Paste your raw email headers below. Instantly decode authentication results, trace every mail server hop, and diagnose SPF, DKIM, and DMARC failures for free. No sign-up required.
Used by newsletter operators, email marketers, and deliverability teams to diagnose inbox placement issues across every major ESP. This tool parses headers locally in your browser and does not store or transmit your data to any server.
How it works
Paste your raw email headers
Go to your email client, copy the raw headers and paste them in our analyzer.
Analyze headers
Click on the analyze headers button and our tool will progress to the next step to check and analyze the email headers.
Get your email headers analysis
Get instant email header analysis that shows you basic information, authentication results, mail server hops and security analysis.
What the analyzer checks
SPF (Sender Policy Framework)
Verifies the sending IP was authorized by your domain’s DNS. A failing SPF check is one of the fastest paths to the spam folder.
DKIM (DomainKeys Identified Mail)
Validates the cryptographic signature attached to your message. DKIM failure means the message body or headers were altered in transit, or your signing key is broken.
DMARC (Domain-based Message Authentication)
Checks whether SPF or DKIM align with your visible From: domain. Without DMARC alignment, Google, Yahoo, and Outlook can reject your mail outright under their 2024 bulk sender policies.
Received headers & server hops
Every relay your message touched, in order, with timestamps. Identify unexpected third-party servers, routing delays, and infrastructure misconfigurations.
Frequently Asked Questions
What is an email header?
An email header is hidden metadata that travels with every message. It records the sending server, routing path, authentication results (SPF, DKIM, DMARC), and timestamps from every mail server that handled the message. Headers are invisible in normal email clients but contain the full forensic record of how and whether your email was delivered.
How do I view raw email headers?
The method depends on your email client.
Gmail
- Open the message
- Click the three-dot menu in the top-right corner of the email
- Select Show original — this opens a new tab with the full raw headers
Outlook (web)
- Open the message
- Click the three-dot menu
- Select View
- Click View message source
Apple Mail
- Open the message
- Click View in the menu bar
- Select Message
- Click All Headers
Once you have the raw view open, copy everything from the top down to the start of the message body, then paste it into the analyzer above.
Why does my email header show SPF pass but DMARC fail?
DMARC requires alignment. The authenticated domain must match your visible From: address.
If your ESP uses its own domain as the envelope sender (Return-Path), SPF passes against the ESP’s domain but fails DMARC alignment against yours.
Fix: configure DKIM signing with your own domain, or set up a custom Return-Path with your ESP.
What does SPF softfail mean in email headers?
SPF softfail (~all) means the sending IP isn’t explicitly authorized, but the domain owner has asked receivers to accept it at lower trust rather than reject it.
It’s common during SPF setup but should not be permanent.
The goal is a hard fail (-all) policy once all legitimate sending sources are listed in your DNS record.
Why is my email going to spam?
Email headers reveal the most common causes: SPF failure (sending IP not authorized in DNS), DKIM failure (signature invalid or missing), DMARC misalignment (From: domain doesn’t match authenticated domain), or a high spam score from the receiving server’s filter.
Paste your headers into the analyzer above, the Authentication-Results and X-Spam-Status fields will identify the specific failure.
You can fix any spam issues with your html email template here.
How many Received headers should a legitimate email have?
Most legitimate emails have 2–4 Received headers.
Six or more hops may indicate unusual routing, forwarding chains, or repeated requeuing.
A single Received header is also a red flag and may indicate header manipulation.
Can email headers be faked or forged?
Partially.
Display headers (From:, Subject:, Date:) can be forged by the sender.
Received headers added by each relay server are harder to fake because they’re inserted by the receiving server, not the sender.
The Authentication-Results header added by your own mail server is the most reliable, it reflects checks your server ran independently, not what the sender claimed.
What does a large delay between email header hops mean?
A delay of several minutes between Received timestamps usually means the message was queued.
Common causes: greylisting (an intentional first-pass delay some servers use against new senders), spam filter scanning, or DNS slowness.
Delays of hours indicate the message was deferred, typically a DNS error or the recipient server being temporarily unavailable.
What is DKIM and why does it fail?
DKIM (DomainKeys Identified Mail) is a cryptographic signature your sending domain adds to every message.
It proves the message wasn’t altered in transit.
DKIM fails when the signing key is misconfigured at the ESP level, the key has expired, or the message was modified after signing (common with some forwarding setups).
A DKIM fail is one of the most common causes of DMARC failure.
What is the Authentication-Results header?
Authentication-Results is the field your receiving mail server adds after checking SPF, DKIM, and DMARC.
It’s the most trustworthy field in the header because it’s written by the receiving server, not the sender.
This is the first field to check when diagnosing a deliverability problem.
A healthy result looks like: spf=pass dkim=pass dmarc=pass.