Email Header Analyzer – Free Online SPF/DKIM/DMARC Check

What is Email Header Analyzer?

This free online tool analyzes email header information to visualize delivery routes, authentication results (SPF/DKIM/DMARC), delays, and sender origin. Simply paste the email header source and get instant analysis.

All processing is done entirely in your browser using JavaScript. No data is sent to any server. You can safely analyze headers from confidential business emails.

Key Features

Use Cases

How to View Email Headers

The method to access email headers varies by email client. Here are step-by-step instructions for popular email services:

Gmail (Web)

Outlook (Web / Microsoft 365)

Apple Mail (Mac)

Thunderbird

Email Header Glossary

From

The sender's email address as displayed in the email client. This value can be freely set by the sender, so it may be spoofed. Use SPF/DKIM/DMARC to verify legitimacy.

Return-Path (Envelope From)

The actual sender address used during mail delivery. Bounce messages are returned to this address when delivery fails.

Received

Headers added by each mail server the message passes through. The bottom-most Received header is closest to the original sender. Used for tracking delivery routes and identifying delays.

Authentication-Results

Records the authentication results (SPF, DKIM, DMARC) performed by the receiving mail server. Values include pass, fail, softfail, neutral, and none.

SPF (Sender Policy Framework)

Verifies whether the sending IP is authorized by the domain's DNS SPF record. Defined in RFC 7208.

DKIM (DomainKeys Identified Mail)

Uses digital signatures to verify that the email has not been tampered with and confirms the sender's domain. Defined in RFC 6376.

DMARC

Combines SPF and DKIM results with domain alignment to determine email authenticity. Defined in RFC 7489.

Message-ID

A unique identifier assigned to each email, automatically generated by the sending server.

How Email Headers Work

Header Structure (RFC 5322)

Email headers consist of "Field-Name: Value" pairs containing metadata about the message. Headers and body are separated by a blank line. The format is defined in RFC 5322 (Internet Message Format).

Reading Received Headers

Received headers are added by each server the email passes through. Format: Received: from [sender] by [receiver] with [protocol]; [timestamp]. The bottom-most entry is the first server (closest to sender).

SPF Authentication (RFC 7208)

The receiving server checks the sender's IP against the domain's DNS SPF record. A match yields pass; a mismatch yields fail or softfail.

DKIM Authentication (RFC 6376)

The sender adds a digital signature. The receiver retrieves the public key from DNS and verifies the signature to ensure the message hasn't been altered.

DMARC (RFC 7489)

Requires either SPF or DKIM to pass with domain alignment (From domain matches). The domain owner declares a policy (none/quarantine/reject) for failed messages.

FAQ

Where can I find email headers?

In most email clients, look for "Show original", "View source", or "Message details" in the email menu. See the "How to Get Email Headers" section above for step-by-step guides.

Is my data sent to a server?

No. All analysis is performed entirely in your browser using JavaScript. No data is transmitted or stored on any server.

Why is my email marked as spam even though SPF/DKIM/DMARC all pass?

Spam filtering considers many factors beyond authentication, including message content, sender IP reputation, and sending history.

Why are the Received header timestamps different?

Each mail server may be in a different timezone. This tool converts timestamps to your local time, but server clock inaccuracies may cause slight calculation errors.

What can't this tool do?

This tool only analyzes header information. It cannot display email content, test email delivery, or access server-internal processing data.