As Foolestroupe notes, the header contains information about all the addresses for the message: who sent it, who's received it, who's answered it, and who's forwarded it. Unfortunately any or all of that information can be faked.
The way in which the header information is encapsulated into the email message is also difficult for most people to read and interpret, since it's set up to be used by the email routing system to get the message from senders to recipients; and without some real knowledge of the format and use (by machines) you may think you're "reading" it, but may be making guesses that aren't correct or aren't meaningful.
You may be able to find some clues to help you decide whether a particular message is legitimate; but you can't rely on what you can see there to do much of a "personal investigation."
Attempting to "investigate" suspicious email personally is NOT RECOMMENDED by most in the antispam/antimalware business, since it is evidence of "an excess of curiosity" and "curiosity" is the currently favored vulnerability for malware distributors. If you can be persuaded to "click" something, your computer can only see it as your instruction to perform whatever action is embedded in the click. The click does not need to embed the action that the 1 label says it's going to do.
1 If you see a blank space to the left of the "1" above, select/highlight to read the whole statement. (trivially obfuscated, but it could have contained a link. Even clicking a blank space in a cleverly constructed phishing email could give permission to install malware.)
If a message truly concerns you, you can send it to the "antispam" address that your ISP gives you, and/or to one of the industry antispam/antimalware organizations. Unless one of these instructs you otherwise, you should NOT FORWARD the message. You should address a new email to each intended recipient and ATTACH the suspicious email.
Some email services do survey "bulk mail" folders to keep track of what traffic is most common, so moving anything suspicious immediately to bulk mail - without opening it - may contribute something to the health and well-being of the internet email system. Unfortunately, ISPs tend to be reluctant to tell you whether or not they do such surveys, so you can't be sure this will be helpful.
Any email that is not from a known sender, and usually any email that is not expected from a known sender, should just be deleted - without opening, inspecting, probing, examining, reading or any other thing your curiosity impels you to do.
Any email that is not from a known sender, and usually any email that is not expected from a known sender, should just be deleted - without opening, inspecting, probing, examining, reading or any other thing your curiosity impels you to do.
Any email that is not from a known sender, and usually any email that is not expected from a known sender, should just be deleted - without opening, inspecting, probing, examining, reading or any other thing your curiosity impels you to do.
GOT IT? ... I didn't think so, but it's your choice.