Delivery Path Tracking #

Viewing Email Headers #

Different email clients have slightly different methods for viewing email headers:

  • Gmail: Click the three dots icon in the top right → “Show original”
  • Outlook: Open the email → File → Info → View message headers
  • Apple Mail: Mail → View → Show Raw Message
  • Thunderbird: View → Select “All” or “Details” below the message body

Analyzing Received Fields #

Once you have the email header, you can begin analyzing the “Received” fields one by one. It’s recommended to read from bottom to top, as the most recent record is at the top and the earliest record is at the bottom. Each record should contain the following key information:

  • from: The hostname and IP address of the sending server
  • by: The hostname of the receiving server
  • with: The protocol and encryption method used (such as ESMTP, ESMTPS, LMTP, etc.)
  • timestamp: The time when the email arrived

Using Online Tools for Analysis Assistance #

There are many online tools that can help automatically parse email headers and generate visualized delivery path diagrams, such as:

These tools not only automatically extract the “Received” chain but also check the status of email authentication mechanisms such as SPF, DKIM, DMARC, helping to determine whether the email is legitimate.

Case Analysis #

Suppose we receive an email with the following header section:

Received: from mx2.mailserver.com (mx2.mailserver.com [203.0.113.1])
    by mx1.finalmailserver.net with ESMTP id s123456789;
    Fri, 5 Apr 2024 12:00:00 +0000 (UTC)

Received: from mx1.mailserver.com (mx1.mailserver.com [203.0.113.0])
    by mx2.mailserver.com with ESMTP id s987654321;
    Fri, 5 Apr 2024 11:59:30 +0000 (UTC)

Received: from userpc.local (unknown [198.51.100.1])
    by mx1.mailserver.com with SMTP id s1122334455;
    Fri, 5 Apr 2024 11:59:00 +0000 (UTC)

We can deduce the delivery path of the email as follows:

  1. The earliest record is at the bottom: the email was sent from userpc.local (IP address 198.51.100.1) to mx1.mailserver.com.
  2. Then it was forwarded from mx1.mailserver.com to mx2.mailserver.com.
  3. Finally, it was sent from mx2.mailserver.com to the final receiving server mx1.finalmailserver.net.

Through this path, we can further check for abnormal situations at each link, such as whether there are blacklisted IPs, whether anti-spam mechanisms are enabled, etc.

  • MTA (Mail Transfer Agent): A server program responsible for receiving and forwarding emails.
  • SMTP (Simple Mail Transfer Protocol): The standard protocol for email transmission.
  • SPF (Sender Policy Framework): A technology that prevents email forgery by specifying which servers are authorized to send emails on behalf of a domain.
  • DKIM (DomainKeys Identified Mail): Verifies through digital signatures whether an email comes from the claimed domain.
  • DMARC (Domain-based Message Authentication, Reporting & Conformance): Combines SPF and DKIM, defines how to handle emails that cannot be verified, and provides a feedback mechanism.
  • DNSBL (DNS-Based Blackhole List): A blacklist based on DNS used to block IP addresses from known spam sources.

Summary #

Delivery path tracking is a basic but very important function in email systems. It not only helps troubleshoot email issues but can also be used for security verification, performance optimization, and compliance auditing. For ordinary users, mastering basic email header analysis skills can help identify suspicious emails; for IT administrators and technical personnel, a deep understanding of email transmission paths is key to ensuring the stable operation of email systems.

As internet security threats continue to increase, delivery path tracking will continue to play an important role in the future, especially in preventing phishing and malicious email propagation, becoming an indispensable tool.