← Back to MailParse

MIME Parsing for Platform Engineers | MailParse

MIME Parsing guide for Platform Engineers. Decoding MIME-encoded email messages into structured parts, attachments, and headers tailored for Engineers building internal platforms and developer tools with email capabilities.

Why MIME Parsing Matters for Platform Engineers

For platform engineers, email is not just user notifications. It is a programmable interface that connects customers, vendors, and internal systems. Support workflows, ticketing, document ingestion, approvals, and automated actions often start as inbound email. The hard part is reliable decoding of mime-encoded content into structured, trustworthy data your services can consume at scale. MIME parsing turns a raw wire format into normalized parts, headers, and attachments, which makes email a first-class input to your platform. Teams that treat MIME parsing as a core capability build faster, reduce flaky edge cases, and improve observability across email-driven features. A managed solution like MailParse can accelerate this work by delivering consistent JSON and webhooks, but the same engineering principles apply whether you run your own parser or use a service.

MIME Parsing Fundamentals for Platform Engineers

MIME structure in practice

MIME is a tree. A typical message has a top-level content type of multipart/mixed, which can contain multipart/alternative for text and HTML, plus additional parts for attachments and inline assets. There can be nested multiparts for signed content, forwarding chains, calendar invites, or TNEF encapsulation from older clients. The goal of mime parsing is to traverse this tree, decode content-transfer-encoding, apply charsets, and produce structured parts with normalized metadata.

  • multipart/alternative - sibling parts that represent the same content in different formats such as text/plain and text/html.
  • multipart/related - HTML body plus inline images referenced by Content-ID.
  • multipart/mixed - the wrapper that often includes body plus file attachments.
  • message/rfc822 - an embedded email, common in forwarding or bounce messages.
  • application/ms-tnef or winmail.dat - legacy bundle that requires special handling.

Transfer encodings and charsets

Raw body content is often encoded with base64 or quoted-printable. Headers can be folded and encoded with RFC 2047. MIME parsing must decode transfer encodings, unfold headers, and convert charsets to UTF-8. Many bugs come from assuming ASCII or UTF-8 without checking the declared parameters or sniffing the actual bytes where necessary. Be explicit about charset detection and fallback rules.

Attachments and inline assets

An attachment is any part that is not the selected primary body. Inline images are typically marked with Content-ID and referenced in HTML as cid:image-id. Your parser should map inline assets to deterministic URLs or data handles so rendering systems can resolve them. For attachments, capture filename, MIME type, size, and content disposition. Normalize filenames to avoid path traversal or Unicode confusables.

Practical Implementation

Recommended architecture for inbound email

Use a push or pull boundary where your SMTP or inbound provider delivers raw MIME to your system. From that boundary:

  • Store the raw message in object storage with an immutable key and content hash.
  • Publish a queue message with the storage key for asynchronous processing.
  • Parse the MIME into a structured JSON envelope with bodies, headers, attachments, and trace metadata such as provider IDs, envelope addresses, and DKIM/SPF results.
  • Send the JSON to downstream services via webhook, event bus, or REST endpoint.

Decouple storage from parsing to support reprocessing, audits, and new extraction logic. A service like MailParse can deliver already-parsed JSON via webhook and also allow REST polling when you need pull semantics.

Node.js parsing pattern

Node.js offers high-quality libraries that handle the tricky parts of MIME parsing. This pattern streams from storage or inbound provider, decodes the MIME tree, and creates a normalized JSON document.

import { simpleParser } from "mailparser";
// Alternative: import { PostalMime } from "postal-mime";
import { createReadStream } from "node:fs";

async function parseRawEmail(filePath) {
  const stream = createReadStream(filePath);
  const parsed = await simpleParser(stream, { skipHtmlToText: true });

  // Select preferred body
  const textBody = parsed.text || "";
  const htmlBody = parsed.html || "";

  // Map attachments
  const attachments = (parsed.attachments || []).map(a => ({
    filename: a.filename || "unnamed",
    mimeType: a.contentType,
    size: a.size,
    contentId: a.cid || null,
    contentDisposition: a.contentDisposition || "attachment",
    contentRef: `s3://bucket/${a.checksum}` // persist content separately
  }));

  return {
    messageId: parsed.messageId || null,
    subject: parsed.subject || "",
    from: parsed.from?.text || "",
    to: parsed.to?.text || "",
    cc: parsed.cc?.text || "",
    date: parsed.date?.toISOString() || null,
    headers: Object.fromEntries(parsed.headerLines.map(h => [h.key, String(h.line)])),
    body: {
      text: textBody,
      html: htmlBody
    },
    attachments
  };
}

Be careful with memory usage. Stream attachments to storage rather than buffering in memory. If you expect large files, prefer libraries or modes that expose streaming APIs.

Python parsing pattern

Python's standard library can parse MIME with robust policy support. Combine it with streaming to avoid large in-memory buffers.

import email
from email import policy
from email.parser import BytesParser

def parse_raw_email_bytes(raw_bytes: bytes):
  msg = BytesParser(policy=policy.default).parsebytes(raw_bytes)

  def walk_parts(m):
    for part in m.iter_parts():
      if part.is_multipart():
        yield from walk_parts(part)
      else:
        yield part

  text_body = None
  html_body = None
  attachments = []

  for part in walk_parts(msg):
    ctype = part.get_content_type()
    disp = part.get_content_disposition() or "inline"
    payload = part.get_payload(decode=True) or b""

    if ctype == "text/plain" and text_body is None:
      text_body = payload.decode(part.get_content_charset() or "utf-8", errors="replace")
    elif ctype == "text/html" and html_body is None:
      html_body = payload.decode(part.get_content_charset() or "utf-8", errors="replace")
    else:
      filename = part.get_filename() or "unnamed"
      attachments.append({
        "filename": filename,
        "mimeType": ctype,
        "size": len(payload),
        "contentId": part.get("Content-ID"),
        "contentDisposition": disp
      })
      # Stream payload to storage here

  headers = {k: v for (k, v) in msg.items()}

  return {
    "messageId": msg.get("Message-ID"),
    "subject": msg.get("Subject", ""),
    "from": msg.get("From", ""),
    "to": msg.get("To", ""),
    "cc": msg.get("Cc"),
    "date": msg.get("Date"),
    "headers": headers,
    "body": {"text": text_body or "", "html": html_body or ""},
    "attachments": attachments
  }

Go parsing pattern

Go's net/mail reads headers and envelope safely. Pair it with github.com/jhillyerd/enmime or github.com/emersion/go-message for full MIME tree traversal.

package parser

import (
  "bytes"
  "io"
  "os"
  "time"

  "github.com/jhillyerd/enmime"
)

type Parsed struct {
  MessageID  string
  Subject    string
  From       string
  To         string
  Date       time.Time
  BodyText   string
  BodyHTML   string
  Attachments []Attachment
}

type Attachment struct {
  Filename string
  MIMEType string
  Size     int
  ContentID string
  Disposition string
}

func ParseFile(path string) (*Parsed, error) {
  f, err := os.Open(path)
  if err != nil {
    return nil, err
  }
  defer f.Close()

  env, err := enmime.ReadEnvelope(f)
  if err != nil {
    return nil, err
  }

  p := &Parsed{
    MessageID: env.GetHeader("Message-ID"),
    Subject:   env.GetHeader("Subject"),
    From:      env.GetHeader("From"),
    To:        env.GetHeader("To"),
    BodyText:  env.Text,
    BodyHTML:  env.HTML,
  }

  for _, a := range env.Attachments {
    // Stream to storage rather than reading fully for large files
    var buf bytes.Buffer
    io.Copy(&buf, a.Content)
    p.Attachments = append(p.Attachments, Attachment{
      Filename:    a.FileName,
      MIMEType:    a.ContentType,
      Size:        buf.Len(),
      ContentID:   a.ContentID,
      Disposition: a.Disposition,
    })
  }

  return p, nil
}

Webhook and polling patterns

  • Webhook-first: Receive parsed email JSON via POST. Respond with 2xx only when you have durably persisted the event. Use retries with exponential backoff and signatures for verification.
  • Polling: Fetch messages via REST when your systems face strict egress control or scheduled batch windows. Track high-water marks with time-based or ID-based cursors.
  • Idempotency: Use Message-ID plus provider identifiers to deduplicate. Persist a short-lived idempotency key in a set or relational unique index.

Managed parsing providers like MailParse can send webhook notifications the moment new messages arrive, which fits well with event-driven internal platforms.

Tools and Libraries

Open source libraries by ecosystem

  • Node.js - mailparser, postal-mime, mailsplit.
  • Python - standard library email, mail-parser, flanker.
  • Go - jhillyerd/enmime, emersion/go-message, go-imap for mailbox access.
  • Java - Jakarta Mail for parsing and IMAP, Apache James components for mail processing.
  • Ruby - mail gem, mikel/mail.
  • PHP - php-mime-mail-parser, Symfony Mailer components.

Inbound delivery providers

Use SES, Mailgun Routes, SendGrid Inbound Parse, or Postmark Inbound to receive SMTP traffic and deliver raw MIME to your parser. Map their envelope fields to your schema. Save the original raw content for audits and reprocessing.

Managed parsing services

If you prefer to skip building and maintaining parsing infrastructure, a managed service like MailParse provides instant addresses, MIME decoding to structured JSON, and delivery via webhook or REST. This can shorten your time to production while keeping control over routing and data storage.

Common Mistakes Platform Engineers Make with MIME Parsing

  • Dropping nested multiparts - Many solutions only pick the first text/html or text/plain and ignore multipart/related or message/rfc822. Always walk the MIME tree.
  • Trusting headers blindly - Use envelope fields from your provider for the real recipient. Verify DKIM and SPF before trusting From or Reply-To for routing.
  • Charset mishandling - Assume UTF-8 only after checking Content-Type parameters. Decode RFC 2047 encoded words in headers.
  • Buffering large attachments - Stream files to object storage. Set limits that protect worker memory and reject over-size messages gracefully.
  • Weak filename normalization - Sanitize filenames, strip control characters, and detect double extensions that hide executables.
  • Ignoring TNEF and calendar invites - Add handlers for winmail.dat and text/calendar to extract meaningful content for your domain.
  • No idempotency - Deduplicate on Message-ID plus provider event ID. Incoming retries happen and duplicates are common with forwarding chains.
  • Poor observability - Emit structured logs for parse decisions, attachment counts, and decoding outcomes. Add metrics for parse errors by content type.

Advanced Patterns for Production-grade Email Processing

Schema design for parsed email

Define a stable schema that downstream services can trust. Recommended fields: message_id, thread_id, subject, from, to, cc, bcc, date, envelope_to, dkim_result, spf_result, list_id, references, in_reply_to, bodies.text, bodies.html, attachments[]. Include storage references for raw MIME and binary parts. Version your schema to evolve safely.

Security controls

  • Attachment scanning - Integrate AV scanning and content inspection. Quarantine unknown or high-risk types.
  • Sniffing and policy - Do not rely solely on declared Content-Type. Sniff bytes and enforce a allowlist of media types.
  • HTML sanitization - Sanitize HTML body for downstream rendering. Neutralize scripts, inline event handlers, and external URLs if users will view content inside your app.
  • Secrets redaction - Remove credentials, tokens, or signatures from bodies and headers before logging.

Scalability and resilience

  • Work queues - Use a queue that supports visibility timeouts and DLQ. Keep parsing idempotent to allow safe retries.
  • Backpressure - Rate limit at the boundary. Apply per-tenant or per-domain quotas to avoid noisy neighbor effects.
  • Shard by tenant - Partition storage keys and message processing to keep latency predictable as you scale.
  • Out-of-order handling - Email is not ordered. Design threaders and dedup logic that tolerate late arrivals.

Threading and routing

Thread detection benefits from In-Reply-To and References headers, but these are not reliable alone. Build a heuristic combining Message-ID ancestry, subject normalization, and mailbox routing rules. For routing, map +address and subdomain addressing to tenants and pipelines. Maintain a routing table that selects downstream destinations based on domain, alias, and DKIM alignment.

Testing and validation

  • Golden fixtures - Keep a corpus of real-world messages that cover charsets, encodings, calendar invites, TNEF, large attachments, and nested multiparts.
  • Property tests - Fuzz headers, line endings, and malformed structures to ensure your parser fails safely.
  • Replay framework - Reprocess raw MIME from storage with new parser versions. Compare output JSON to detect schema regressions.

Operational excellence

  • Metrics - Publish counts for messages processed, parse failures, attachment sizes, and decode durations. Track top sender domains and content types.
  • Tracing - Propagate a correlation ID from inbound event to downstream services. Include storage keys in logs for quick retrieval.
  • Runbooks - Document steps to replay messages, quarantine content, and roll back parsing changes.

If you want to explore end-to-end ideas for email-driven features, review these resources: Top Inbound Email Processing Ideas for SaaS Platforms and the Email Infrastructure Checklist for SaaS Platforms. They complement MIME parsing with deliverability, routing, and service design practices.

Conclusion

Reliable mime-parsing turns a noisy, variable transport into clean signals your platform can trust. Platform-engineers that treat decoding, normalization, and security as a shared capability ship faster and avoid brittle, one-off integrations. Whether you assemble components yourself or adopt a managed service like MailParse, focus on streaming-first processing, explicit charset handling, safe attachment workflows, and strong idempotency. Invest in fixtures, replay, and observability. The result is a scalable email interface that empowers your engineering teams and product builders.

FAQ

How is MIME parsing different from handling SMTP?

SMTP is the transport that delivers the message. MIME parsing is the application-layer decoding that turns the raw message into structured parts, headers, and attachments. You can receive via SMTP or an inbound provider, but you still need to parse MIME to extract bodies, attachments, and metadata for downstream services.

What is the best way to choose between text and HTML bodies?

Prefer HTML if your downstream use is rendering in a browser and you sanitize it. Prefer text if the content will be used by NLP or rules engines. Many platforms store both and let consumers decide. Ensure you normalize whitespace, collapse line endings, and preserve the original for compliance.

How do I handle large attachments safely?

Stream attachment content directly to object storage. Set per-tenant and global size limits. Generate short-lived URLs or references for consumers instead of embedding binary bytes in your JSON. Run AV scanning asynchronously and mark the attachment's security status in metadata.

How should I verify sender identity for routing and authorization?

Do not trust From headers alone. Check DKIM alignment with the From domain, verify SPF or provider envelope sender, and map addresses to tenants using your routing rules. If verification fails, route the message to quarantine and notify operators.

Can I replace my custom parser with a managed service?

Yes. A service like MailParse can provide instant addresses, webhooks, REST polling, and stable JSON output so your teams focus on business logic instead of RFC minutiae. If you need full control or on-prem constraints, you can run open source libraries and adopt the same architectural patterns.

For additional operational guidance, see the Email Deliverability Checklist for SaaS Platforms to ensure messages reach your intake addresses consistently.

Related Articles

Email Deliverability Checklist for SaaS Platforms

This checklist helps SaaS teams ensure reliable email receipt by aligning domain strategy, DNS, SMTP security, MIME parsing, and webhook delivery with produc...

Email Infrastructure Checklist for SaaS Platforms

Use this checklist to design and operate a scalable email infrastructure for SaaS platforms that rely on inbound messages to drive product workflows. It cove...

Email Infrastructure Checklist for Customer Support Teams

This checklist helps customer support leaders build reliable email infrastructure that scales with ticket volume while protecting SLAs. It focuses on MX reco...

Ready to get started?

Start parsing inbound emails with MailParse today.

Get Started Free