~/ cat headers.txt | analyze

Email Header Analyzer

Paste the raw headers of any email to trace its delivery path hop by hop, read the SPF / DKIM / DMARC verdicts, and spot spoofing or misconfiguration signs. Everything is parsed locally in your browser — the headers never leave your machine.

// paste raw headers 100% client-side · nothing uploaded

How to get the raw headers

  • Gmail: open the message → (More) → Show original → copy everything in the top block (or "Copy to clipboard").
  • Outlook / Microsoft 365: open the message → ViewView message source.
  • Apple Mail: ViewMessageAll Headers (⇧⌘H).
  • Thunderbird: MoreView Source (Ctrl+U).

Reading the delivery path

Every mail server that handles a message prepends a Received: header, so the chain reads bottom-up: the last Received is the origin, the first is your mailbox provider. This tool reverses it for you and computes the delay introduced by each hop — a large delay usually points at greylisting, a busy relay or a misconfigured queue. Note that Received headers are written by the servers themselves: hops added by an attacker's infrastructure before the first honest server can be forged, so treat the earliest hops with skepticism.

What the authentication results mean

SPF verifies that the sending IP is authorized by the envelope-from domain; DKIM verifies a cryptographic signature over the message; DMARC checks that at least one of the two passes in alignment with the visible From: domain and applies the domain owner's policy. A legitimate message from a correctly configured domain should show all three as pass. To test your own domain end-to-end, use our email deliverability checker.

[info]
Respecting your privacy: We don't track your activity, use advertising networks, or set marketing cookies. Just fast, clean, and free network tools. enjoy!