Free Email Header Analyzer
Paste raw email headers to trace the delivery path and read SPF, DKIM and DMARC results — spot spoofed and phishing emails. Free, private, runs in your browser.
About this tool
When an email looks suspicious, the truth is in its headers. This free email header analyzer takes the raw headers from any message and reconstructs the delivery path hop by hop, surfaces the real originating server, and reads the SPF, DKIM and DMARC authentication results so you can tell a genuine message from a spoofed or phishing one.
It's the same forensic first step our analysts take when triaging a reported phishing email. Paste the full headers (every mail client has a 'show original' or 'view source' option) and the tool does the parsing for you — entirely in your browser, with nothing uploaded.
Frequently asked questions
How do I get the raw headers of an email?
In Gmail open the message, click the three-dot menu and choose 'Show original'. In Outlook open the message and use File → Properties, or 'View source'. Copy everything and paste it into the analyzer.
What can the email header analyzer tell me?
It shows the chain of servers the message passed through, the true originating IP, timestamps, and whether SPF, DKIM and DMARC passed or failed — strong signals for whether a message is spoofed.
Is it private?
Yes. Parsing happens entirely in your browser. The headers you paste are never sent to a server.