How to View the Source of a Message in Gmail

Ever gotten a sketchy email that claims it’s from your bank, your boss, or a “Nigerian prince” who somehow still exists in 2026?
Your instincts say “nope,” but your curiosity says “show me the receipts.” In Gmail, those “receipts” live in the message’s
sourcethe raw, unfiltered, behind-the-scenes version of an email that includes its full headers, routing path,
authentication results, and the message body exactly as mail servers handled it.

This guide walks you through how to view a message’s source in Gmail (a.k.a. Show original), what all that “alphabet soup”
(SPF, DKIM, DMARC, ARC) actually means, and how to use the source to troubleshoot delays, verify legitimacy, or satisfy your inner email detective.
No trench coat requiredoptional, but encouraged.

What “message source” actually means (and why you’d care)

When people say “view the source of an email,” they usually mean the email’s raw RFC-style message:
a block of headers at the top (metadata) followed by the body content (often MIME-formatted). Think of it like looking at the
ingredient label instead of the pretty packaging.

The source can tell you things the Gmail interface doesn’t emphasize, such as:
the servers the email traveled through, whether it passed authentication checks, which domain really handled the sending,
whether it was forwarded, and whether delays happened before the email ever reached Google.
For security, debugging, and deliverability questions, message source is where the truth tends to hang out.

How to view the source of a Gmail message on desktop (Show original)

Step-by-step: “Show original” in Gmail on the web

1. Open Gmail in a desktop browser (Chrome, Edge, Firefox, Safari all work).
2. Click the specific email you want to inspect so it opens fully.
3. Look near the Reply area for the More menu (usually three vertical dots).
   
   Important: Gmail has multiple “three-dot” menus. You want the one inside the message view,
   not the toolbar menu at the top of your inbox.
4. Select Show original.
5. A new tab/window opens with the message source. You’ll typically see:
   Created at info, a Copy to clipboard option, and a Download original option.

If your inbox is set to conversation view (threaded emails), make sure you’re opening a single message inside the thread.
“Show original” applies to one message at a timenot the entire conversation bundle. (Email threads are like group chats: chaotic,
layered, and occasionally full of regrets.)

Copy, download, and save the message source

Once you’re in the “Show original” view, you have a few practical choices:

• Copy to clipboard: Great for pasting into a header analyzer tool or sharing with IT/security.
  Tip: If you’re reporting phishing, most security teams prefer the full header block, not a screenshot of the email.
• Download original: This saves the raw message so it can be opened as an email file (commonly treated like an .eml).
  This is useful for audits, compliance, or attaching the email to a support ticket.
• Download message (from Gmail’s More menu): Gmail also offers a “Download message” option in the message menu that downloads
  the email for use in desktop mail clientshandy when you need to forward it as an attachment.

How to view message source on mobile (the honest truth + workarounds)

The Gmail apps on iPhone and Android are great for reading email, searching, and ignoring newsletters you swear you didn’t sign up for.
But they do not reliably offer a built-in “Show original” / full-source view.

Here are practical workarounds that actually work:

1. Use a mobile browser and request the desktop site:
   Open Gmail in your phone browser, switch to the desktop version, open the email, then use the More menu to find “Show original.”
   (It’s a few extra taps, but it beats guessing whether an email is legit.)
2. Forward the email to a mailbox you can open on desktop:
   If you’re on the go, forward it to yourself (or your IT ticketing address), then inspect on a computer.
   Pro tip: Forwarding can add headersif you need pristine data, downloading and attaching the original is better.
3. Use a mail client that exposes headers:
   Some third-party email clients can show full headers. If you’re doing frequent investigations,
   this can be a workflow upgradejust be mindful of security policies and account access rules.

Understanding what you’re seeing in the Gmail message source

The source view can look like a wall of text that lost a fight with a typewriter. Don’t panic.
You don’t need to understand every linejust the lines that answer your question.

The email header block (metadata that tells the story)

The header block is the section at the very top, ending at the first blank line. It can include hundreds of lines.
Some highlights you’ll see often:

• From: The display sender (easy to fake).
• Reply-To: Where replies are actually directed (sometimes the “gotcha” field).
• Return-Path: The bounce address (often more revealing than “From”).
• Message-ID: A unique identifier generated by sending systems (useful for tracing).
• Subject / Date: Basic metadata (still useful for timelines).

Received lines: the route the email took (read bottom to top)

Emails hop from server to server like a suitcase on connecting flights. Each major hop adds a Received: line.
The trick: read these lines from the bottom upward. The lowest “Received” entry is closest to the sender’s starting point,
and the top entries are closer to your inbox.

Why you’d care: If an email claims to be from a U.S. bank but the earliest hops show unexpected infrastructure,
suspicious regions, or mismatched domains, that’s a red flag. Also, the timestamps in Received lines can explain
why an email arrived “late”sometimes the delay happened before Gmail ever saw it.

Authentication results: SPF, DKIM, DMARC, and friends

Authentication checks help receiving systems decide if an email is likely legitimate or spoofed. In Gmail source views,
these results commonly appear in fields like Authentication-Results, Received-SPF, and DKIM-Signature.
Here’s the plain-English version:

• SPF: Checks whether the sending server is allowed to send mail for a domain (based on DNS).
  Passing SPF is good, but SPF alone isn’t a guaranteeforwarding can affect it.
• DKIM: Uses a cryptographic signature to confirm the message wasn’t altered and is authorized by a domain.
  A passing DKIM result is a strong signal the sending domain vouches for the message content.
• DMARC: Ties SPF/DKIM to the visible “From” domain and applies a policy. A DMARC pass is a strong green flag.
  A DMARC fail doesn’t automatically mean “malicious,” but it absolutely means “investigate.”
• ARC: Helps preserve authentication results through forwarding (useful in complex routing situations).

If you want an easier, more human-readable breakdown, you can copy the header block and paste it into a trusted
message header analyzer. Google provides one in its Admin Toolbox, and there are other reputable analyzers used by IT teams.
These tools can highlight delivery delays and authentication outcomes without requiring you to “speak fluent header.”

Practical examples: why viewing Gmail message source solves real problems

Example 1: “Is this email actually from my company?” (spoofing check)

Let’s say you get an email: “Urgent: Update your payroll info.” The sender name looks right. The email signature looks right.
The tone is… almost rightlike a robot tried to cosplay as HR.

In the message source, you’d look for:

• Authentication-Results showing DMARC/DKIM results aligned with your company domain.
  If DMARC fails and the sending infrastructure doesn’t match your organization, that’s a warning sign.
• Reply-To pointing somewhere suspicious (like a random domain that has nothing to do with payroll).
• The bottom-most Received lines showing a strange sending system that doesn’t resemble your company’s email provider.

Example 2: “Why was this email delayed?” (delivery timing)

If an email shows up hours late, the message source can help you prove whether the delay happened before Gmail received it.
Gmail’s “Show original” view often includes a “Created at” timestamp, and the Received lines provide a hop-by-hop timeline.

If the timestamps show the email sat at a sender’s server for 3 hours before relaying onward, that points the finger
away from Gmail. If the message reached Google quickly but didn’t appear in your inbox until much later, then you might
investigate filters, inbox categories, or account rules.

Troubleshooting: “Show original” is missing (what to try next)

If you can’t find “Show original,” it’s usually one of these scenarios:

• You’re using the Gmail mobile app: The option typically isn’t available there.
  Use a desktop browser or mobile browser with desktop view enabled.
• You clicked the wrong three-dot menu: The toolbar menu (top of the email list) controls thread-level actions.
  “Show original” is usually in the message-level menu near Reply.
• You’re looking at a whole conversation, not a single message: Expand the specific email within the thread first,
  then use that message’s More menu.
• You’re in a special interface/context: Some embedded views, previews, or organizational tools may hide options.
  Opening the message directly in Gmail on the web usually restores the full menu.

If your goal is purely to save the email for analysis, another option is Gmail’s Download message feature, which can export
the email for opening in a desktop mail client or attaching to a support ticket.

Privacy and safety tips (because “email source” can be sensitive)

Message source can contain personal data, internal routing info, and security signals. Before you share it:

• Share only with trusted IT/security teams or reputable tools you understand.
• Be cautious pasting full source into random sitesuse trusted analyzers and follow your organization’s policy.
• If you’re reporting phishing, follow your company’s reporting process (and consider attaching the original email file when possible).

Conclusion

Viewing the source of a message in Gmail is one of those “secret handshake” skills that turns email confusion into clarity.
Whether you’re chasing down a delivery delay, validating a sender, or investigating a suspicious message, Gmail’s
Show original view gives you the raw factsheaders, hops, and authentication resultsso you can stop guessing
and start knowing.

Real-World Experiences: What It’s Like to Actually Use “Show original” (and what you learn fast)

The first time you open Gmail’s message source, you might think you’ve accidentally opened the Matrix. It’s not pretty, it’s not friendly,
and it definitely doesn’t come with a “translate to human” button (unless you paste it into a header analyzer).
But after you’ve used it a few times, patterns start to pop outand you get a weird sense of power, like you’ve unlocked the
“developer tools” of email.

One common experience: someone insists, “I never got your email.” You resend it. They still insist. You start doubting reality.
Then you check the original source of the sent message (or the received copy if you’re troubleshooting inbound), and you find a clue:
the hop timing shows it delivered quickly, or the routing indicates it went through a gateway and got quarantined, or the headers show it
was forwarded through a system that rewrote parts of the email. Suddenly, the conversation changes from “you didn’t send it”
to “okay, we need to check filters, spam quarantine, or forwarding.”

Another real-life moment: phishing. The message looks convincingbranding, formatting, even a “sent from iPhone” vibe that screams,
“I’m totally a real human, trust me.” But in the source, the authentication story doesn’t match the costume. You might see
DMARC failing for the visible From domain, or a Reply-To pointing somewhere unrelated, or a Received chain that doesn’t resemble the
legitimate sending infrastructure you’d expect. Even if you’re not an email security pro, you learn quickly that
passed authentication aligned with the From domain is a big difference-maker in trust decisions.

You also discover workflow quirks. For example, “Show original” is message-specificgreat for precision, annoying when you’re dealing with
long threads. You end up developing a little routine: expand the exact message, open source, copy headers, paste into an analyzer, skim for
pass/fail results, then scan Received lines for anything bizarre. The process becomes surprisingly fast, especially once you stop trying to
understand every line and focus only on the question you’re answering. Are you verifying sender authenticity? Look at authentication and routing.
Are you troubleshooting delays? Look at Received timestamps and “Created at” info. Are you investigating tampering? Look for DKIM breaks
and weird MIME boundaries.

A big lesson people learn the hard way: forwarding and mailing lists can complicate everything. You may see SPF fail even for legitimate mail
because forwarding changes the sending server. You may see extra “via” hops. You may see ARC results that help explain why Gmail treated it as
trustworthy anyway. The takeaway isn’t “forwarding is bad,” it’s “email is messy, and headers are the map.”

Finally, there’s the “helpful-but-humbling” experience: you paste a header into an analyzer and it highlights ten issues you didn’t notice.
Maybe there’s a misconfigured sender server causing delays, or an alignment problem hurting DMARC, or a relay that added suspicious markers.
That’s when “Show original” shifts from being a one-off trick to being a reliable diagnostic habitespecially if you handle business email,
customer support, marketing deliverability, or anything where “Did it send?” and “Is it legit?” are daily questions.