eToolbox
EN
English Svenska Dansk Norsk Suomi

Email Header Analyzer

Paste the full headers of an email to see how it was routed and whether it passed SPF, DKIM and DMARC checks.

About the Email Header Analyzer tool

Every email carries hidden headers that record its journey. This tool parses the raw headers you paste and lays them out so you can read them. It orders the Received lines to trace each hop from the sending server to your inbox, highlights the originating IP, and surfaces the authentication results - SPF (was the sending server allowed to send for that domain), DKIM (is the cryptographic signature valid) and DMARC (does the message align with the domain's policy) - plus key fields like From, Return-Path, Message-ID and Date.

How to use it

  • In your mail client, open the message and choose "Show original", "View source" or "View headers".
  • Copy the full header block and paste it into the box.
  • Submit to see the routing hops and SPF/DKIM/DMARC results.

It is a fast way to investigate a suspected phishing or spoofed email, or to find out why your own messages land in spam. Note that header fields above the trusted boundary can be forged, so read them critically rather than as proof of identity. Your headers are sent to our server only to parse them and produce the report, and are processed transiently - they are never stored.

Frequently asked questions

How do I get the full email headers to paste?

Open the message and look for an option like Show original (Gmail), View message source (Outlook) or View Source (Apple Mail). Copy the entire block, including all the Received lines at the top.

What do SPF, DKIM and DMARC tell me?

SPF checks whether the sending server is authorised for the From domain, DKIM verifies a cryptographic signature on the message, and DMARC ties those results to the domain's published policy. Passes on all three are a strong sign the mail is genuine.

How do I read the Received headers to trace an email?

Received lines are added top-down as the message is delivered, so the bottom one is usually the first server and the top is the last. Following them upward reveals the path and the originating IP.

Can email headers be faked?

Fields like From and Reply-To are easily spoofed, and Received lines added before your trusted servers can be forged too. That is why SPF, DKIM and DMARC results, added by your own provider, are the parts to trust most.

Are my pasted headers stored?

No. The headers are sent to our server only to parse them and build the report, processed transiently, and never saved.

Related tools

What Is My IP Instantly see the public IP address your connection is using right now, plus where it appears to be. IP Lookup Enter an IP address to see where it is and which network it belongs to, or leave it blank to look up your own. IP WHOIS Lookup Enter an IP address to fetch its WHOIS registration details from the regional internet registry. DNS Lookup Enter a domain name and pick a record type (or All) to see its live DNS records. Reverse DNS Lookup Enter an IP address to find the hostname its owner has set in reverse DNS. Domain WHOIS Lookup Enter a domain name to look up who registered it, when it was created, and when it expires.