Email Header Analyzer

Paste raw email headers to check authentication, trace delivery path, and diagnose issues

Paste raw headers from "Show Original" (Gmail), "View Source" (Outlook), or "Show Headers" (Apple Mail)

Email headers contain the complete delivery history of a message -- every server it passed through, every authentication check it underwent, and every delay it encountered. Our free Header Analyzer parses raw headers into a structured, readable report, making it straightforward to diagnose deliverability issues, verify authentication, and trace suspicious messages back to their origin.

How to Extract Email Headers

Before you can analyze headers, you need to extract them from your email client. The process varies by provider:

Gmail

Open the message, click the three-dot menu in the top right, and select Show original. Gmail displays the full headers along with a summary of SPF, DKIM, and DMARC results. Copy the entire raw message or just the header block.

Outlook (Web)

Open the message, click the three-dot menu, and select View then View message source. The full headers appear in a new window. In Outlook desktop, open the message, go to File then Properties, and find the headers in the Internet headers text box.

Yahoo Mail

Open the message, click the three-dot menu, and select View raw message. The full headers are displayed at the top of the raw source.

Paste the extracted headers into our tool and submit. The analyzer processes them immediately.

What Each Header Field Means

Email headers are defined primarily in RFC 5322, with extensions for authentication in RFC 7208 (SPF), RFC 6376 (DKIM), and RFC 7489 (DMARC). Key fields include:

Routing Headers

  • Received -- added by each mail server that handles the message. Read bottom to top to trace the delivery path from origin to destination.
  • Return-Path -- the envelope sender address, used for bounce handling and SPF evaluation.
  • Message-ID -- a unique identifier assigned by the originating mail server.

Authentication Headers

  • Authentication-Results -- the receiving server's verdict on SPF, DKIM, and DMARC checks. Look for pass, fail, softfail, or none for each mechanism.
  • DKIM-Signature -- contains the cryptographic signature, selector, and signing domain. Our analyzer verifies whether this signature is valid.
  • Received-SPF -- the SPF evaluation result, including which IP was checked against which domain's SPF record.

Content and Delivery Headers

  • X-Mailer or User-Agent -- identifies the software that sent the message.
  • X-Spam-Status -- spam filter scores from intermediate servers.
  • X-Originating-IP -- in some configurations, reveals the sender's original IP address.

Tracing the Email Path

The Received headers form a chain that documents each hop the message took. Our analyzer displays these hops in chronological order, calculates the time spent at each server, and highlights any unusually long delays. A message that takes 15 seconds between two internal hops is normal; one that sits at a relay for 45 minutes may indicate queuing issues, greylisting, or rate limiting.

Diagnosing Common Issues

Header analysis helps you solve real problems:

  • SPF failures -- the sending IP is not listed in the domain's SPF record. Check the Received-SPF header and compare with the SPF Check results.
  • DKIM failures -- the message body was modified in transit, or the signing key has been rotated. Cross-reference with our DKIM Verify tool.
  • DMARC failures -- neither SPF nor DKIM produced an aligned pass. Use DMARC Analyze to understand the policy implications.
  • Delivery delays -- identify which hop introduced latency by reviewing timestamps in the Received chain.

How to Use This Tool

Paste raw email headers into the input field above. The analyzer returns a structured breakdown of each header field, authentication results, hop-by-hop timing, and flagged anomalies. No account or payment required.

FAQ

What are email headers?

Email headers are metadata lines attached to every email message that record its origin, routing path, authentication results, and delivery details. They are added by each mail server that handles the message and are defined primarily in RFC 5322. Headers are normally hidden by email clients but contain critical information for diagnosing deliverability issues and tracing message origins.

How do I find and view email headers in Gmail or Outlook?

In Gmail, open the message, click the three-dot menu in the top right, and select "Show original" to see the full headers. In Outlook on the web, click the three-dot menu and select "View message source." In Outlook desktop, open the message, go to File then Properties, and find the headers in the Internet headers text box. You can then paste these headers into the Header Analyzer for a structured breakdown.

What do email headers tell you?

Email headers reveal the complete delivery path of a message, including every server it passed through and the time spent at each hop. They also show authentication results for SPF, DKIM, and DMARC, the envelope sender address, spam filter scores, and the originating IP address. This information is essential for diagnosing delivery failures, delays, and authentication problems.

How do I trace the source of an email from its headers?

Read the "Received" header lines from bottom to top -- the bottom-most entry is closest to the original sender. Look for the originating IP address in the first Received header or in the X-Originating-IP field if present. You can then check that IP using the IP Reputation tool to assess the sender's trustworthiness and identify the sending infrastructure.

What is a relay hop in email headers?

A relay hop is a single transfer of an email message from one mail server to another, recorded as a "Received" header entry. Each hop adds a timestamp and server identifier to the headers. Multiple hops are normal in email delivery, but an unusually high number of hops or long delays between hops can indicate routing inefficiencies, greylisting, or queuing issues on intermediate servers.

Stay on top of your email infrastructure. Sign up for the InboxTooling newsletter for deliverability tips, tool updates, and best practices.

Frequently Asked Questions

What are email headers?

Email headers are metadata lines attached to every email message that record its origin, routing path, authentication results, and delivery details. They are added by each mail server that handles the message and are defined primarily in RFC 5322. Headers are normally hidden by email clients but contain critical information for diagnosing deliverability issues and tracing message origins.

How do I find and view email headers in Gmail or Outlook?

In Gmail, open the message, click the three-dot menu in the top right, and select "Show original" to see the full headers. In Outlook on the web, click the three-dot menu and select "View message source." In Outlook desktop, open the message, go to File then Properties, and find the headers in the Internet headers text box. You can then paste these headers into the Header Analyzer for a structured breakdown.

What do email headers tell you?

Email headers reveal the complete delivery path of a message, including every server it passed through and the time spent at each hop. They also show authentication results for SPF, DKIM, and DMARC, the envelope sender address, spam filter scores, and the originating IP address. This information is essential for diagnosing delivery failures, delays, and authentication problems.

How do I trace the source of an email from its headers?

Read the "Received" header lines from bottom to top -- the bottom-most entry is closest to the original sender. Look for the originating IP address in the first Received header or in the X-Originating-IP field if present. You can then check that IP using the IP Reputation tool to assess the sender's trustworthiness and identify the sending infrastructure.

What is a relay hop in email headers?

A relay hop is a single transfer of an email message from one mail server to another, recorded as a "Received" header entry. Each hop adds a timestamp and server identifier to the headers. Multiple hops are normal in email delivery, but an unusually high number of hops or long delays between hops can indicate routing inefficiencies, greylisting, or queuing issues on intermediate servers.

Stay on top of your email infrastructure. Sign up for the InboxTooling newsletter for deliverability tips, tool updates, and best practices.