Which element is most useful for tracing the source of a threatening email?

Tracing the source of an email relies on the metadata that records the message’s journey through the mail system, which is contained in the email header. The header includes a series of Received lines added by each mail server the message passes through, showing the path from the origin to the destination along with timestamps. By examining these lines, you can infer the route and identify the originating host or network, or at least narrow down the source. While the other elements can be misleading—SMTP reply addresses can be forged, X.509 certificates relate to encryption rather than routing, and a host domain name can be spoofed or obscured—the header provides the comprehensive trail of evidence needed to trace where the email came from.