Email Header Analyzer
Analyze email headers to trace routes, inspect authentication results, and investigate suspicious mail.
What Is an Email Header?
Email headers are metadata lines added by each mail server along the delivery path — routing, authentication, and identifiers not shown in the normal message body.
This email header analyzer parses pasted raw headers, highlights key fields, and extracts SPF/DKIM/DMARC tokens from Authentication-Results when present.
How to Use This Tool
- Open your mail client and copy the full message headers (Show original / View source).
- Paste the raw header block into the text area.
- Click Analyze Headers to parse fields into a table.
- Review highlighted From, Received, Return-Path, and authentication badges.
- Investigate odd hops and failed SPF/DKIM/DMARC before trusting links or attachments.
Understanding Email Routing
Each Received line is a hop (newest often at top). Tracing email routing means reading those hops from sender toward your inbox.
The tool counts Received hops to summarize path length.
Key Email Header Fields
Highlighted when found in your paste:
- From
- Displayed sender — can be spoofed; compare with Return-Path.
- Return-Path
- Envelope sender for bounces.
- Received
- Chain of servers that handled the message.
- Message-ID
- Unique identifier for the message instance.
- Reply-To
- Where replies go — may differ from From in phishing.
- Authentication Results
- SPF, DKIM, DMARC outcomes when the provider added them.
SPF Explained
Sender Policy Framework checks whether the sending IP is allowed in the domain’s SPF DNS record. pass/fail/neutral may appear in Authentication-Results.
Use SPF DKIM DMARC Checker on your own domain DNS for outbound mail setup.
DKIM Explained
DomainKeys Identified Mail signs message hashes with a domain key. DKIM-Signature headers and dkim=pass in Authentication-Results indicate verified signatures.
DMARC Explained
DMARC policies tell receivers what to do when SPF/DKIM alignment fails. dmarc=pass in Authentication-Results means the message met policy checks.
How to Investigate Phishing Emails
Paste full headers, check From vs Reply-To, read earliest Received IPs, and note authentication failures.
Do not click links — use link checker on URLs separately.
Detecting Email Spoofing
Spoofing often shows mismatched From and Return-Path, fresh domains, or failed SPF/DKIM with urgent social engineering body text.
Understanding Received Headers
Read bottom-to-top or top-to-bottom depending on provider — note IP hostnames and timestamps for impossible travel.
Common Email Delivery Problems
- SPF fail — sending IP not in SPF record.
- DKIM fail — broken signing or forwarding broke signature.
- DMARC fail — alignment mismatch after mailing lists.
- Greylisting and deferrals — temporary 4xx responses.
Benefits of This Tool
- Free email header lookup in the browser.
- Authentication summary badges when data exists.
- Full header table for deep review.
- Pairs with VSPIC DNS and blacklist tools.
How to Read Email Headers
Start with Authentication-Results, then newest Received, then From/Return-Path/Reply-To. Export screenshots for tickets but paste raw text for accurate parsing.
Email Security Best Practices
Publish SPF, DKIM, and DMARC on domains you send from. Train users to report phishing with headers attached.
Email Authentication Explained
Authentication proves sending infrastructure matches domain policy — it does not prove the human display name is honest.
References
Frequently Asked Questions
In Gmail: open message → three dots → Show original. Outlook: File → Properties → Internet headers. Paste the raw block into this tool.
No. You paste headers manually. Nothing is fetched from your mail account.
Your paste may lack Authentication-Results (common in some clients). The full header table still helps trace routing.
Compare From vs Return-Path, review Received order for unexpected countries, and check authentication pass/fail when present.
Analyzing headers you received is normal for security triage. Follow workplace policy and privacy law for third-party mail.
Next step for email header analyzer
Continue with spf dkim dmarc checker on VSPIC.
Related Tools
Explore more free VSPIC tools for IP, DNS, security, and network diagnostics.
SPF DKIM DMARC Checker
Validate email authentication DNS records for any domain
Use Free →DNS Lookup
Free DNS lookup tool and DNS checker — query A, AAAA, MX, TXT, NS, CNAME, and SOA records for any domain.
Use Free →Blacklist Checker
Check if an IP is listed on spam and abuse blacklists
Use Free →WHOIS Lookup
Retrieve domain and IP registration WHOIS records
Use Free →Link Checker
Verify if a URL is reachable and check HTTP status
Use Free →Header Checker
Inspect HTTP request and response headers
Use Free →
Trusted by Users Who Value Privacy
Always Free
No premium plan ever
100% Private
Files processed in browser
Instant Results
Convert in seconds
Works Everywhere
Any device, any OS