Email Header Analyzer

Paste raw email headers to check SPF, DKIM, and DMARC authentication, trace the delivery path hop by hop, detect spam signals, and get a deliverability score out of 100.

Free Tool

Quick Answer

How do I analyze email headers?

Open the email in Gmail, click the three-dot menu, and select Show original to see raw headers. Copy all the text and paste it into this analyzer. The tool checks SPF, DKIM, and DMARC authentication, traces the delivery path hop by hop, flags spam signals, and gives a deliverability score out of 100.

Paste Raw Email Headers

In Gmail: open email, three-dot menu, Show original -- copy all text below the URL bar

About this tool

This email header analyzer parses raw email headers and extracts the information most useful for diagnosing deliverability problems and identifying spoofed or suspicious email. It reads the Authentication-Results and Received-SPF headers to show SPF, DKIM, and DMARC pass or fail status as colored badges, traces the full delivery path through all Received headers with timestamps and hop delays, calculates a deliverability score based on authentication outcomes, and flags common spam indicators such as domain mismatches and missing Message-ID headers.

The tool is useful for email administrators diagnosing why legitimate emails are landing in spam, developers verifying that transactional email is properly authenticated, security teams investigating phishing or spoofing attempts, and anyone who wants to understand what information is embedded in an email before they act on it. Everything runs in your browser and no header data is sent to any server.

How it works

  1. 1

    Get the raw headers from your email client

    In Gmail open the email, click the three-dot menu in the top right, and choose Show original. In Outlook use File, Properties, and look for Internet headers. In Apple Mail go to View, Message, All Headers.

  2. 2

    Copy and paste into the analyzer

    Copy all the text at the top of the page (everything above the email body) and paste it into the input box. Click Analyze Headers or use Load Example to try a sample.

  3. 3

    Review authentication and spam signals

    The tool parses SPF, DKIM, and DMARC results from the Authentication-Results header and displays them as color-coded badges. Spam indicators highlight mismatches, failures, and missing headers.

  4. 4

    Trace the delivery path

    The Received chain section shows every server the email passed through, in order from newest to oldest, with the time delay between each hop. Delays over 30 seconds are flagged in amber.

Authentication results guide

ProtocolWhat it checksImpact on deliverability
SPFVerifies that the sending IP address is authorized in the domain's SPF DNS record. Prevents IP-level spoofing.SPF fail reduces score by 25 points. Softfail reduces by 10. Many spam filters use SPF as a primary signal.
DKIMVerifies a cryptographic signature added by the sending mail server. Proves the email body was not altered in transit.DKIM fail reduces score by 25 points. Without a valid DKIM signature, email is more likely to be filtered or quarantined.
DMARCChecks that SPF or DKIM aligns with the From domain and enforces the domain owner's policy (none, quarantine, reject).DMARC fail reduces score by 20 points. Required by Gmail and Yahoo bulk sender guidelines from 2024 onward.

How to view headers in popular email clients

Email clientSteps to view raw headers
GmailOpen the email. Click the three-dot menu (top right of the message). Select Show original. Copy all text above the email body.
OutlookOpen the email. Click File then Properties. Copy the text in the Internet headers box.
Apple MailOpen the email. Go to View in the menu bar, then Message, then All Headers. The full headers appear at the top of the message.
Yahoo MailOpen the email. Click the three-dot More menu. Select View raw message. Copy the header text at the top.

Frequently asked questions

What are email headers?
Email headers are metadata attached to every email that record the journey from sender to recipient. They contain information about the sending server, authentication results (SPF, DKIM, DMARC), timestamps at each hop, spam scores, and the email client used. Headers are hidden by default but can be viewed in any email client.
How do I view email headers in Gmail?
In Gmail, open the email, click the three-dot menu in the top right corner of the message, and select Show original. The full raw headers appear in a new tab. Copy all the text and paste it into this analyzer.
What do SPF, DKIM, and DMARC results mean in email headers?
SPF pass means the email came from an authorized server for that domain. DKIM pass means the email content was not altered in transit and the signature is valid. DMARC pass means the email passed the domain owner's authentication policy. All three passing is the gold standard for email deliverability.
Why does my email show SPF softfail?
SPF softfail (~all) means the sending server is not explicitly listed in the SPF record but the domain owner has not set a strict rejection policy. Emails with softfail are typically accepted but may be marked as suspicious by some filters. Add the sending server to your SPF record to resolve this.
What is the Received chain in email headers?
The Received chain shows every mail server the email passed through from sender to recipient. Each hop adds a Received header with the server name and timestamp. Reading from bottom to top shows the original path. Large delays between hops can indicate server issues or spam filtering holds.
How do I detect if an email is spoofed using headers?
Check for mismatches between the From address and the Return-Path or envelope sender. Look for SPF fail or DKIM fail results. Check if the Reply-To is different from the From address. Examine the originating IP in the first Received header and verify it belongs to the claimed sender domain.
What is a spam score in email headers?
Many mail servers add an X-Spam-Score header after running the email through spam filters like SpamAssassin. The score is a number where higher means more likely spam. A score above 5 is typically flagged as spam. Individual rules that triggered the score are often listed in X-Spam-Report headers.
How do I find the original sender IP from email headers?
The original sender IP is in the bottom-most Received header (the first one added to the chain). Look for the IP address in parentheses after "from" in that header. You can then look up that IP using a WHOIS tool to identify the sending organization or check if it is blacklisted.

Related guides

Related tools