Email Header Analyzer
Paste raw email headers to analyze SPF/DKIM/DMARC and delivery path.
Email Header Analyzer parses raw email headers and shows the full delivery path: every relay server, transit time, SPF/DKIM/DMARC verdicts. Diagnoses spam issues, phishing attempts, delivery delays.
Authentication Results
DMARC alignment matrix
DMARC compliance requires Header.From to align with the DKIM signature domain OR the SPF return-path domain. Relaxed = same organizational domain (eTLD+1). Strict = exact match.
Delivery Path
Delivery path timeline
Key Headers
All Headers
Want a weekly re-check of this?
Drop your email — we will re-run this check every 7 days and alert you if anything degrades (SSL expiry, DNS change, header regression). Free.
One-click unsubscribe in every email. We never share email addresses. By subscribing you agree to our privacy policy.
Paste full email headers from your email client (show original message)
Analyzer parses Received:, Authentication-Results:, DKIM-Signature: and other headers
Displays delivery path, authentication results and key headers
Email Header Analysis
Decode the email delivery path and verify authentication
Delivery route
Visualize all servers the email passed through with timestamps and delays at each hop.
SPF / DKIM / DMARC
Instant check of authentication results: pass, fail, softfail, neutral. Detects spoofed emails and config issues.
Spam diagnostics
Extracts X-Spam-Score, X-Spam-Status and other anti-spam markers to analyze why emails land in spam.
Common Mistakes
Best Practices
How to Analyze Email Headers
Email headers contain metadata about origin, routing, and authentication of a message. The Received headers trace the delivery path from sender to recipient — read bottom-up. Authentication-Results shows whether SPF, DKIM, and DMARC checks passed. X-Spam-Score indicates spam filter results. Analyzing headers helps diagnose delivery failures and detect phishing or spoofed emails.
Frequently Asked Questions
Where do I find email headers?
In Gmail: open email → menu "⋮" → "Show original". In Outlook: File → Properties → Internet Headers. In Apple Mail: View → Message → All Headers.
What does SPF fail mean?
SPF fail means the sending server IP is not listed in the domain allowed IPs. This may signal spoofing or an incorrectly configured SPF record.
How is DKIM different from SPF?
SPF checks whether the sender IP is authorized for the domain. DKIM verifies a digital signature on the email content. DMARC combines both mechanisms and defines a handling policy.
How can I tell if an email is forged?
Signs: SPF fail or softfail, DKIM fail, DMARC fail with reject/quarantine policy, mismatch between From: domain and Received: headers, suspicious X-Originating-IP.
What is a hop delay?
Each server in the delivery chain adds a timestamp to the Received: header. The difference between timestamps is the hop delay. Delay >10s is suspicious, >60s indicates a queue problem.
Related guides
Longer-form reading on this topic from the knowledge base.
Email deliverability monitoring
Alerts on MX / SPF / DKIM / DMARC changes — guard against silent email infrastructure breakage.