Email Header Analyzer

Paste raw headers — get the delivery path, auth results, and spoofing red flags.

Runs entirely in your browser — headers are never uploaded. Safe for suspicious mail triage.

How it works

The analyzer unfolds RFC 5322 headers locally and extracts: identity fields (From, Reply-To, Return-Path) with mismatch checks, the Authentication-Results verdicts for SPF, DKIM and DMARC, and the Received chain in delivery order with per-hop timing. It flags what it observes — it does not declare a message "safe" or "malicious," because headers alone can't prove either.

FAQ

Where do I get the raw headers?

Gmail: ⋮ menu → Show original. Outlook: File → Properties → Internet headers. Copy everything above the message body.

From and Return-Path differ — is that spoofing?

Not by itself — mailing lists and marketing platforms do it legitimately. It becomes a red flag combined with failed SPF/DKIM/DMARC or a Reply-To pointing somewhere unrelated.