Skip to content
Log in

Envelope sender (Return-Path)

Definition

The address used at the SMTP protocol level for bounce notifications, recorded in the Return-Path header. It is distinct from the display From address and is what SPF checks. Attackers often spoof the From but not the Return-Path, which creates an inconsistency that header analysis exposes.

Related terms

DKIM (DomainKeys Identified Mail)
A cryptographic signing mechanism: the sending server signs the message headers and body with a private key, and the receiving server verifies...
DMARC (Domain-based Message Authentication, Reporting, and Conformance)
A policy layer that requires the domain in the visible From header to align with a domain that passes SPF or DKIM....
Message-ID
A globally unique identifier assigned to each message by the originating mail server, recorded in the Message-ID header. It is set by...
Received header
A header line prepended by each mail server that accepts a message in transit, recording the server's own identity, the IP or...
SPF (Sender Policy Framework)
A DNS-based mechanism by which a domain owner publishes the list of IP addresses authorised to send mail for that domain. A...

Explained in

  • Email Header Analysis and Sender TracingThe address used at the SMTP protocol level for bounce notifications, recorded in the Return-Path header. It is distinct from the display From address and is w...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account