Does this analyzer upload my email headers?

No. Parsing and analysis run fully in your browser memory. Header text is never sent to ToolsHub servers, and nothing is stored unless you copy results yourself.

Can it explain slow delivery between mail servers?

Yes. Each Received hop is ordered oldest to newest with per-hop delay calculations and total transit time. Slow hops are highlighted so bottlenecks are easy to spot.

What authentication results are extracted?

The tool reads Authentication-Results, Received-SPF, and DKIM-Signature data to surface SPF, DKIM, and DMARC verdicts with related domains and selector context.

Why can SPF pass while DMARC still fails?

DMARC cares about domain alignment, not only raw SPF pass/fail. If the envelope sender domain that passed SPF does not align with the visible From domain, DMARC can fail even with SPF pass.

What does a negative hop delay mean in Received headers?

Negative delay usually means clock skew between servers or malformed timestamps. The analyzer marks these as unknown timing instead of assuming transit speed, so investigations stay evidence-based.

Is it normal for Reply-To to differ from From?

Sometimes yes, especially for support workflows or ticket systems, but unexpected differences can indicate impersonation. Always validate reply domains against trusted sender infrastructure before acting.

Email Header Analyzer

Paste full message headers to get a Received-hop timeline, SPF/DKIM/DMARC verdict parsing, and domain-alignment checks without uploading sensitive email data.

Updated June 2026

Files never leave your browser

Analyze email headers

Paste raw headers to inspect route hops, authentication checks, and alignment signals. Processing stays entirely in your browser.

Raw email headers

How to use Email Header Analyzer

The Email Header Analyzer decodes raw RFC 5322 headers and turns them into a readable delivery timeline, authentication summary, and alignment check report. Paste headers from Gmail, Outlook, or any SMTP relay to inspect how a message moved hop by hop, how long each hop took, and whether SPF, DKIM, and DMARC checks passed. Because parsing runs fully in your browser, sensitive metadata stays local while you investigate suspicious mail, delayed delivery, spoofing attempts, or forwarding side effects that break alignment.

Copy the raw header block from your email client or message source.
Paste it into the analyzer input or click Load sample to explore the output format.
Run analysis to parse fields, timeline hops, authentication verdicts, and alignment checks.
Review slow-hop warnings, mismatch flags, and spam-related header clues.
Use related SPF, DKIM, DMARC, and MX tools for deeper DNS-level remediation.

Your data never leaves your device — 100% private processing.

How Received-hop timing exposes delivery bottlenecks

Every SMTP relay that accepts a message adds a Received header with routing context and typically a timestamp. Reading those lines in the right direction matters: headers are appended top-down, so operational timelines should be reversed to show oldest to newest processing. By parsing each hop date and calculating deltas, you can isolate where latency occurs — for example, a queue delay at the sender MTA, handoff delay at an antispam gateway, or regional lag before final mailbox acceptance. Unknown or missing timestamps are common in malformed or partially forwarded headers, so good analysis marks those gaps explicitly instead of fabricating timing data.

Authentication and alignment interpretation in practice

Authentication-Results lines can contain multiple methods, policy details, and vendor-specific notes. SPF validates the envelope path (often smtp.mailfrom), DKIM validates signed header/body integrity for a d= domain, and DMARC evaluates policy using alignment with the visible From domain. A message can pass SPF but still fail DMARC if alignment breaks, such as through forwarding or mismatched return paths. Parsing Received-SPF and DKIM-Signature alongside Authentication-Results gives a fuller picture of what each server observed. Combined with From, Return-Path, and Reply-To comparisons, this helps distinguish legitimate forwarding edge cases from active spoofing attempts.

Glossary

Received header: An SMTP trace line added at each mail hop, often including from/by details and a timestamp.
Authentication-Results: A header where receiving systems publish SPF, DKIM, DMARC, and related authentication verdicts.
Return-Path: Envelope sender address used for bounces; often differs from the visible From address.
DMARC alignment: A policy requirement that authenticated SPF or DKIM domains align with the From domain.
DKIM selector: The s= token in DKIM-Signature indicating which DNS public key should verify the signature.

Frequently Asked Questions

Free · No spam

Get weekly tool tips & updates

New tools, power-user tips, and productivity hacks — delivered free every Friday.

No spam, ever. Unsubscribe with one click.

Why use Email Header Analyzer?

Builds an oldest-to-newest Received-hop timeline with delay calculations and slow-hop highlights
Extracts SPF, DKIM, and DMARC verdicts from Authentication-Results plus Received-SPF and DKIM-Signature context
Flags From vs Return-Path domain mismatch and Reply-To differences that often indicate spoofing or routing changes
Summarizes key headers, unsubscribe metadata, and spam-related fields in one analyst-friendly view

Common use cases

Investigate why an important message was delayed between gateways
Verify that SPF, DKIM, and DMARC all align for campaign deliverability checks
Spot spoofing signs by comparing visible From with envelope sender and reply target
Review spam-assessment headers from mailbox providers during phishing triage

Related Network & DNS

SPF Record Checker

Check the SPF (Sender Policy Framework) record for any domain. Validate your email authentication setup and spot misconfigurations instantly.

DMARC Record Checker

Check the DMARC policy for any domain. Validate p=reject, p=quarantine, or p=none and review your alignment and reporting settings instantly.

DKIM Record Lookup

Look up DKIM (DomainKeys Identified Mail) DNS records for any domain and selector. Verify your DKIM email authentication setup.

DNS Lookup Tool

Look up DNS records for any domain — A, AAAA, MX, NS, TXT, CNAME, SOA, and CAA records. Free, instant results pulled from authoritative nameservers.

DNS Propagation Checker

Check if your DNS changes have propagated worldwide. Test A, MX, and NS records across 8 global DNS servers to confirm updates are live everywhere.

What Is My IP Address?

Instantly find your public IP address. Shows your IPv4 address as seen by websites and servers, plus quick details about your connection.

Explore all Network & DNS.