๐Ÿฆ IP Animals
๐Ÿ”Ž Network Lookups

Email Header Analyzer

Paste the raw headers of an email to trace its delivery path hop by hop, measure the delay at each server, and read the SPF, DKIM and DMARC authentication results. Everything is parsed locally in your browser โ€” your headers are never transmitted.

In Gmail: โ‹ฎ โ†’ Show original. In Outlook: File โ†’ Properties. In Apple Mail: View โ†’ Message โ†’ Raw Source.

About the email header analyzer

Every email carries a hidden block of headers โ€” metadata that mail servers add as the message travels from the sender to your inbox. Buried in that block is a complete audit trail: which servers handled the message, when, and whether it passed the checks that prove it really came from the domain it claims. This tool pulls that trail apart so you can read it at a glance.

It first unfolds the headers (long values are legally wrapped across several indented lines) and then reads the key fields โ€” From, To, Subject, Date and Message-ID. Next it gathers every Received: line. Because each server stamps its line at the top of the headers, the list is reversed to show the genuine origin โ†’ destination path, and the timestamp on each line is used to compute how long the message sat at every hop.

๐Ÿ”’ Parsed locally โ€” your headers never leave the page

Email headers routinely expose internal server names, IP addresses and recipient addresses. This analyzer runs 100% in your browser: the text you paste is never uploaded, logged or stored, and the tool works with your connection switched off.

Reading the authentication results

The tool surfaces Authentication-Results and Received-SPF and highlights the verdicts for SPF (is this server allowed to send for the domain?), DKIM (does the cryptographic signature check out?) and DMARC (do those line up with the visible From address?). A clean pass across all three is a strong signal the message is genuine, while failures are a classic fingerprint of spoofing or phishing. Because these checks lean heavily on the domain's DNS records, our guide on what DNS is is useful background, and the hop IP addresses connect to the broader question of what an IP can reveal.

Want to inspect a sender's published records yourself? Use the TXT & SPF Record Lookup to read their SPF and DMARC policies, or the MX Record Lookup to see which servers accept their mail.

Frequently asked questions

Are my email headers uploaded anywhere?

No. The raw headers you paste are parsed entirely in JavaScript inside your own browser. Nothing is sent to a server, logged or stored. Email headers can contain internal hostnames and addresses, so keeping the analysis local matters โ€” you can even work offline.

How do I get the raw headers of an email?

In Gmail open a message, click the three-dot menu and choose Show original. In Outlook open the message and use File โ†’ Properties, or View message source. In Apple Mail choose View โ†’ Message โ†’ Raw Source. Copy everything and paste it in the box above.

Why are the Received hops listed bottom to top?

Each mail server adds its own Received line to the very top of the headers as it handles the message. So the last line added โ€” nearest the top โ€” is the final hop, and the oldest line at the bottom is where the message originated. This tool reverses them to show the true origin-to-destination order.

What do SPF, DKIM and DMARC tell me?

They are email authentication checks. SPF verifies the sending server is allowed to send for the domain, DKIM verifies a cryptographic signature so the message was not altered, and DMARC ties the two to the visible From address. A pass on all three is a strong sign the mail is genuine; failures can indicate spoofing.

Want the theory? Read the guides โ†’ ยท Visit the zoo โ†’