Trace email delivery hops and read SPF / DKIM / DMARC from raw headers

Headers are parsed entirely in your browser — nothing is uploaded.

✉️ Email Header Analyzer — Free Online Tool

Trace email headers and read SPF/DKIM/DMARC, free. Every email carries a stack of headers (RFC 5322) that record how it was built and delivered — including a chain of Received lines added by each mail server it passed through and an Authentication-Results line summarizing SPF, DKIM and DMARC. This analyzer parses raw headers you paste, reconstructs the delivery hops with the delay at each one, and surfaces the authentication results — entirely in your browser.

🚀 Why use this Email Header Analyzer tool?

It rebuilds the Received hop chain in delivery order with per-hop delays and extracts the SPF, DKIM and DMARC verdicts, so you can diagnose slow delivery and spot spoofing without sending the message to a third-party service. 100% free, no registration, and complete privacy — everything runs locally in your browser, so your data never touches a server.

Key Features

🛤️Hop-by-hop trace

Parses every Received header and shows the path in delivery order, from origin to your mailbox.

⏱️Per-hop delay

Computes the time between consecutive Received timestamps so you can see exactly where a message was held up.

🛡️SPF / DKIM / DMARC

Extracts the authentication verdicts from Authentication-Results (and Received-SPF) to help spot spoofing or misconfiguration.

🔒100% private

Headers are parsed locally in your browser; nothing you paste is uploaded, logged or stored — safe for real messages.

Popular Use Cases

Deliverability

  • Find where mail is delayed
  • Check the sending path
  • Verify your servers

Security

  • Spot SPF/DKIM/DMARC fails
  • Investigate spoofing
  • Triage phishing reports

Support

  • Diagnose 'slow email' tickets
  • Confirm origin server
  • Read Message-ID & Return-Path

What It Handles

Parses

  • Folded headers
  • Received chain
  • Authentication-Results

Shows

  • Hops + delays
  • SPF/DKIM/DMARC
  • From/To/Subject/Message-ID

Privacy

  • Client-side only
  • No network calls
  • Safe for real mail

Related Tools

User-Agent Parser

Parse a User-Agent string

URL Parser

Break a URL into parts

JWT Decoder

Inspect a JSON Web Token

Sources & References

Frequently Asked Questions

How do I get an email's raw headers?

In most mail clients use 'Show original', 'View source' or 'Show raw message' (Gmail: ⋮ → Show original; Outlook: File → Properties → Internet headers). Copy the whole header block and paste it in.

How are the delivery hops ordered?

Mail servers add each Received header to the top, so the raw order is newest-first. The tool reverses them to show the true delivery order — from the originating server down to your mailbox — and computes the delay between each pair of timestamps.

What do SPF, DKIM and DMARC pass/fail mean?

SPF checks the sending IP is authorized for the domain; DKIM verifies a cryptographic signature; DMARC ties them to the visible From domain and sets a policy. A 'pass' on all three is a strong authenticity signal; a 'fail' on SPF or DKIM, especially with DMARC, is a common sign of spoofing or misconfiguration.

Why is a hop's delay large?

A long gap between two Received timestamps usually means the message queued at that server — greylisting, rate-limiting, or an overloaded relay. The per-hop delay pinpoints which server held it.

Is my email uploaded anywhere?

No. All parsing happens in your browser; the header text never leaves your device, so it's safe to analyze real, sensitive messages.

🎓 Pro Tips

  • Tip 1: Read hops from the bottom up in the raw text (oldest first) — or just use the ordered table here, which already reverses them for you.
  • Tip 2: A DMARC pass requires SPF or DKIM to pass AND align with the From domain; a passing SPF for a different domain doesn't help — check alignment, not just the verdict.
  • Tip 3: Standard reference: email headers are defined in RFC 5322 — https://www.rfc-editor.org/rfc/rfc5322.