Email Header Analyzer
Analyze email headers to trace the delivery path, verify authentication (SPF, DKIM, DMARC), and understand where an email really came from.
Paste Email Headers
Understanding Email Headers
Email headers contain metadata about the message, including where it came from, which servers processed it, and authentication results. This information is normally hidden but essential for troubleshooting.
Headers are added by each server that handles the email, with newer headers at the top. Reading from bottom to top shows the email's journey.
Email Authentication
SPF (Sender Policy Framework)
Verifies the sending server is authorized to send for the domain
DKIM (DomainKeys Identified Mail)
Cryptographically verifies the email wasn't modified in transit
DMARC (Domain-based Message Authentication)
Combines SPF and DKIM with policy for handling failures
Frequently Asked Questions
How do I find email headers?
In Gmail: Open the email, click the three dots (⋮), select "Show original". In Outlook: Open the email, go to File → Properties. In Apple Mail: View → Message → All Headers.
What do SPF, DKIM, and DMARC mean?
SPF verifies the sending server is authorized. DKIM verifies the email wasn't altered in transit using digital signatures. DMARC combines both and tells receivers how to handle failures. "Pass" means the check succeeded.
What are email hops?
Each "hop" represents a server that processed the email on its journey from sender to recipient. The Received headers document this path, with the most recent hop at the top.
Can I trace where an email really came from?
Yes, the Received headers show the servers that handled the email. The originating IP can help identify the true source, though sophisticated spammers may forge headers.