Free Tool

Free Email Header Analyzer

Paste your raw email headers to trace the delivery route, check authentication, and spot potential problems.

How to Find Email Headers

Gmail

  1. 1.Open the email you want to inspect.
  2. 2.Click the three-dot menu in the top right.
  3. 3.Select "Show original".
  4. 4.Copy everything from the top down to the blank line before the body.

Outlook

  1. 1.Open the email, then click File > Properties.
  2. 2.Look for the "Internet headers" box at the bottom.
  3. 3.Select all the text in that box and copy it.
  4. 4.Paste it into the analyzer above.

Apple Mail

  1. 1.Open the email in Apple Mail.
  2. 2.Go to View > Message > All Headers (or press Shift+Cmd+H).
  3. 3.The headers will appear at the top of the message.
  4. 4.Select and copy the header text.

Why Analyze Email Headers?

Email headers contain the behind-the-scenes details of every message that reaches your inbox. They show you the exact path an email traveled, which servers handled it, and whether it passed authentication checks like SPF, DKIM, and DMARC. If you're troubleshooting deliverability issues, investigating phishing attempts, or just curious about how email works, headers give you the full picture.

Every email server that touches the message adds a "Received" header, creating a breadcrumb trail from the sender to your mailbox. Authentication headers tell you whether the sending domain actually authorized that server to send mail on its behalf. When these checks fail, that's often why emails end up in spam.

What Do SPF, DKIM, and DMARC Mean?

SPF (Sender Policy Framework) verifies that the sending server's IP address is listed in the domain's DNS records. DKIM (DomainKeys Identified Mail) adds a cryptographic signature to each message, proving it wasn't altered in transit. DMARC ties SPF and DKIM together and tells receiving servers what to do when both fail — quarantine, reject, or let it through.

A "pass" result on all three means the email is properly authenticated. A "fail" on any of them is a red flag that something's misconfigured or the email may be spoofed.

Frequently Asked Questions

Is it safe to share email headers?

Headers don't contain the body of your email or attachments, but they do include server names, IP addresses, and email addresses. Avoid sharing headers from sensitive emails publicly. This tool runs entirely in your browser — nothing is sent to any server.

Why does my email show so many hops?

Each server that processes the email adds its own Received header. Corporate environments with security gateways, spam filters, and internal relays often add extra hops. More hops aren't necessarily bad — they just mean the email was processed by more systems.

What does a DKIM failure mean?

A DKIM failure means the email's cryptographic signature didn't match when the receiving server checked it. This can happen if the message was modified in transit, if the sending domain's DKIM key is misconfigured, or if a mailing list or forwarding service altered the message.

Can I use this to detect phishing emails?

Yes — headers are one of the best tools for spotting phishing. Look for SPF/DKIM/DMARC failures, mismatches between the From address and the Return-Path, and suspicious server names in the Received headers. If an email claims to be from your bank but the sending server is unrelated, that's a strong phishing indicator.

Fix your email deliverability for good

MailNeo monitors SPF, DKIM, and DMARC for all your domains and alerts you the moment something breaks. Stop guessing — start knowing.

Start Free Trial

Related Resources

What is an Email Header?What is SPF?What is DKIM?SPF Generator