Email Header Analyzer
Paste raw email headers and instantly see SPF, DKIM, DMARC results, the full delivery path, spam scores, and key metadata — all parsed and explained.
Paste Your Email Headers
What Are Email Headers and What Do They Contain?
Every email message contains two parts: the visible body (the text, images, and HTML you read) and the technical headers that live above the body. Headers record the full routing history of the message, authentication results, spam scores, and metadata like the sender, recipient, subject, and timestamps. Most email clients hide headers from normal view, but they are always present and can be revealed through your mail client's "show original" or "view headers" option.
Analyzing email headers is one of the most reliable ways to diagnose delivery problems, investigate suspected phishing messages, and verify that your authentication setup (SPF, DKIM, DMARC) is working correctly for a real message.
How to Find Email Headers in Different Mail Clients
- Gmail:Open the message, click the three-dot menu (⋮) in the top-right corner, and select "Show original". Copy all content from the popup.
- Outlook (web):Open the message, click the three-dot menu, then View → View message source.
- Apple Mail:Open the message, then View → Message → All Headers, or press Shift + Command + H.
- Thunderbird:Open the message, then View → Headers → All.
- Yahoo Mail:Open the message, click More → View Raw Message.
Copy everything from the first header line (usually Delivered-To: or Return-Path:) down to the blank line before the email body.
Key Headers to Look For
The most important headers for diagnosing delivery issues are:
- Authentication-Results: Shows SPF, DKIM, and DMARC pass/fail results as evaluated by the receiving server. This is the most important header for diagnosing authentication failures.
- Received: One entry per hop in the delivery path. Reading from bottom to top gives chronological order. Each entry usually includes the server hostname, IP address, and timestamp.
- X-Spam-Score / X-Spam-Status: Added by spam filters like SpamAssassin. Shows the numeric score and which rules were triggered.
- DKIM-Signature: The actual DKIM signature attached by the sending server. Contains the selector, domain, and cryptographic signature.
- Return-Path: The envelope sender — the address used for bounce notifications, checked by SPF.
- Message-ID: A unique identifier for the message, useful for tracking it through log files.
What Authentication Results Mean for Deliverability
A message showing spf=pass dkim=pass dmarc=pass in the Authentication-Results header has the best chance of inbox placement. Any failure here should be investigated. An SPF failure often means the sending IP is not listed in your SPF record. A DKIM failure may mean the signature is missing, expired, or the public key in DNS does not match the private key used for signing. A DMARC failure means neither SPF nor DKIM aligned with the From domain.
Header analysis tells you what happened with a specific message. To prevent problems before sending, use email verification on your list and verify your authentication configuration with our SPF, DKIM, and DMARC generator tools. For large lists, bulk verification and the validation API let you integrate checks into your workflow.
Frequently Asked Questions
1. Are my email headers sent to your servers?
No. This tool runs entirely in your browser using JavaScript. The headers you paste are analyzed locally and never transmitted to any server. Your email content and metadata remain completely private.
2. How do I access email headers in Gmail?
Open the email in Gmail, click the three-dot menu icon in the top right of the message, select 'Show original', and the next page shows the raw headers at the top. Click 'Copy to clipboard' or manually select and copy the header block.
3. What does it mean if SPF fails but DKIM passes?
SPF checks the sending server's IP address. A failure means the IP is not in the sender's SPF record — possibly because the message was forwarded or sent through a relay not listed in SPF. DKIM passing is a good sign and can satisfy DMARC on its own if DKIM is aligned with the From domain. Check whether the message was forwarded if SPF consistently fails.
4. Why does an email go through multiple servers?
The Received chain often shows several hops because email passes through multiple servers: the sender's outgoing SMTP server, possibly relay servers, then the recipient's incoming server, and sometimes internal filtering servers. Each adds a Received header. This is normal. Unusual external relays in the middle of the chain can indicate forwarding or routing issues.
5. What is a Message-ID and why does it matter?
The Message-ID is a unique identifier assigned by the sending mail server when the email is created. It helps mail systems track threads, detect duplicates, and correlate delivery logs. If you need to trace a specific message through server logs, the Message-ID is the key identifier to search for.
6. My email shows DMARC fail — how do I fix it?
DMARC fail means neither SPF nor DKIM produced an aligned pass. Check the Authentication-Results header to see which checks failed. For SPF, verify the sending IP is in your SPF record using the SPF Checker tool. For DKIM, confirm the DKIM record is published correctly using the DKIM Checker. Often the fix is adding the sending service to your SPF record or enabling DKIM signing in your mail provider.
Изучите больше возможностей
Откройте для себя все мощные функции, которые предлагает BillionVerify
Verify email addresses before you send
Authentication issues are only one deliverability factor. Invalid addresses cause bounces that damage your sender reputation. Verify your list with BillionVerify.
100 free verifications daily · 99.9% SMTP accuracy · Instant API access · No credit card required