Email Header Analyzer
Paste raw headers — get the delivery path, auth results, and spoofing red flags.
Runs entirely in your browser — headers are never uploaded. Safe for suspicious mail triage.
How it works
The analyzer unfolds RFC 5322 headers locally and extracts: identity fields
(From, Reply-To, Return-Path) with mismatch checks, the
Authentication-Results verdicts for SPF, DKIM and DMARC, and the
Received chain in delivery order with per-hop timing. It flags what it observes —
it does not declare a message "safe" or "malicious," because headers alone can't prove either.
FAQ
Where do I get the raw headers?
Gmail: ⋮ menu → Show original. Outlook: File → Properties → Internet headers. Copy everything above the message body.
From and Return-Path differ — is that spoofing?
Not by itself — mailing lists and marketing platforms do it legitimately. It becomes a red flag combined with failed SPF/DKIM/DMARC or a Reply-To pointing somewhere unrelated.