Email Header Analyzer
Trace the delivery path, read SPF, DKIM, and DMARC verdicts, and spot spoofing signs in raw email headers. Parsed entirely in your browser.
About the Email Header Analyzer
Every email carries a hidden travel log. The headers record which servers handled the message, when each handoff happened, and whether the sending domain passed authentication. This analyzer parses that log in your browser so you can trace where a message really came from, spot delivery delays, and judge whether a suspicious email is what it claims to be.
To get the raw headers, open the message and look for the source view. In Gmail that is the three dot menu and then Show original. In Outlook it is View message source, or File, Properties, Internet headers in the desktop app. Copy everything and paste it here; a full raw message is fine, the body is ignored.
Read the Received chain from the bottom up. Each server prepends its own Received header, so the last one is the origin and the first is your inbox. The tool reorders them chronologically and computes the delay at each hop, which is usually where slow delivery is explained.
The authentication section shows SPF, DKIM, and DMARC verdicts. SPF checks whether the sending server is authorized for the envelope domain, DKIM verifies a cryptographic signature over the message, and DMARC ties both to the visible From address. Consistent passes are essential for deliverability. If your own domain is failing, the SPF Generator and DMARC Generator help you publish correct records, and the MX Lookup shows where your mail is routed.
Reach developers and designers who use these tools every day. Privacy-first, no trackers.
Frequently asked questions
How do I get the raw headers of an email?
In Gmail, open the message, click the three dot menu, and choose Show original. In Outlook on the web, use View message source; in the desktop app, open File, then Properties, and copy the Internet headers. Apple Mail shows them under View, Message, All Headers. Paste the whole block into the tool.
Does this upload my email anywhere?
No. Parsing happens entirely in your browser with no network requests. The headers never leave your machine, so it is safe to analyze real messages, including sensitive ones.
What does a DKIM fail mean?
It means the cryptographic signature did not verify, so the message was altered in transit or was never properly signed. Forwarding and mailing lists that rewrite messages are common innocent causes. A DKIM fail combined with an SPF fail and a DMARC fail is a strong signal the message is not from the claimed sender.
Why are there multiple Received headers?
Each mail server that handles the message adds its own Received header to the top, so a message that passes through four servers arrives with four of them. Reading them bottom to top reconstructs the full route. The tool does this reordering for you and shows the time spent at each hop.
Can email headers be forged?
Partly. A sender can fabricate any header below their own server, including early Received lines, From, and Date. What they cannot forge are the Received headers added by servers after theirs, or valid DKIM signatures and authentication results recorded by your receiving server. Trust the verdicts your own provider stamped on the message most.