~/ cat headers.txt | analyze
Email Header Analyzer
Paste the raw headers of any email to trace its delivery path hop by hop, read the SPF / DKIM / DMARC verdicts, and spot spoofing or misconfiguration signs. Everything is parsed locally in your browser — the headers never leave your machine.
// message summary
// authentication results
// dkim signatures found
// checks & observations
// delivery path (origin → inbox)
> ALL HEADERS 0 ▸
How to get the raw headers
- Gmail: open the message →
⋮(More) → Show original → copy everything in the top block (or "Copy to clipboard"). - Outlook / Microsoft 365: open the message →
…→ View → View message source. - Apple Mail: View → Message → All Headers (⇧⌘H).
- Thunderbird: More → View Source (Ctrl+U).
Reading the delivery path
Every mail server that handles a message prepends a Received: header, so the
chain reads bottom-up: the last Received is the origin, the
first is your mailbox provider. This tool reverses it for you and computes
the delay introduced by each hop — a large delay usually points at greylisting, a busy
relay or a misconfigured queue. Note that Received headers are written by the
servers themselves: hops added by an attacker's infrastructure before the first honest
server can be forged, so treat the earliest hops with skepticism.
What the authentication results mean
SPF verifies that the sending IP is authorized by the envelope-from
domain; DKIM verifies a cryptographic signature over the message;
DMARC checks that at least one of the two passes in alignment
with the visible From: domain and applies the domain owner's policy. A
legitimate message from a correctly configured domain should show all three as
pass. To test your own domain end-to-end, use our
email deliverability checker.