Email Header Analyzer

Parse raw email headers to see delivery path, authentication status, and mail server details

  1. Home
  2. /
  3. Email Header Analyzer

Parsed Results

Paste email headers and click Parse Headers

What Are Email Headers?

Email headers contain metadata about a message's journey from sender to recipient. They include routing information (Received), authentication results (SPF, DKIM, DMARC), timestamps, message IDs, and server details. Analyzing headers helps identify delivery issues, detect spoofing, and understand email flow.

What Is an Email Header Analyzer?

An email header analyzer parses the raw headers of an email message and presents them in a readable, structured format. Email headers contain metadata about the message's journey, including every server it passed through (Received headers), authentication results (SPF, DKIM, DMARC), timestamps, message IDs, and the email client used.

This tool helps developers, system administrators, and security professionals investigate delivery issues, detect email spoofing or phishing attempts, verify authentication configurations, and understand the full email delivery path from sender to recipient. By parsing complex raw headers into organized sections, it makes email troubleshooting accessible to everyone.

How to Use This Tool

  1. Get raw email headers — Open any email in your client, look for "Show Original" or "View Source" options, and copy the full header block.
  2. Paste into the input area — Paste the raw headers into the text area. Use the example buttons to see sample headers.
  3. Click Parse Headers — The tool analyzes the headers and displays structured results.
  4. Review parsed data — View delivery path hops, authentication status (SPF/DKIM/DMARC), timestamps, and server details.
  5. Investigate issues — Use the parsed data to identify delivery delays, authentication failures, or potential spoofing.

Frequently Asked Questions

Where do I find raw email headers?

In Gmail, open the email and click the three-dot menu → "Show original". In Outlook, open the email and go to File → Properties → Internet headers. In Apple Mail, go to View → Message → Raw Source.

What do SPF, DKIM, and DMARC mean?

SPF (Sender Policy Framework) verifies the sending server is authorized. DKIM (DomainKeys Identified Mail) validates the email was not tampered with. DMARC (Domain-based Message Authentication) tells recipients how to handle unauthenticated emails.

Can I detect email spoofing with this tool?

Yes. By analyzing authentication results (SPF, DKIM, DMARC) and comparing the From address with the return-path and received servers, you can identify discrepancies that indicate spoofing or phishing attempts.

Are my email headers sent to a server?

No. All parsing is performed locally in your browser. Your email headers never leave your device.

What is the delivery path (hops)?

The delivery path shows each server the email passed through, listed in Received headers from bottom to top. Each hop includes the server name, IP address, timestamp, and protocol used (SMTP, ESMTP).

Last updated: 9 Jul 2026