How to tell which email platform a newsletter uses
TL;DR
Open the raw message and read two headers: Return-Path and List-Unsubscribe. Match the domain against the table below and you have the platform in about a minute. Mailchimp leaves mailchimp.com, SendGrid leaves sendgrid.net, Brevo sometimes leaves the odd list-unsubscribe.me. Creator tools like Substack and beehiiv stay out of the headers, so you catch those in the footer instead.
You can usually tell which email platform a newsletter uses in about a minute, without a browser extension or a paid service. The sending platform signs its work in the headers, and it is not subtle once you know the two fields to read. I do this several times a week when I pull apart a competitor send, and the same handful of domains keep showing up. Here is the reference I actually use, taken from the detector we run on every newsletter that passes through Newsletrix.
The one-minute way to tell which platform a newsletter uses
Open the raw message. In Gmail that is the three-dot menu, then Show original; in Apple Mail it is View, then Message, then All Headers. Search the raw text for Return-Path first, then List-Unsubscribe. One of them almost always carries a domain that belongs to the sending platform rather than the brand, something like sendgrid.net or klaviyomail.com. Match that domain against the table in the next section and you are done.
Skip X-Mailer, even though half the guides online tell you to start there. On modern sends it is usually blank, and when it is present it often just names the brand's internal tool. The two headers that survive real sending are Return-Path and List-Unsubscribe, so that is where I start every time. The rest of this piece is the lookup table behind those two fields, plus what to do when a sender is careful enough to hide them.
The email platform signature lookup table
These are the platforms our detector keys on and the exact strings it matches. Every row is a real signal from live mail, not a guess. Search the raw source for the header name or the domain in the right column, and the first one that hits is your answer.
| Platform | What gives it away |
|---|---|
| Mailchimp | X-MC-User header, or mailchimp.com in Return-Path or List-Unsubscribe |
| SendGrid | X-SG-EID header, or sendgrid.net in Return-Path or Message-ID |
| Mailgun | X-Mailgun header, or mailgun.org in the Message-ID |
| Amazon SES | amazonses.com in Return-Path or Message-ID (rarely a custom header) |
| Constant Contact | constantcontact.com in Return-Path or List-Unsubscribe |
| Campaign Monitor | X-CM-CTID header, or createsend.com anywhere |
| ActiveCampaign | activecampaign.com in Return-Path (DKIM often signs activehosted.com) |
| Klaviyo | X-Klaviyo header, or klaviyo.com / klaviyomail.com |
| Braze | X-Braze header, or braze.com (older sends still show appboy.com) |
| Customer.io | customer.io in Return-Path or Message-ID |
| HubSpot | hubspotemail.net in Return-Path (X-HubSpot when present) |
| Marketo | mktomail.com in Return-Path |
| Pardot | pardot.com in Return-Path or Message-ID |
| Brevo (Sendinblue) | sendinblue.com or brevo.com, sometimes list-unsubscribe.me in List-Unsubscribe |
| ConvertKit (Kit) | convertkit.com in Return-Path (DKIM signs convertkit-mail.com) |
| dotdigital | a dotdigital string in List-Unsubscribe, usually with nothing else to go on |
Two rows are worth a warning. Braze still shows appboy.com on older automations, its name before the 2017 rebrand, so do not let that domain confuse you. And Brevo sometimes routes its unsubscribe through list-unsubscribe.me, which looks like a generic third party but is a dependable Brevo tell. For the wider signal set, including DKIM selectors and click-tracking wrappers, see seven signals every email leaks about its ESP.
The three headers that reveal the platform
Three headers carry almost all the weight. Return-Path is the bounce address, where mailbox providers send failed deliveries, so it points at whoever runs the sending. Message-ID is stamped by the sending server and frequently ends in the platform domain. List-Unsubscribe holds the endpoint that processes one-click unsubscribes, which nearly always lives on the platform rather than the brand. Read those three and you have covered the ground that matters.
Our detector splits every result into high or medium confidence, and the split is worth understanding. High confidence means it found a proprietary header like X-MC-User, or the platform domain sitting in the Return-Path or Message-ID. Medium means the only tell left was the List-Unsubscribe domain. That case comes up more than you would expect, because Gmail and Yahoo now require a working one-click unsubscribe (RFC 8058) on bulk mail, so List-Unsubscribe is the one header a careful sender cannot strip. When a send has scrubbed everything else, that field is what saves the identification.
Skip the manual matching
Paste the raw headers into the free Newsletrix ESP Detector. It cross-references these domains, X-headers, and DKIM selectors across 30+ platforms, then tells you which signal it matched and how confident the match is.
Try the ESP Detector →Why X-Mailer is the worst field to trust
If I had to name the single most overrated signal in ESP detection, it is X-Mailer. It reads like the obvious answer, a header that all but announces the mailer, so every beginner guide points at it first. The problem is that it is optional. Most serious sending platforms either leave it out or fill it with something that tells you nothing, and a brand running its own send script can write whatever it likes there. A field the sender controls is a field you cannot lean on.
Our detector still checks X-Mailer for a few platforms like Mailchimp and Mailgun, because when it is populated it is a quick confirmation. But it never rests on X-Mailer alone, and neither should you. The pattern across a lot of parsed mail is plain: the fields a platform owns end to end, its bounce domain and its unsubscribe endpoint, beat the field a sender can edit or drop. Trust the plumbing, not the label on it.
Creator platforms hide in the footer, not the headers
Here is where the header method runs out. Substack, beehiiv, and Ghost do not stamp an obvious platform domain into the Return-Path the way Mailchimp or SendGrid do, so our header detector often comes back inconclusive on them. That is not a flaw in the approach, it is how those platforms are built. When the headers go quiet, you switch tactics and read the body.
beehiiv sends carry a "Powered by beehiiv" badge in the footer unless the sender pays to remove it. Substack newsletters pull images and assets from substackcdn.com, which shows up in the raw HTML even when the footer is clean. Ghost publications usually expose a members portal link on the sender's own domain, and MailerLite leaves a footer link back to its site on free accounts. If you track these creator tools specifically, our beehiiv analytics comparison covers what each one exposes and what it keeps quiet.
When one newsletter looks like two platforms
A brand is not one platform. It is common to find a company running campaigns on HubSpot while its receipts and password resets go out through Amazon SES or SendGrid. So the promotional email and the transactional email from the same domain carry different signatures, and both are correct. When you audit a competitor, decide which stream you care about and sample an email from that stream, not whatever happened to land in your inbox that morning.
The other reason a sender looks ambiguous is custom domain authentication. A mature sender points DKIM and Return-Path at its own subdomain, say bounce.brand.com, which hides the platform from those two fields. When that happens, List-Unsubscribe is usually still leaking the real ESP, and the DKIM selector pattern often does too. For why senders bother authenticating this way, SPF, DKIM and DMARC explained walks through the setup, and the most popular ESPs for newsletters shows which platforms you will run into most. Start with Return-Path and List-Unsubscribe, keep the table handy, and you will name most senders before your coffee is cold. The ones that fight you are usually the creator platforms, and those you catch in the footer.
Frequently asked questions
How can I tell what email platform a newsletter uses?
Open the raw message source and search for two headers, List-Unsubscribe and Return-Path. Match the domain you find against a known list: mailchimp.com means Mailchimp, sendgrid.net means SendGrid, klaviyomail.com means Klaviyo, and so on. For platforms that authenticate with a custom domain, fall back to the DKIM selector or the footer badge. The free Newsletrix ESP Detector does this matching for you.
What does the List-Unsubscribe header reveal?
List-Unsubscribe holds the address or URL a mailbox provider uses to process one-click unsubscribes, and that endpoint usually sits on the sending platform's own domain. Seeing createsend.com there points to Campaign Monitor, list-unsubscribe.me points to Brevo, and hubspotemail.net points to HubSpot. It is often the last tell left after a sender hides everything else behind a custom domain.
Can I identify an ESP from Gmail alone?
Yes. In Gmail, open the message, click the three-dot menu, and choose Show original to see the full raw headers. Search that view for Return-Path and List-Unsubscribe and match the domain against a known platform. You do not need an extension or a paid tool for the common platforms.
Do beehiiv and Substack show up in email headers?
Not the way Mailchimp or SendGrid do. Substack, beehiiv, and Ghost route mail through infrastructure that does not stamp an obvious platform domain into the Return-Path, so the header method often comes back inconclusive. You identify them from the footer instead, for example a 'Powered by beehiiv' badge or Substack CDN links like substackcdn.com in the raw HTML.
Why does one sender look like two different platforms?
Because marketing and transactional mail often run on different systems. A company might send campaigns through HubSpot but route receipts through Amazon SES or SendGrid, so two emails from the same brand carry different signatures. A custom authenticated Return-Path can also mask the marketing platform while the List-Unsubscribe domain still gives it away.