New Unify email, SMS, and WhatsApp in a single platform Join the waitlist
Try for free
Free · No signup · Runs in your browser

Decode any email's hidden headers.

Drop the raw header lines from any message to view a complete structural breakdown with Email Header Analyzer. You can inspect SPF, DKIM, and DMARC security statuses, discover the sender's true network position, chart the transmission route, track junk filters, and estimate phishing dangers. Every calculation occurs right inside your local web browser.

Authentication breakdown Routing timeline Phishing risk flags

Paste email headers

Copy the raw headers from your email client (instructions below) and paste them here. Anything before the empty line of the email body will be parsed.

Try a sample:
What it is

What is an email header analyzer?

An email header analyzer acts as a free diagnostic dashboard that translates hidden corporate metadata into clear text. Every message you open carries dozens of technical lines above the readable text area. This digital file tracks the entire transmission path and names the hosting systems it touched along the way. It also records the sender's identity claims and notes if the receiving mailbox trusted those claims.

This specific program processes the background information directly on your machine. No text ever goes to an external server. The security evaluations come straight from the data blocks inside the file, showing you exactly what your mailbox provider saw during transit.

Audience

Who uses this tool

People needing to look beneath the visual surface of a message to inspect, fix, or investigate delivery data use this script daily. Specifically:

Security-Conscious Users

Open suspicious alerts that pretend to come from your local bank. You can drop the code lines here to spot the true source network and check if the security stamps match the brand.

Email Marketers

Find out why your regular broadcast runs are landing directly in the junk folder. The security results and delivery timelines pinpoint exactly where the transmission chain failed.

Sysadmins & DevOps

Track corporate mail server hops, fix complex automatic forwarding loops, verify incoming validation seals, and ensure policy enforcement functions correctly.

IT Teams & Helpdesks

Review dubious items when corporate staff members ask you to check out a message. The Email Header Analyzer gives a plain English summary of the security status without technical jargon.

Developers

Build modern application tools that rely on automated notification messages. You can use this dashboard to confirm your domain authentication setup works on real delivered text.

Investigators & Journalists

Find the origin points of fishy messages, track down hidden forwarding habits, and check if the claimed sender matches the physical path listed in the file.

3 steps

How to use the analyzer

01

Get Your Headers

Open your message and locate the source code option. Click the three-dot menu in Gmail and select "Show original." Go to File, choose Properties, and locate the Internet headers box in Outlook. Select View, choose Message, and click All Headers in Apple Mail. Highlight and copy the text block.

02

Paste and Analyze

Drop the copied lines into the dashboard window. Press the main action key to parse the details. The script isolates the relevant tracking data even if you accidentally include the main text body.

03

Read the Verdict

Review the main summary panel at the top to see if the message passed its safety checks. The sections below explain every technical point in normal language so you know what failed and why.

Why it matters

Why authentication matters

Header lines provide the only factual record regarding the path of a message. Visual sender labels can easily display false names, and the text address can be spoofed by anyone. The physical routing trail and security check results are locked in place by the destination network before the message ever displays in your inbox folder.

Spot Phishing Fast

Suspect fraud if a message claims to represent a famous brand but fails its primary authentication tests. The metadata highlights the deception in seconds, bypassing the need for hours of manual research.

Diagnose Delivery Problems

Fix transactional notification messages that keep dropping into junk folders. The timeline chart reveals where processing speeds slowed down, and the security results highlight the specific filters that triggered the block.

Verify Before You Trust

Confirm the source if you receive an unexpected request for an emergency wire transfer from an executive. The tracking lines show whether the data originated from your company's actual network or a random outside system.

FAQ

FAQ

What exactly are email headers?
Messages contain two separate elements consisting of the readable message body and an invisible block of metadata called the headers. Standard email programs keep these technical details out of sight. They display the sender's true server path, every computer the message passed through on its way to your screen, processing timestamps for each station, and the cryptographic results calculated by your provider. Apps use these specific entries to judge if a message is real, sort it into folders, or flag it as a threat.
Are my pasted headers sent anywhere?
The program runs entirely inside your web window through local JavaScript code, meaning your information never leaves your personal device. There are no background databases, tracking records, or analytic programs watching your text. The tool can check the general geographic location of the sender's IP address through a public network, but that request only includes the number string rather than your personal message details. You can skip that step completely, and the remaining analysis will still function normally.
What do SPF, DKIM, and DMARC mean?
The SPF framework checks if the computer that delivered the message has official permission to handle mail for that specific domain name. The DKIM standard looks for a digital signature added by the originating mail system, causing a failure if any text was altered during transmission. DMARC connects these two rules together by requiring that at least one of them passes and aligns perfectly with the address visible in your inbox. Getting green lights across all three metrics means the message is genuine, while total failures suggest a forgery.
The tool says "pass," but the email still looks suspicious. What gives?
These standard safety protocols verify that the message came from the server it claims to use without evaluating the true intentions of the author. A scammer who owns a dangerous domain can configure perfect security settings for that specific web name. Safety checks prove the origin is real rather than confirming the author is honest. Users must always evaluate the actual sending address instead of relying solely on a successful system pass.
The tool says SPF/DKIM/DMARC "fail," but I know this email is legitimate. What gives?
A few routine situations cause authentic mail to fail security checks, such as messages moving through an automated discussion list that alters the text format. Poorly configured company domains, older messages created before these modern rules existed, or third-party delivery services left off an official company list will also cause errors. The ARC standard helps preserve those original validation marks across automated forwards, signaling that the destination network trusts the previous station's checks.
Can this tell me who sent a phishing email?
The metadata details the specific IP address that launched the message, the hosting server company, and the general geographic area of that network computer. This information easily confirms that a message skipped your bank's true network or originated from an unexpected country. Pinpointing the actual person sitting behind a fraudulent campaign requires help from internet service providers and law enforcement teams, which goes beyond what a public text tool can achieve.
What does the IP geolocation actually tell me?
The mapping function displays where the physical mail computer sits rather than tracking the personal location of the sender. A scammer operating in one country can easily lease an online server based in a completely different territory. Legitimate corporations in the United States often send business messages through global cloud networks that use data centers around the world. The feature helps confirm if a message came from an unknown location, but it does not act as an individual tracking system.
Why didn't the tool find a spam score in my headers?
Spam metrics only appear if your specific provider includes them in the raw text block. Different email networks use completely different labels to record these scores, with Google using one name format, Microsoft opting for another, and various platforms omitting the metric entirely. The analyzer cannot display a rating if those specific lines are missing from your pasted text because the script never fabricates data.
Send an email that people actually receive. Built for Shopify merchants.
Forward is the email, SMS, and WhatsApp platform built exclusively for Shopify stores. Pre-configured authentication, deliverability monitoring, and automation flows done right from day one.
Copied