uCheckeruChecker

Return-Path: where bounces go

Return-Path is a header the receiving mail server adds to the message after reading the MAIL FROM command from the SMTP session. It records where bounce notifications go when delivery fails. The sender never writes Return-Path directly — the receiving server derives it from the envelope sender address during the SMTP handshake.

SMTP envelope vs. message headers

When an MTA connects to the receiving server, the SMTP exchange opens with two commands:

MAIL FROM:<bounce-id-4782@tracking.example.com>

RCPT TO:<user@recipient.com>

The address in MAIL FROM becomes the Return-Path. It has no requirement to match the From header the recipient sees in their mail client. In the example above, the recipient sees "newsletter@example.com" in their inbox, but bounces go to bounce-id-4782@tracking.example.com. This separation is how modern email handles delivery failures at scale.

Why From and Return-Path differ

For a single personal message the distinction is irrelevant: the sender and the bounce recipient are the same person. In bulk sending it matters a great deal. An ESP sends millions of messages on behalf of thousands of clients. Every bounce needs to be tied to a specific message, a specific recipient, and a specific campaign.

That is what VERP (Variable Envelope Return Path) solves. The Return-Path encodes the recipient identifier directly:

MAIL FROM:<bounce+user=recipient.com@tracking.example.com>

When a bounce arrives at that address, the system parses it and knows: this non-delivery was for user@recipient.com. Without VERP you would have to parse the bounce message body, which is unreliable given the lack of a universal DSN format.

Return-Path and SPF

SPF evaluates the domain in Return-Path (the envelope sender), not the From header. When the receiving server gets MAIL FROM:<bounce@tracking.example.com>, it queries the SPF record of tracking.example.com and checks whether the sending server's IP is authorized to send for that domain.

When Return-Path and From use different domains, SPF can pass for the envelope domain while DMARC still requires alignment between the From domain and the domain verified by SPF or DKIM. Under relaxed alignment, tracking.example.com and newsletter.example.com both align with example.com because they share the same organizational domain.

Null Return-Path

A null Return-Path is an empty MAIL FROM (<>). It is used for bounce messages (DSN) and automated replies. When a server generates a non-delivery notification, it sends it with an empty Return-Path to prevent an infinite loop: if a bounce on a bounce also triggered a bounce, the chain would never end. Messages with an empty envelope sender do not generate bounce responses.

MAIL FROM:<>

Return-Path in message headers

The receiving server writes Return-Path as the first header of the stored message. In the raw source you will see:

Return-Path: <bounce+user=recipient.com@tracking.example.com>

Two Return-Path headers in the same message is an anomaly. Some spam filters treat a duplicate Return-Path as a sign of a forged message. The standard requires exactly one Return-Path, set only by the final receiving server.

Common configuration mistakes

  • Return-Path pointing to a nonexistent domain. If the domain in MAIL FROM does not resolve in DNS, many receiving MTAs reject the message before any data is transferred. Most servers verify that the envelope sender domain exists.
  • No SPF record for the Return-Path domain. SPF is checked against the envelope sender. If tracking.example.com has no SPF record, the result is "none", and a DMARC policy of reject will block the message when DKIM alignment also fails.
  • The bounce mailbox does not accept mail. The bounce address needs to be a real, working mailbox. If bounces disappear, the ESP cannot update address statuses, and you keep sending to addresses that no longer exist. That damages sender reputation.
  • Third-party Return-Path domain without DMARC alignment. If MAIL FROM uses a domain unrelated to the From domain, DMARC alignment fails. This is a common oversight when using a third-party SMTP service without configuring a custom Return-Path domain.

Return-Path and email validation

When a validator probes an email address, it acts as a sender: it opens an SMTP session with the target server and issues a MAIL FROM command. If the validator's own Return-Path is misconfigured — nonexistent domain, missing SPF, poor reputation — the receiving server may reject the connection before the RCPT TO step, and the check never completes.

Accurate validation depends not only on the addresses being checked, but on the validator's own infrastructure. A working Return-Path with correct DNS records is part of that baseline.

uChecker validates email addresses before you send, so your Return-Path does not get buried in bounce notifications. Fewer bounces means a cleaner envelope sender domain reputation and better deliverability for every campaign that follows.

Return-PathMAIL FROMbounceenvelope senderSPF
← Glossary