Free Email Header Analyzer

Paste the raw headers from any email and this tool traces the message’s path from sender to inbox. It maps every server hop with timestamps and delays, checks SPF, DKIM, and DMARC authentication results, and flags potential security issues – all processed entirely in your browser.

Privacy First: Your email headers are parsed entirely in your browser - no email content leaves your device. An anonymous usage counter (hop count and device type) is recorded for analytics.

📩 Message Summary

🔐 Email Authentication

🛣️ Routing Path

📄 All Headers

HeaderValue

How to Find Email Headers

  1. Open the email in Gmail.
  2. Click the three dots (More) in the top-right of the message.
  3. Select "Show original".
  4. Copy everything in the box that appears, or click "Copy to clipboard".
  5. Paste it into the analyzer above.
  1. Open the email in Outlook on the web.
  2. Click the three dots (More actions) in the top-right.
  3. Select "View" > "View message source".
  4. Copy the entire content and paste it above.
  1. Open the email, then click File > Properties.
  2. In the Properties dialog, find "Internet headers" at the bottom.
  3. Select all text in the box (Ctrl+A), copy (Ctrl+C), and paste above.
  1. Open the email in Apple Mail.
  2. Go to View > Message > All Headers (or press ⌘⇧H).
  3. The headers will appear above the message body. Select, copy, and paste above.
  1. Open the email in Yahoo Mail.
  2. Click the three dots (More) next to the reply button.
  3. Select "View raw message".
  4. Copy the entire content and paste it above.
  1. Open the email in Thunderbird.
  2. Press Ctrl+U (or View > Message Source).
  3. Copy the header portion (everything before the blank line separating headers from body).
  4. Paste it above.
Last reviewed: March 22, 2026

How to Use This Tool

  1. Get the raw headers from your email. Every email client has a way to view the full message source:
    • Gmail: Open the email, click the three-dot menu (top right), select “Show original.”
    • Outlook (web): Open the email, click the three-dot menu, select “View” then “View message source.”
    • Apple Mail: Open the email, go to View menu, select “Message” then “All Headers.”
    • Thunderbird: Open the email, go to View menu, select “Message Source” (or press Ctrl+U).
  2. Paste the headers into the text area. You can paste just the header section or the entire raw message – the tool extracts what it needs.
  3. Click “Analyze” to parse the headers. Results appear immediately since all processing happens in your browser.

Understanding Your Results

The analyzer breaks down the email headers into several sections:

Message Route (Hops)

Every email passes through one or more mail servers between the sender and your inbox. Each server adds a “Received” header with its name, IP address, and a timestamp. The tool reconstructs this path and calculates the delay at each hop. A typical email has 3-6 hops. Unusually long routes or large delays at a specific hop can indicate relay issues, spam filtering bottlenecks, or suspicious routing through unexpected servers.

Authentication Results

Modern email security relies on three complementary protocols:

Protocol What It Checks What a Failure Means
SPF (Sender Policy Framework) Whether the sending server’s IP address is authorized by the domain’s DNS records to send mail on its behalf. The email was sent from a server not listed in the domain’s SPF record. Could indicate spoofing or a misconfigured mail server.
DKIM (DomainKeys Identified Mail) Whether the email’s cryptographic signature matches the public key published in the domain’s DNS. Verifies the message wasn’t altered in transit. The email was modified after it was sent, or the signature doesn’t match the domain’s published key. Could indicate tampering or forwarding that broke the signature.
DMARC (Domain-based Message Authentication) Whether the email passes either SPF or DKIM alignment – meaning the authenticated domain matches the “From” address domain. Neither SPF nor DKIM aligned with the “From” domain. The domain’s DMARC policy determines what happens next: none (deliver anyway), quarantine (spam folder), or reject (bounce).

Message Details

The tool also extracts the From address, To address, Subject line, Date, and Message-ID from the headers. The Message-ID is a unique identifier assigned by the originating mail server – useful for tracking a specific email through server logs.

Warnings

The analyzer flags potential issues including authentication failures (SPF/DKIM/DMARC), unusually long delays between hops, and suspicious server names or IP addresses in the routing chain.

Why This Matters

Email headers are the forensic trail of every message. When a legitimate email lands in spam, the headers reveal which authentication check failed. When you receive a suspicious message claiming to be from your bank, the headers show where it actually came from. When emails are delayed by hours, the hop-by-hop timestamps pinpoint which server caused the holdup.

For anyone managing email for a domain – whether you’re running a business, managing a newsletter, or troubleshooting delivery problems – understanding authentication results is critical. An email with failing SPF and no DKIM signature is much more likely to be filtered as spam, regardless of its content. Fixing these issues in your DNS records directly improves inbox delivery rates.

Frequently Asked Questions

Is it safe to paste email headers into this tool?

The analysis runs entirely in your browser using JavaScript – the raw headers are not sent to any server. Headers do contain server names, IP addresses, and the sender/recipient email addresses, but they don’t contain the message body, attachments, or passwords. If you’re analyzing headers from a sensitive email, the browser-only processing means the data never leaves your device.

What does “SPF softfail” mean?

An SPF softfail (~all) means the sending server is not explicitly authorized by the domain’s SPF record, but the domain owner hasn’t asked receivers to reject such emails outright. It’s a “probably not legitimate, but don’t block it” signal. Compare this to a hard fail (-all), which says “reject anything from unauthorized servers.” Many domains use softfail during SPF rollout to avoid accidentally blocking legitimate mail while they’re still identifying all their sending sources.

Why does my email have so many hops?

Each hop represents a server that processed the email. A typical path includes: the sender’s mail client to their outbound server (1 hop), any intermediary relay or security gateway (1-2 hops), and the recipient’s inbound server to their mailbox (1-2 hops). Additional hops appear when emails pass through spam filters (like Barracuda or Mimecast), mailing list processors, email forwarding services, or corporate email gateways. More hops aren’t inherently bad, but each one adds latency and is a potential point of failure.

How this tool works

This tool runs entirely in your browser and our server. We detect your IP address server-side, then perform DNS and WebRTC checks client-side. No account is needed and no personal data is stored beyond anonymous aggregate statistics.

Results are based on real-time checks against your current connection. For the most accurate results, ensure your VPN is fully connected before running the test.

Rights

California's CCPA gives residents the right to know what data companies collect about them and to opt out of its sale.

Source: California Consumer Privacy Act, 2020

Save image:

🛡️ More Free Security Tools

Ping Test How fast is a server responding? 🔎 DNS Lookup Find where a domain's email goes and who hosts it 🔒 SSL Checker Is a website's SSL certificate valid and secure? 🔍 Browser Checker How unique is your browser fingerprint? 🖥️ Port Scanner Which ports are open on a server?