Free Tool - No Signup Required

Email Header Analyzer

Every email carries hidden technical info — its "headers". Paste them here and this free tool tells you, in plain English, whether the message is properly authenticated and likely to land in the inbox.

What is an email header analyzer?

Every email you send or receive comes with a hidden block of technical text called the headers. You never see it in normal use — your mail app tucks it away behind a "Show original" or "View source" button. Those headers record who really sent the message, which servers passed it along the way, and whether it survived three behind-the-scenes security checks. This tool reads that block for you and explains it in plain language.

You do not need to understand any of the jargon. Paste the headers, press one button, and you get a simple report card: green checkmarks for what is healthy, and clear warnings for anything that could send your mail to the spam folder or let a scammer impersonate your domain.

Why it matters

  • Stops impersonation. If these checks fail, scammers can send fake emails that look like they came from your domain — phishing your customers or staff in your name.
  • Keeps you out of the spam folder. Inbox providers like Gmail and Outlook quietly downgrade or block mail that fails authentication. A failing check is often the reason your messages vanish or never arrive.
  • Explains delivery problems. The list of servers a message passed through can reveal a forged origin, an unexpected detour, or a slow hop that explains why a message arrived late.

How to use it

  1. Open the email you want to check in your mail app (the one you received, or one you sent to yourself).
  2. Reveal its raw headers — for example in Gmail: open the email, click the three-dot menu (⋮), choose Show original. The exact steps for each mail app are listed under the paste box below.
  3. Select everything on that page and copy it, then paste it into the box below. Copying the whole thing is fine — more is better than less.
  4. Press Analyze Headers and read your report. Green is good; yellow and red tell you exactly what to fix.

What the results mean

The report shows a few checks. Here is what each one tells you, in one plain sentence:

SPF — Sender Policy Framework
A pass means the email really was sent by a server your domain officially allows; a fail means it came from an unapproved server, which is a classic sign of spoofing.
DKIM — DomainKeys Identified Mail
A pass means the message carried a valid digital signature proving it was not secretly altered in transit and genuinely came from the signing domain; a fail means the signature was missing, broken, or tampered with.
DMARC — Domain-based Message Authentication, Reporting & Conformance
A passmeans the visible "From" address matches the domain that passed SPF or DKIM, so the sender is who they claim to be; it also shows the domain's policy (whether failing mail should be delivered, quarantined, or rejected).
Spam score & grade (A–F)
A quick health grade for the message — a high score and an A or B means it looks trustworthy to inbox providers, while a low score and a D or F flags issues that risk the spam folder.
Received hop chain
The list of mail servers the message travelled through, from where it started to your inbox — useful for spotting a faked origin or an unexpected relay.
From, Return-Path & origin IP
The address you see (From), the hidden "bounce" address used behind the scenes (Return-Path), and the internet address of the very first server that sent the message — a mismatch between them can be a red flag.

Paste the complete "Show original" / "View source" output, including all the Received and Authentication-Results lines. The whole .eml works too.

How to get your email headers

  • Gmail: open the email → three-dot menu → Show original
  • Outlook (web): open the email → three-dot menu → ViewView message source
  • Apple Mail: View → Message → Raw Source (Cmd+Shift+U)
  • Thunderbird: View → Message Source (Ctrl+U)

Analyze email headers, explained

Every email carries a stack of headers that your mail client hides by default. They record who sent the message, which servers relayed it, and — critically — whether it passed authentication. This email header analyzertakes that raw block of text and turns it into a clear verdict: it reads the receiving server's Authentication-Results header to report SPF, DKIM, and DMARC exactly as the inbox provider saw them, then surfaces the From address, the Return-Path, the Received hop chain, and any spam or deliverability red flags.

The three authentication checks answer different questions. SPF confirms the sending server is authorized for the envelope (Return-Path) domain. DKIM verifies a cryptographic signature, proving the message was not tampered with in transit and genuinely came from the signing domain. DMARC ties them together: it requires that an authenticated identifier aligns with the visible From domain, and it publishes a policy — none, quarantine, or reject — telling receivers what to do when alignment fails. When you analyze email headers here, the DMARC policy is shown alongside the verdict so you can see whether failures would actually be enforced.

Below authentication, the Received hop chainreconstructs the message's journey. Each server stamps its own Received line on top, so the analyzer reverses them to show the path from the originating server down to your inbox. That is where you catch a forged origin, an unexpected relay, a sending IP in the wrong country, or a slow hop that explains a late delivery. Paired with the spam and header-quality indicators — missing Message-ID, a Reply-To on a different domain, suspicious links, or a List-Unsubscribe header expected of bulk senders — you get the full deliverability picture for one specific message.

This tool reuses the same raw-email engine behind the full email deliverability tester, focused on a single paste-and-go workflow. Once you spot a failing check, fix the underlying DNS: validate your policy with the DMARC checker, then re-run the analysis on a fresh message. Browse the rest of the free diagnostics on the tools page.

Frequently Asked Questions

What is an email header analyzer?
An email header analyzer reads the technical headers that travel with every email — the part most apps hide behind "Show original" or "View source" — and turns them into a readable report. It shows whether the three email authentication checks passed: SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting & Conformance). It also identifies the From address and Return-Path, reconstructs the list of servers the message travelled through (the Received hop chain), and flags spam or deliverability issues. Instead of squinting at raw text, you get a verdict per check and a list of concrete fixes — no technical knowledge required.
How do I get the raw headers from my email?
In Gmail, open the message, click the three-dot menu, and choose "Show original" — then copy the whole page or download the .eml. In Outlook on the web, open the message, click the three-dot menu, then "View" and "View message source". In Apple Mail use View, Message, Raw Source (or press Command-Shift-U). In Thunderbird use View, Message Source (or Control-U). Paste the entire block — including all the Received and Authentication-Results lines — into the analyzer for the most accurate result.
Do I need to be technical to use this?
No. You only need to copy the hidden headers from your email and paste them in — no commands, no setup, no signup. The tool does the reading for you and explains the results in plain language, with green checkmarks for what is healthy and clear warnings for anything to fix. If a check fails, you can hand the explanation to whoever manages your domain.
What do SPF, DKIM, and DMARC mean in the results?
These are the three behind-the-scenes checks that prove an email is genuine. SPF (Sender Policy Framework) verifies that the sending server is allowed to send for the domain. DKIM (DomainKeys Identified Mail) verifies a digital signature, proving the message was not altered in transit and really came from the signing domain. DMARC (Domain-based Message Authentication, Reporting & Conformance) ties the two together by requiring that the visible From address matches a domain that passed SPF or DKIM, and tells receivers what to do when a message fails. The analyzer reads the receiving server's Authentication-Results header, so it reports the verdict the inbox provider actually reached.
What is the Received hop chain and why does it matter?
Think of it as the email's travel log. Every mail server that handles a message stamps a "Received" line on it, so the chain shows each stop the message made — a hop — from where it started to your inbox. Reading it reveals the original sending computer's internet address (IP), any servers it passed through, and roughly how long each step took. It is the fastest way to spot a faked origin, an unexpected detour, a server in the wrong country, or a delay that explains a late delivery — context that the SPF, DKIM, and DMARC checks alone do not give you.
Is my email analyzed privately?
The headers are sent to IntoDNS.ai over HTTPS only to run the analysis, and they are not stored or shared. The tool focuses on the technical headers and authentication results, not the body of your message. If you are concerned about a sensitive subject line or addresses, you can redact them before pasting — the SPF, DKIM, DMARC, and Received analysis only needs the headers themselves.
How is this different from sending a test email?
The header analyzer works on an email you already have — paste its raw source and get an instant verdict on a message that really landed somewhere. The send-a-test flow on the email deliverability tester instead gives you a unique address, you send a fresh email to it, and it scores that message end to end including blacklist and content checks. Use the analyzer to debug a specific message you received or sent; use the test flow to benchmark your own sending setup.

DMARC Checker

Validate and parse your published DMARC policy.

Email Deliverability Tester

Send a test email for an end-to-end deliverability score.

All Tools

Browse every free DNS and email diagnostic.