📧 Free Email Header Analyzer

Paste raw email headers and get a detailed breakdown of every field — Received chain, SPF, DKIM, authentication results, and 25+ header types explained. Free, no signup, instant results.

🔍 Analyze Your Email Headers Now →

What Our Email Header Analyzer Does

🔄 Received Chain

Trace the full delivery path — every server your email passed through, with IP addresses, protocols (ESMTPS, ESMTPSA), and timestamps for each hop.

🔐 Authentication Results

Parse SPF, DKIM, and DMARC results. See if authentication passed, failed, or was neutral — critical for diagnosing deliverability problems.

📋 Field-by-Field Explanation

Every header field explained in plain English. Covers 25+ header types grouped into categories: Routing, Authentication, Identity, Content, and Metadata.

📊 Summary Dashboard

Quick-glance overview: sender, recipient, subject, date, return-path, sending server, and SPF/DKIM pass/fail status — all in one compact view.

🔗 Return-Path & Envelope

See the envelope sender (Return-Path) vs the From address — spoofed emails often mismatch these two.

🛡️ Security Headers

Detects ARC (Authenticated Received Chain) headers for forwarded emails, TLS version info, and any custom X-headers added by security gateways.

How to Analyze Email Headers — 3 Simple Steps

1️⃣
Get the Raw Headers

Gmail: ⋮ → Show original.
Outlook: File → Properties → Internet headers.
Apple Mail: View → Message → Raw Source.
Thunderbird: Ctrl+U → View Source.

2️⃣
Paste Into the Analyzer

Copy the complete raw headers and paste them into our free header analyzer. The tool auto-detects and parses every field.

3️⃣
Review the Analysis

See the delivery path, authentication results, and field-by-field explanations. Spot spoofing, routing issues, and deliverability problems instantly.

📖 Email Header Fields You Can Analyze

🔄 Routing: Received, Return-Path, X-Received
🔐 Authentication: Received-SPF, DKIM-Signature, ARC-*
👤 Identity: From, To, Reply-To, Sender
📄 Content: Subject, Date, Message-ID, MIME-Version
📐 Format: Content-Type, Content-Transfer-Encoding
📬 Delivery: Delivered-To, X-Original-To, Envelope-To
⚙️ Custom: X-Mailer, X-Priority, X-Spam-Status
🔗 Threading: In-Reply-To, References, List-Unsubscribe

❓ Frequently Asked Questions

What are email headers and why should I analyze them?

Email headers are metadata attached to every email — they show the delivery path, authentication checks, sender identity, and routing information. Analyzing headers helps you: (1) trace where an email really came from, (2) diagnose why emails land in spam, (3) detect phishing/spoofing attempts, and (4) troubleshoot SPF/DKIM/DMARC failures.

How do I find email headers in my client?

Gmail: Open the email → click the three dots (⋮) → "Show original."
Outlook/365: Open email → File → Properties → Internet headers section.
Apple Mail: View → Message → Raw Source.
Thunderbird: View → Message Source (Ctrl+U).
Yahoo Mail: Open email → More → View raw message.
ProtonMail: Open email → dropdown menu → View headers.

What does the Received chain tell me?

The Received headers form a chain showing every mail server that handled the email, from the sender's outgoing server to your inbox. Each hop includes the server hostname, IP address, protocol used (ESMTPS = encrypted SMTP), and a timestamp. Read from bottom to top — the first Received is the sender's server, the last is your provider. If a suspicious IP appears in the chain, the email may be spoofed.

What's the difference between Return-Path and From?

From is what you see in your email client — it can be anything the sender sets. Return-Path is the envelope sender address used for bounces (SMTP MAIL FROM). If they don't match, it's not necessarily malicious (mailing lists and forwarding do this legitimately), but it can indicate spoofing — especially if the Return-Path domain has no relationship to the From domain. Our analyzer highlights this mismatch for you.

Are my email headers stored or shared?

No. All analysis happens in memory during your request. We don't log, store, or share your email headers or any data extracted from them. The analysis is ephemeral — once you close the page, it's gone.

Can this tool help with phishing investigation?

Yes. The header analyzer is commonly used to investigate suspicious emails. By tracing the Received chain, you can see the real origin server. By checking Return-Path vs From, you can spot domain spoofing. By reviewing SPF/DKIM results, you can see if authentication was faked. Combined, this gives you strong evidence to determine if an email is legitimate.

🛡️ When to Use a Header Analyzer

Investigating suspicious emails — trace the real source before clicking any links

Debugging email deliverability — see exactly which SPF/DKIM check failed

Auditing your own domain — verify your outgoing emails pass authentication

Forensic email analysis — timestamps, server paths, and protocol details

Checking forwarding setups — ARC headers show how forwarding affects authentication

Learning how email works — headers reveal the full SMTP conversation

Ready to Analyze Your Email Headers?

Paste your raw email headers now and get a complete analysis in seconds. Free, no signup, instant results.

🔍 Analyze Headers Now →

🔗 Related Tools

📬 Email Checker 📊 Spam Score Checker 📘 SPF/DKIM/DMARC Guide 📋 DMARC Parser 📑 Email Health Report 🚫 Blacklist Monitor
🔧 For domain owners

📊 Professional Email Health Report

Get a detailed PDF audit with step-by-step fixes for your domain's email setup. Includes MX, SPF, DKIM, DMARC scores and recommendations.

Get Fix Report — €9 →
🔒 SSL Secured 🛡️ No-Log Policy 🛠️ 53 Free Tools 👥 1,300+ Daily Users ₿ Crypto-Native