Email Header Analyzer

An email header analyzer parses raw email headers to display the full delivery path, server IP addresses, geolocation data, and authentication results for any email.

Paste the raw email headers copied from your email client and the tool extracts every Received header to reconstruct the delivery chain. Each server IP in the chain is geolocated. Authentication results for SPF, DKIM, and DMARC are displayed. The tool is useful for tracing phishing emails, diagnosing delivery issues, and verifying email authenticity.

Frequently Asked Questions

What are email headers?

Email headers are metadata attached to every email that record its journey from sender to recipient. They contain timestamps, server IPs, spam scores, authentication results, and the full delivery path the message took.

How do I get the raw headers from an email?

In Gmail: open the email, click the three-dot menu, select Show original. In Outlook: open the email, click File, then Properties. In Apple Mail: view the message, then go to View and Show All Headers.

What can email headers reveal about a sender?

Email headers reveal the sending mail server's IP address, the route the email took across servers, authentication results (SPF, DKIM, DMARC), timestamps for each hop, and spam filter verdicts. You can geolocate each server IP in the delivery chain.

What is SPF, DKIM, and DMARC in email headers?

SPF (Sender Policy Framework) verifies the sending server is authorized to send for the domain. DKIM (DomainKeys Identified Mail) adds a cryptographic signature to prove the message was not tampered with. DMARC specifies what to do when SPF or DKIM fail.