Paul O’Brien

The 6 Different “From” Addresses Inside Every Email (And Why They Don’t Match)

The address you see in an email isn’t always the one that actually sent it. Behind every message are multiple “from” identities — each with a different technical role. Understanding them explains spam checks, bounces, and why email authentication exists at all.

Paul O'Brien
Paul O'Brien
4 min read
Diagram of the six different sender addresses inside an email header
An email doesn’t have just one “From” address — multiple sender fields work together behind the scenes, and they don’t always match.

Most people think an email has one sender.

It doesn’t.

Every email actually carries multiple “from” identities — some visible, some hidden, some used for delivery, some used for replies, and some used only by mail servers talking to each other.

That’s why:

  • An email can look like it’s from one address
  • But bounce somewhere else
  • And be technically sent by a completely different system

Understanding these layers explains a lot about spam, phishing, and why email authentication exists in the first place.

Let’s break them down.

1. The From: address (what you see in your inbox)

This is the one you know.

It’s the address shown in your email app — the name and email you see at the top of a message.

Example:

From: “Your Bank” <[email protected]>

This is the human-facing identity. It’s designed to tell the recipient who the message is from.

But here’s the important part:

👉 This address is just a label unless it’s backed up by authentication checks. On its own, it’s easy to fake.

That’s why phishing emails can appear to come from trusted brands.

2. The Reply-To: address (where replies actually go)

Sometimes, when you hit “Reply,” your response doesn’t go back to the address you saw in the From line.

That’s because emails can include a Reply-To address that overrides it.

Example:

This is often used for:

  • Customer support teams
  • Marketing tools
  • Ticketing systems

It’s not suspicious on its own — but scammers also abuse this trick to redirect replies to accounts they control.

3. The Return-Path (the bounce address)

This one is invisible in normal email apps.

The Return-Path is the address mail servers use if delivery fails — for example, if the recipient’s inbox doesn’t exist.

This is sometimes called the bounce address.

Example:

This address is often managed by:

It’s not meant for people. It’s for machines handling delivery problems.

4. The Envelope From (the sender used during delivery)

This is closely related to the Return-Path, but it exists at a deeper technical level.

When one mail server hands a message to another, it uses a hidden sender identity known as the envelope sender.

This is the address used during the actual mail transfer — not the one shown to users.

It’s like the return address written on the outside of the envelope, while the From address is the letterhead inside.

Most of the time:

  • You never see it
  • But mail servers use it to decide whether a message is allowed

This is one of the key identities checked by email authentication systems.

5. The Sender: header (who actually sent it on behalf of someone)

Sometimes an email is sent by one system on behalf of another person or organisation.

In those cases, an email may include a Sender header.

Example:

This helps explain situations where:

  • An assistant sends on behalf of an executive
  • A newsletter platform sends on behalf of a brand

Most people never see this unless they open full email headers.

6. The Delivered-By servers (the chain of handoffs)

Every email also contains a trail of server handoffs showing how it travelled across the internet.

These appear in the headers as multiple Received: lines.

They show:

  • Which server accepted the message
  • Where it came from
  • When it was passed along

This doesn’t change who the sender is — but it reveals how the message moved, which is vital for detecting spoofing and abuse.

Why don’t all these addresses match?

Because email wasn’t designed as a single, simple identity system.

It evolved to support:

  • Forwarding
  • Mailing lists
  • Newsletters
  • Helpdesks
  • Automated notifications
  • Third-party sending services

Each layer solved a different problem:

  • One address for people
  • One for replies
  • One for delivery failures
  • One for server-to-server routing

Modern security systems try to check that these identities line up in trustworthy ways. But the underlying structure is still layered and messy.

Why this matters for security

Scammers take advantage of this complexity.

They can:

  • Fake the From address you see
  • Use a different Reply-To to capture responses
  • Send through unrelated servers

Without authentication checks, email would be almost impossible to trust.

That’s why modern email security doesn’t just ask:

“What address does this email claim to be from?”

It asks:

“Do the visible sender, the hidden sender, and the sending servers all agree in a way that proves this is legitimate?”

When those identities don’t align, systems start to treat the message as suspicious.

The takeaway

An email doesn’t have one “from” address.

It has multiple layers of identity, built over decades to make email flexible — but also making it easier to abuse.

Understanding that:

  • The address you see isn’t the only sender
  • Delivery and reply addresses can be different
  • Hidden routing addresses exist

…helps explain both how email works and why email security is so complicated.

Email isn’t a single identity system.

It’s a stack of them.

You might also like

What Does “Secure Email” Actually Mean?

Secure email is used everywhere, but it rarely means the same thing twice. From basic TLS protection to systems where even the provider can’t read your messages, this guide explains what real email security actually involves — and where marketing often blurs the line.

What Does “Secure Email” Actually Mean?