Email Header Analyzer

Paste raw email headers to trace the delivery path, check authentication results, and identify delays or issues.

What Are Email Headers?

Email headers are metadata attached to every email message. They contain technical information about the message's origin, delivery path, authentication results, and routing details. Headers are normally hidden from view but are essential for debugging email delivery problems.

How to Find Email Headers

Select your email client below for step-by-step instructions:

Gmail

Open the email, click the three-dot menu in the upper right, and select "Show original."

Outlook (Web)

Open the email, click the three-dot menu, then "View" and select "View message source."

Outlook (Desktop)

Open the email, go to File and then Properties. Headers appear in the "Internet headers" box.

Apple Mail

Open the email, go to the View menu, then select "Message" and click "All Headers."

What This Tool Analyzes

Delivery Path

Each "Received:" header represents a hop in the email's journey from sender to recipient. We trace the complete path with timestamps.

Authentication Results

SPF, DKIM, and DMARC results extracted from Authentication-Results headers to verify sender legitimacy.

Delays

Time differences between hops to identify where bottlenecks and processing delays occurred along the delivery path.

Key Metadata

From, To, Subject, Date, Message-ID, Return-Path, and other important headers parsed into a readable format.

Common Issues Found in Headers

  1. Authentication failures
    SPF, DKIM, or DMARC failing can cause emails to land in spam. Header analysis pinpoints which protocol is failing and why.
  2. Routing delays
    Large time gaps between hops indicate server processing delays or network issues that slow delivery.
  3. Missing headers
    Essential headers may be absent, indicating misconfigured sending software or intermediate servers stripping information.
  4. Suspicious routing
    Unexpected relays or unfamiliar servers in the delivery path could indicate compromised infrastructure or email interception.

Frequently Asked Questions

An email header analyzer is a tool that parses the raw technical metadata embedded in every email message and presents it in a human-readable format. It decodes information such as the sender's IP address, delivery path through mail servers, timestamps, and authentication results (SPF, DKIM, DMARC). This information is essential for diagnosing deliverability issues and verifying email authenticity.

In Gmail, open the email, click the three-dot menu, and select "Show original." In Outlook desktop, open the message, go to File then Properties, and find headers in the "Internet headers" box. In Outlook on the web, click the three-dot menu and select "View message details." Copy and paste the headers into our analyzer tool.

Check the authentication results for SPF, DKIM, and DMARC pass/fail status -- failures are a strong indicator of spoofing. Compare the From address with the Return-Path and Reply-To headers; mismatches may indicate impersonation. Examine the Received headers to verify the sending IP matches the expected mail server for the claimed domain.

Received headers are added by each mail server that handles the email during delivery, creating a chronological trail of the message's journey. Read from bottom to top -- the bottom-most shows the originating server, while the top-most shows the last server before delivery. These are critical for tracing routing issues, identifying delays, and determining the true origin of a message.

The Return-Path (also called the bounce address) specifies where bounce notifications are sent when an email cannot be delivered. SPF authentication checks the domain in the Return-Path header, not the visible From address. For DMARC alignment to pass via SPF, the Return-Path domain must match the domain in the From header.

While the From address and Reply-To can be forged by the sender, the Received headers added by intermediate mail servers are much harder to fake. Authentication headers (SPF, DKIM, DMARC results) are added by the receiving server and cannot be manipulated by the sender. This is why analyzing the full header chain is essential for verifying authenticity.

In the Authentication-Results header, pass means the email was successfully verified, while fail means it did not. SPF pass confirms the sending server was authorized, DKIM pass means the signature was verified and the message was not altered, and DMARC pass confirms both authentication success and proper domain alignment.

Header analysis reveals the specific authentication results that receiving servers used to evaluate your message, helping identify which protocol is failing. Headers also show if your sending IP is on a blocklist, if there are DNS errors, or if relay delays are occurring. The X-Spam-Status or similar headers show the exact spam score and contributing factors.