A commmon file extension for e-mail files (.eml)

.eml file signature | message/rfc822

EML is a de facto file format for Internet e-mail messages, based on the message/rfc822 standard defined and maintained by the IETF. It is used to store and exchange individual e-mail messages in clients such as Microsoft Outlook Express, Mozilla Thunderbird, Eudora, and similar mail programs. The format is generally safe, but messages may contain attachments, links, or scripts, so files from untrusted sources should still be handled cautiously.

Safe

Magic Bytes

Offset 0


              23 21 20 72 6E 65 77 73

Sources: Apache Tika

All Known Signatures

12 signature variants are documented for .eml files across multiple sources.

Hex Signature	Offset	Sources
23 21 20 72 6E 65 77 73	0	Apache Tika
4E 23 21 20 72 6E 65 77 73	0	Apache Tika
46 6F 72 77 61 72 64 20 74 6F	0	Apache Tika
50 69 70 65 20 74 6F	0	Apache Tika
58 2D 4D 61 69 6C 65 72 3A	0	Apache Tika
58 2D 4E 6F 74 65 73 2D 49 74 65 6D 3A	0	Apache Tika
52 65 63 65 69 76 65 64	0	Wikipedia
46 72 6F 6D 20 20 20	0	Gary Kessler
46 72 6F 6D 20 3F 3F 3F	0	Gary Kessler
46 72 6F 6D 3A 20	0	Gary Kessler
52 65 74 75 72 6E 2D 50 61 74 68 3A 20	0	Gary Kessler
58 2D	0	Gary Kessler

Extension

.eml

MIME Type

message/rfc822

Byte Offset

Risk Level

Safe

Validation Code

How to validate .eml files in Python

Python

def is_eml(file_path: str) -> bool:
    """Check if file is a valid EML by magic bytes."""
    signature = bytes([0x23, 0x21, 0x20, 0x72, 0x6E, 0x65, 0x77, 0x73])
    with open(file_path, "rb") as f:
        return f.read(8) == signature

How to validate .eml files in Node.js

Node.js

function isEML(buffer: Buffer): boolean {
  const signature = Buffer.from([0x23, 0x21, 0x20, 0x72, 0x6E, 0x65, 0x77, 0x73]);
  return buffer.subarray(0, 8).equals(signature);
}

How to validate .eml files in Go

func IsEML(data []byte) bool {
    signature := []byte{0x23, 0x21, 0x20, 0x72, 0x6E, 0x65, 0x77, 0x73}
    if len(data) < 8 {
        return false
    }
    return bytes.Equal(data[:8], signature)
}

API Endpoint

GET /api/v1/eml


              curl https://filesignature.org/api/v1/eml

See the full API documentation for all endpoints and parameters.

Related Formats

.mime

Frequently Asked Questions

What is a .eml file?

A .eml file is a A commmon file extension for e-mail files file. EML is a de facto file format for Internet e-mail messages, based on the message/rfc822 standard defined and maintained by the IETF. It is used to store and exchange individual e-mail messages in clients such as Microsoft Outlook Express, Mozilla Thunderbird, Eudora, and similar mail programs. The format is generally safe, but messages may contain attachments, links, or scripts, so files from untrusted sources should still be handled cautiously.

What are the magic bytes for .eml files?

The magic bytes for A commmon file extension for e-mail files files are 23 21 20 72 6E 65 77 73 at byte offset 0. These bytes uniquely identify the file format regardless of the file extension.

How do I validate a .eml file?

To validate a .eml file, read the first bytes of the file and compare them against the known magic bytes (23 21 20 72 6E 65 77 73) at offset 0. This is more reliable than checking the file extension alone, as extensions can be renamed.

What is the MIME type for .eml files?

The primary MIME type for .eml files is message/rfc822.

Is it safe to open .eml files?

A commmon file extension for e-mail files (.eml) files are generally safe to open. They are classified as low risk because they primarily contain data rather than executable code. However, always ensure files come from a trusted source.