Marking and Tracking Emails

This article discusses technical details about email protocol.

How can one tell that an email belongs to a certain web service? The first thing you can do is look at the “From” address. For instance, if it says “Meetup” then the email is probably from

Another way is to embed a certain keyword in the subject line, usually in the beginning. For instance, emails from Slack have “[Slack]” at the beginning of the subject line.

In addition to these two methods, there are custom mail headers, called by email marketers as X-headers. By convention, they must begin with “X-”. This article suggests using custom headers such as the one below, to measure marketing performance.

X-CompanyID: <List Source><List Segment><Campaign><Subscriber ID>

Even uses them. Here are custom headers inside a Meetup notification email:


You can see that these headers allow to mark an email with several identifiers, which you wouldn’t want to expose in the Subject field. You could try embed information in the “From” email address, but that would pollute people’s contact lists, and may even trigger spam filters.

However, the custom headers are not guaranteed to be preserved after mail has been processed by mail servers. For security reasons, some mail operators strip custom headers in order to reduce the “attack surface” that can be utilized for hacking and ‘fishing”.

If custom headers are not reliable, then are there any standard mail headers which can be used for marking and tracking emails? There is the “Message-ID” mail header, but if you use Google Email API, it overwrites it.

It is also possible to embed identifying information into the body of the email. One way would be to embed it in a separate MIME part, but then mail readers will display it as a downloadable attachment. Another way is to embed it into the readable main body of the email. Both of these methods, however, require loading the full email message instead of merely mail headers. This is not efficient because there can be large emails which may not be of interest, yet they would have to be loaded for inspection.

There is however a trick to mark an email using a standard mail header. The trick utilizes the MIME boundary string. This string is specified as part of the Content-Type mail header. For instance:

Content-Type: multipart/alternative; 

The only requirement for the value of the boundary string is to begin with two hyphen characters --. The rest must be a world unique value, which is a fancy way of saying a random value that is highly unlikely to clash with any other random value.

Thus, this field can contain identifying information about the type of email and tracking identifiers. The field should be no longer than 70 characters, not counting the two leading dashes. Such space allows a lot of possibilities to be creative.

I have used the node.js nodemailer library, and set a custom MIME boundary. This is the resultant “Content-Type” header that was emitted:

Content-Type: multipart/mixed; 

Here the string “sinikael” is added by the library. The last part of the string starting with 9YQHHH, is the custom value for the boundary string that I have specified. Namely, it is:


The first part before the dash is a magic token identifying a particular web service, and the string after the dash is the unique identifier of the email. Email software can quickly identify emails of interest by matching on the first token. It can then interact with the server, using the second string as the lookup ID, to get more information.

In summary, you don’t need to use custom HTTP X-headers to embed custom information in email headers.

The course of history is determined by the spreading of ideas. I’m spreading the good ones.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store