Our free email header analyzer parses raw email headers to reveal the complete delivery path of any email message. Paste the full headers from Gmail, Outlook, or any email client to trace each hop between mail servers, identify delivery delays, and verify SPF, DKIM, and DMARC authentication results. This email header analyzer helps you troubleshoot bounced emails, investigate spam, and diagnose deliverability issues.

What Are Email Headers?

Email headers are metadata attached to every email message, as defined in RFC 5322 (Internet Message Format). They contain information about the sender, recipient, subject, date, and — most importantly — the path the email took from origin to destination. Headers are essential for troubleshooting delivery problems, investigating spam, and verifying email authentication. An email header analyzer breaks down these headers into a readable format so you can quickly identify issues.

How to Find Email Headers

Each email client provides a way to view the raw message headers:

Gmail: Open the email, click the three dots menu, and select “Show original.” Copy the headers from the top of the page.

Outlook (Web): Open the email, click the three dots, then View → View message source. For Outlook desktop, go to File → Properties and look under “Internet Headers.”

Apple Mail: Open the email, go to View → Message → All Headers.

Thunderbird: Open the email, go to View → Message Source, or press Ctrl+U.

Once you have copied the raw headers, paste them into the email header analyzer above to see the parsed results.

Email Authentication

SPF (Sender Policy Framework) — Verifies that the sending server is authorized to send mail on behalf of the domain. SPF records are published as DNS TXT records listing approved sending IPs. The protocol is defined in RFC 7208.

DKIM (DomainKeys Identified Mail) — Uses cryptographic signatures to verify the email content has not been tampered with in transit. The sending server signs the message, and the receiving server verifies it against a public key in DNS.

DMARC (Domain-based Message Authentication) — Builds on SPF and DKIM to provide a policy for handling authentication failures and reporting. DMARC tells receiving servers what to do when SPF or DKIM checks fail (reject, quarantine, or allow).

Reading the Delivery Path

Each “Received:” header represents a hop the email made between mail servers. The headers are added in reverse order — the topmost header is the most recent hop. By comparing timestamps between hops, you can identify where delays occurred during delivery. A typical email passes through 3-5 servers: the sender’s mail client, the sender’s SMTP server, any intermediate relays, and the recipient’s incoming mail server. Our email header analyzer calculates these delays automatically and highlights any significant bottlenecks.

Common Email Header Fields

Beyond the delivery path, email headers contain several important fields:

From / To / Cc — The sender and recipient addresses
Date — When the email was composed
Message-ID — A unique identifier for the message, useful for tracking across server logs
X-Mailer / User-Agent — The software used to send the email
Return-Path — The bounce address where delivery failure notifications are sent
X-Spam-Status — Spam filter verdict from the receiving server
Authentication-Results — Combined SPF, DKIM, and DMARC check results

Troubleshooting Email Delivery

When emails are delayed, bounced, or sent to spam, the headers tell the story. Look for large time gaps between consecutive “Received:” headers to find bottlenecks. Check the Authentication-Results header for SPF/DKIM/DMARC failures that might cause spam classification. If you see an unexpected relay server in the path, it could indicate a misconfigured mail routing or a compromised server. Using an email header analyzer is the fastest way to pinpoint these issues.

Identifying Spam and Phishing

Email headers are the first place to look when investigating suspicious messages. Phishing emails often have mismatched “From” and “Return-Path” addresses, fail SPF or DKIM checks, and originate from unexpected IP addresses or regions. By pasting the raw headers into this email header analyzer, you can quickly verify whether an email is legitimate or has been forged.

Related Tools

Email authentication relies on DNS records. Use our DNS Lookup to check a domain’s SPF, DKIM, and DMARC TXT records. To investigate a suspicious sender’s domain, try our WHOIS Lookup.

Email Header Analyzer