Product » A free email server for Windows and Linux » Knowledge Base

Document information

Document ID: 5156
Subject: Difference between envelope and header from
Creation date: 8/17/17 2:39 PM
Last modified on: 8/15/18 10:54 AM


Envelope vs Header FROM

The sender's email address is specified twice when email messages are delivered from a sender to recipient. This article explains the difference between these two addresses in non-technical terms.

As described in another article that talks about SMTP Relay, the design of our modern email system is based upon snail mail. Therefore, in order to understand how email works, we are going to analyze how snail mail works.

There are two parts of any package you receive from your regular postal mail: An envelope and a letter inside that envelope.

Part 1 - The Envelope

It contains the following information:

  • Sender's name and address - tag 1 in the image. If a package cannot be delivered, the post office will use this address to return it back to the sender.
  • Recipients name and address - tag 2 in the image
  • A stamp by the post office containing the time and the name of the town - tag 3 in the image
This letter appears to have been sent by James Baker who works for XYZ, Inc.

Important Points
  • It is very easy to forge the sender's name and company name
  • The post office will deliver the message without opening the envelope
  • The post office will stamp the letter on the upper right hand corner with current date and the location where it came from
  • If the letter goes through multiple post offices, all of them have the option of stamping the envelope

SMTP Envelope


Part 2 - Actual Letter

This contains the following information:

  • A header towards the top - tag 1 in the image
  • This header contain sender's information (tag 2) and possibly a date when the letter was composed. (tag 3)
  • Actual body, which appears at the bottom


Important Points
  • Notice the name of the sender on the actual letter is Jack Smith, which is different than what was specified on the envelope
  • If Mary did not look at the envelope, she would have thought the letter was sent by Jack Smith who also works for ABC, Inc., the same company that Mary works for
  • The sender could have easily put an invalid date as well as their contact information in attempt to make her believe Jack Smith is the sender
  • If Mary is not careful and does not detect any fraud, she may take action that should would not have taken otherwise.

SMTP Envelope


Similarities with Email

Since email systems are designed based on snail mail, it also contains an Envelope and Letter. There are a few differences, which are mentioned below. This communication is based on RFC 5321.

Part 1 - The Envelope

Envelope is the communication between and SMTP Client and Server. See a sample envelope on the right side. Messages sent by client are indicated by C: and server's responses are indicated by S: Following is true with an email envelope.

  • The client and server first greet each other with a HELO command.
  • Client sends a MAIL FROM command representing the sender's email address. This value is also used to send a non-delivery report (NDR) when message cannot be delivered.
  • The server response with a 250 OK if this sender is acceptable.
  • Next, the client sends one or more recipient's email address using the RCPT TO command.
  • Again, the server responds with a 250 OK, provided the recipient is acceptable. If the server returns a rejection code, the sender will generate an NDR. In this case, the actual message will never get sent to the receiving SMTP server.
Important Points
  • It is very easy to specify a fake/forged address in the MAIL FROM command
  • The receiving server has the ability to check a few things, such as sender's IP address, MX record and FQDN before accepting any email.

Sample Envelope

S: 220 foo.com Service Ready
C: HELO bar.com
S: 250 OK
C: MAIL FROM:<james.baker@xyzinc.com>
S: 250 OK
C: RCPT TO:<mary.jane@abcinc.com>
S: 250 OK
C: DATA
S: 354 Start mail input;
C: Actual email is sent here
C: .
S: 250 OK
C: QUIT


Part 2 - Actual Email

When users receive the email, they do not see the envelope. Email clients only display the "Letter". This message must conform to rules specified in RFC 5322.

  • An email is divided into at least two parts: Header and Body
  • Header is used to contain some meta data about the message, such as Sender's name and email, date it was composed, subject and others.
  • The sender's email address and name is specified in the FROM header and its value looks like Jack Smith <jack.smith@abcinc.com>.


Important Points
  • The sender's email address can be different from the envelope's MAIL FROM
  • Since an email client will only display the FROM header (RFC5322.FROM), the user will never know what was the value for the RFC5321.MAILFROM in the envelope.

SMTP Envelope

When are these values used

The following table summarizes the two different values for the sender.

Envelope From (RFC5321.MAIL FROM)

  • Used by the SMTP server to generate NDR
  • Used by SPF filter to determine if it came from the designated IP address.

Header From (RFC5322.FROM)

  • Used by the email client to display information in the From field.
  • Used by DMARC filter to confirm if the message is authentic

Challenges faced by email recipients

  • Email addresses specified in the envelope MAIL FROM as well as Email header can be forged, which is depicted from the example above: the sender in MAIL FROM is james.baker@xyzinc.com but in the Email Header, the same value is set to jack.smith@abcinc.com. To prevent such forgeries, email recipient's email server could use technologies like SPF and DMARC.

    Note that the information presented in the envelope never reaches the user's email client such as MS Outlook/Thunderbird. Therefore, a forged email must be blocked by spam filters before the message reaches user's Inbox.

  • No standard technology exist, as of now, to check if the user name in the message header is forged. As a result, spammers use several tricks to make the recipients believe message came from a trusted source. Check CEO forgery as an example.


User comments

Posted by Saad Khan on 9/17/20 12:28 AM

Nice one!

Posted by Wrigley on 9/8/20 6:01 PM

Fantastic, clear summary. Bravo to the author!

Posted by Ru on 7/31/20 3:48 AM

The sender's email address and name is specified in the FROM header and its value looks like Mary Jane &lt;mary.jane@abcinc.com&gt;. Shouldn't the from address be from "Jack Smith" here?

Posted by John Lee on 11/18/19 6:04 PM

This is the most concise description of Email Envelope and Email Header I could ever find on the Internet. Thank you very much!

Posted by uros on 9/23/20 5:39 AM

Great example, very concisely explained. I loved the "Important points" part and find them short and easy to remember. Thank you!


Add a comment to this document

Do you have a helpful tip related to this document that you'd like to share with other users?

Important: This area is reserved for useful tips. Therefore, do not post questions here. Instead, use our public forums to post questions.