Email Header Analyzer

Trace an email's path + read its SPF/DKIM/DMARC — in your browser.

Stays on your device. This tool runs in your browser — nothing you paste or open ever leaves it. Nothing uploaded, nothing to leak.

From
To
Subject
Date
Hops
Help us improve Was this tool useful? Tap a star. Thanks — your rating helps others find it.
Be the first to rate

How to analyse an email header

Open the message in your mail client and choose "Show original" (Gmail), "View source" / "Message source" (Outlook, Apple Mail) or "View headers", then copy everything and paste it in. You will see the From, To, Subject and Date, the SPF/DKIM/DMARC verdict, and every "Received" hop in order with the delay between them — handy for spotting where a slow or suspicious email really came from.

Embed this tool on your site
<iframe src="https://techwhack.com/tools/email/email-header/embed" width="100%" height="440" frameborder="0" loading="lazy"></iframe> <!-- Powered by TechWhack -->
An email header analyzer decodes the hidden headers on any email — the chain of mail servers it passed through and how long each hop took, who really sent it, and whether it passed SPF, DKIM and DMARC. Paste the raw header to trace it. It is parsed entirely in your browser, so nothing is uploaded.

What the auth results tell you

SPF pass means the sending server was authorised for that domain; DKIM pass means the message was cryptographically signed and untampered; DMARC pass means it aligned with the domain's policy. A fail on a message claiming to be from your bank is a strong phishing signal.

FAQ

Where do I find the raw header?In Gmail: the ⋮ menu → "Show original". In Outlook: File → Properties, or "View → Message source". In Apple Mail: View → Message → Raw Source. Copy the whole thing.
Is my email private?Yes — the header is parsed entirely in your browser and never uploaded or stored. You can even use it offline once the page has loaded.
What does an SPF or DMARC "fail" mean?The message was not sent from a server the real domain authorises, or it did not align with the domain's policy — a common sign of spoofing or phishing.