Email Header Analyzer

Parse raw email headers to trace message routing, check authentication results (SPF, DKIM, DMARC), and detect delivery delays.

Run a check to see results

APIPOST /api/v1/email/headers
5(13 votes)
2
checks performed
Try also: MX Lookup
Run Check

Key Features

100% Free

No registration required, unlimited checks

Instant Results

Real-time analysis with detailed output

REST API Access

Integrate into your workflow via API

Accurate Data

Live queries to authoritative sources

What is Email Header Analyzer?

The email header analyzer parses raw email headers to reveal the complete journey of an email message from sender to your inbox. It extracts and visualizes the routing path through each mail server hop, checks email authentication results (SPF pass/fail, DKIM signature verification, DMARC alignment), calculates delivery delays between each hop to identify bottlenecks, and extracts key metadata including the sender's originating IP address, mail client, and encryption status. Email headers are the diagnostic goldmine for troubleshooting delivery problems — they contain the full technical story of every email.

This free header analysis tool is used by email administrators investigating why messages are delayed or rejected, security teams analyzing phishing and spam messages to trace the true sender, IT support tracing email routing issues across complex mail infrastructure, and anyone investigating a suspicious email to verify its authenticity. Simply paste the raw headers and the tool does the parsing — no need to manually read through the dense, chronologically reversed header blocks.

How to Use

  1. 1Copy the full raw email headers from your email client (see FAQ for instructions per client)
  2. 2Paste the complete headers into the text area — include everything from the first 'Received:' line to the 'Subject:' line
  3. 3Click 'Run Check' to parse all headers and extract the routing, authentication, and timing data
  4. 4Review the routing path: see each mail server the message passed through with timestamps
  5. 5Check authentication results: SPF, DKIM, and DMARC pass/fail status for the message
  6. 6Examine delay analysis to identify which server caused the most delivery delay

Who Uses This

System Administrators

Monitor and troubleshoot infrastructure

Developers

Debug network issues and integrate via API

SEO Specialists

Verify domain configuration and performance

Security Analysts

Audit and assess network security

Frequently Asked Questions

How do I get raw email headers from my email client?
Each email client has a different method: Gmail — open the email, click the three-dot menu, select 'Show original'. Outlook (web) — open the email, click the three-dot menu, select 'View message source'. Outlook (desktop) — open the message, go to File > Properties, headers are in the 'Internet headers' box. Apple Mail — open the email, go to View > Message > All Headers. Yahoo Mail — open the email, click the three-dot menu, select 'View raw message'. Thunderbird — open the email, go to View > Message Source. Copy all the header text and paste it into the analyzer.
What information do email headers contain?
Email headers contain the complete technical metadata of a message: Received headers (the routing path through each mail server with timestamps), From/To/Subject (envelope and display information), Authentication-Results (SPF, DKIM, DMARC check outcomes), Message-ID (unique message identifier), MIME-Version and Content-Type (message format), X-Mailer or User-Agent (sending software), Return-Path (bounce address), and various X- headers added by spam filters, antivirus scanners, and security gateways. Headers are read bottom-to-top — the oldest hop is at the bottom, the most recent at the top.
How do I identify email delivery delays from headers?
The analyzer extracts timestamps from each Received header and calculates the time difference between consecutive hops. A normal hop takes under 1 second. If a specific server shows a delay of minutes or hours, that server is the bottleneck — it could be performing heavy spam filtering, experiencing high load, or having configuration issues like greylisting (intentionally delaying first-time senders). The delay analysis view highlights the slowest hops so you can focus your troubleshooting on the right server.
How can I tell if an email is spoofed by looking at headers?
Check three things: First, look at the Authentication-Results header — if SPF fails, the email was sent from a server not authorized by the sender's domain. If DKIM fails, the message was altered or the signature is forged. If DMARC fails, both SPF and DKIM alignment failed. Second, check the Received headers — the originating IP (bottom-most Received header) should match the claimed sending domain. Third, compare the From header (what you see) with the Return-Path header (where bounces go) — if they differ and the domain doesn't match, it's likely spoofed.
What does it mean when SPF, DKIM, or DMARC fails in the headers?
SPF fail means the email was sent from an IP address not listed in the domain's SPF record — either the sender misconfigured SPF or the email is spoofed. DKIM fail means the cryptographic signature doesn't match, indicating the message was altered in transit or the signing key is misconfigured. DMARC fail means neither SPF nor DKIM passed with alignment to the From domain, and the receiving server applied the domain's DMARC policy (none, quarantine, or reject). Multiple authentication failures on a single message are a strong indicator of spoofing or phishing.

Related Articles

Master SPF, DKIM, DMARC Setup in Just 30 MinutesWiki

Master SPF, DKIM, DMARC Setup in Just 30 Minutes

Learn how to set up SPF, DKIM, and DMARC in 30 minutes to secure your email communications effortlessly.

NetVizor Team
Mar 2, 2026
Understanding Email: How It Works and Why It MattersWiki

Understanding Email: How It Works and Why It Matters

Email is a cornerstone of digital communication. Learn how it works and why it's essential in today's world.

NetVizor Team
Mar 2, 2026
Understanding MX Records: A Guide for Better Email DeliveryWiki

Understanding MX Records: A Guide for Better Email Delivery

Learn what MX records are and how they ensure email delivery, crucial for managing email systems.

NetVizor Team
Mar 2, 2026

Related Tools

MX Lookup

DKIM Checker

Blacklist Check

SPF Checker

Popular Tools

DNS Lookup

WHOIS Lookup

Domain Age

Nameserver Checker

API Endpoint

POST /api/v1/email/headers
View Documentation