Free Email Header Analyzer
Paste an email header and see how it was authenticated, who really sent it, and where it slowed down on the way to the inbox.
Every server the message touched is recorded in the header. The analyzer reads that trail back into a clear verdict, an alignment check, and a delivery timeline you can actually follow.
Header analysis
Identity & alignment
Originating server
Delivery path
All parsed headers
How It Works
Paste your header
Copy the full header (in Gmail use “Show original,” in Outlook open the message source) and paste it in. Nothing is uploaded; it is parsed entirely in your browser.
Read the verdict
See SPF, DKIM, and DMARC results at a glance, and whether the From, Return-Path, and signing domains actually align.
Trace the delivery path
Follow every hop from the originating server to the inbox with per-hop delays, then check the sending IP against email blocklists.
What is an email header?
An email header is the metadata at the top of every email that records how the message was routed and authenticated, including the servers it passed through and its SPF, DKIM, and DMARC results.
Every mail server that handles a message stamps its own Received line at the top, so the header reads as a reverse trail from your inbox back to the originating server. The Authentication-Results line records whether SPF, DKIM, and DMARC passed, while From, Return-Path, and the DKIM signing domain reveal whether the message is really from who it claims. This analyzer parses all of it in your browser, following the field format defined in RFC 5322.
What the Analyzer Checks
Authentication at a glance
SPF, DKIM, and DMARC results pulled straight from the Authentication-Results line and shown as clear pass, fail, or missing chips.
Spoofing & alignment checks
We compare the From, Return-Path, and DKIM signing domains so you can see whether a message is really from who it claims, the way DMARC judges it.
The full delivery path
Every Received hop from the originating server to your inbox, with the delay at each step so you can spot exactly where a message stalled.
Origin server & reputation
The sending IP with its reverse DNS, plus a one-click blocklist check against the databases mailbox providers actually consult before accepting mail.
What Each Result Means
SPF, DKIM, or DMARC verified successfully. The message is confirmed to come from a server the domain authorized, and its identity lines up.
The check did not verify. Combined with a From and Return-Path that do not align, this is a strong spoofing or phishing signal.
No result was recorded for this check, often because the sending domain has not published the record. Softfail and neutral are weaker, inconclusive variants.
Email Header Analyzer FAQ
What is an email header?
An email header is the block of metadata at the top of every email. It records how the message was routed (every mail server it passed through, with timestamps) and how it was authenticated (its SPF, DKIM, and DMARC results), along with the From, Return-Path, and other identity fields. The body is what you read; the header is the audit trail of how it reached you.
How do I find the header of an email?
In Gmail, open the message, click the three-dot menu in the top right, and choose “Show original.” In Outlook (desktop), open the message in its own window, go to File → Properties, and copy the “Internet headers” box. In Apple Mail, open the message and choose View → Message → All Headers. Paste whatever you get into the analyzer — it reads the full raw source or just the header block.
Is my email header data private?
Your header is parsed entirely in your browser and is never uploaded to InboxAlly or anyone else. There is one exception: to fill in the Originating Server panel, the analyzer sends the single originating IP address (not your header) to a public DNS resolver to look up its reverse DNS, confirm that DNS resolves forward and back (FCrDNS), and identify the network that owns it. Those lookups use Google’s public DNS-over-HTTPS and Team Cymru’s IP-to-ASN service. Everything else stays on your device.
What do SPF, DKIM, and DMARC pass or fail mean?
SPF checks that the sending server is authorized by the domain in the envelope (Return-Path). DKIM checks a cryptographic signature proving the message was not altered and was signed by the sender’s domain. DMARC ties them together and checks that the authenticated domain aligns with the visible From address. A pass on all three means the message is verified as coming from who it claims; a fail, especially with misaligned domains, is a strong spoofing signal.
My message passed authentication but still went to spam. Why?
Authentication is necessary but not sufficient. SPF, DKIM, and DMARC prove identity, but inbox placement also depends on your sending reputation, recipient engagement, list quality, and content. A perfectly authenticated message from a domain with poor reputation will still be filtered. That reputation problem is exactly what InboxAlly is built to fix.
How do I read the Received chain?
Each Received line is added by one mail server as the message passes through it, and new lines are added to the top. So the chain reads in reverse: the bottom line is the originating server, and the top is the last server before your inbox. Each line carries a timestamp, so the gap between consecutive lines is how long the message waited at that hop. The analyzer flips the chain into chronological order and shows the delay at each step.
A Clean Header Doesn’t Earn the Inbox.
InboxAlly Does.
The analyzer confirms a message authenticated and shows exactly how it traveled. But passing SPF, DKIM, and DMARC is necessary, not sufficient. Whether your real mail reaches the inbox comes down to sender reputation, which is what InboxAlly builds and protects.
Trusted and recognized
Trusted by 20,000+ brands · SOC 2 aligned · founded 2019