Email Header Analyzer

Paste an email's raw source to instantly demystify its delivery path and security.

What is an Email Header?

Every email contains a block of technical data called a header, which records the journey it took from the sender to your inbox. It includes information about the servers it passed through, the results of security checks like SPF and DMARC, and other metadata not normally visible to the user.

Analyzing the header is the best way to investigate suspicious emails, troubleshoot delivery problems, and confirm if an email is legitimate or a phishing attempt. This tool parses that complex data into a human-readable format, so you can see the story behind any email.

Frequently Asked Questions

How do I find the email header in Gmail?

To find an email header in Gmail, open the email, click the three vertical dots (More options) next to the reply button, and select 'Show original'. A new tab will open with the full, raw email source, which you can copy and paste into our analyzer.

What does an SPF or DKIM 'fail' mean in the analysis?

An SPF 'fail' means the email was sent from an IP address that is not authorized in the sender's SPF record. A DKIM 'fail' means the email's cryptographic signature is invalid, suggesting the message may have been altered in transit or was not signed correctly. Both are indicators of a potential phishing attempt or a mail server misconfiguration.

Can an email header be faked?

While some parts of an email header, like the 'From' address, can be easily faked (spoofed), the 'Received' lines that trace the email's path through different mail servers are much harder to forge completely. Furthermore, cryptographic signatures like DKIM are designed to be tamper-evident. Our analyzer helps you spot these discrepancies.