Free email header analyzer
What do these headers actually mean?
Paste the raw headers from any email and get a plain-English breakdown of the SPF, DKIM, and DMARC verdicts, plus the hop-by-hop delivery path.
What this tool reads
We parse the Authentication-Results header for the SPF, DKIM, and DMARC verdicts your receiving mail server already computed, plus every Received header to reconstruct the hop-by-hop path the message took to reach you.
Everything happens locally in your browser using plain JavaScript text parsing — no header content is ever sent anywhere, which matters since headers can contain internal server names, IP addresses, and sometimes partial routing details you may not want leaving your machine.
Common questions
Where do I find an email's raw headers?+
In Gmail, open the message, click the three-dot menu, and choose "Show original". In Outlook, open the message, go to File > Properties (desktop) or use the "View message details" option in the message menu (web). Every client calls it something slightly different, but it's usually near "show original" or "message source".
Is it safe to paste email headers into this tool?+
Yes — this tool parses everything entirely in your browser using JavaScript. Nothing you paste is sent to any server; the moment you leave or refresh the page, it's gone. That's also why there's no history or saved results — this is a one-time decode, not a stored report.
What does 'dkim=pass' or 'spf=fail' actually mean?+
These are the verdicts your own mail server or inbox provider computed when the message arrived — pass means that check succeeded, fail means it didn't. This tool doesn't re-run the checks; it reads the verdicts that are already recorded in the Authentication-Results header and translates them into plain language.
Why don't I see an Authentication-Results header?+
Not every mail server adds one, and if you only copied part of the headers (or the message body instead), it won't be there. Make sure you copied the complete raw header block, usually available through a "view source" or "show original" option in your email client.
The verdicts show 'pass' but the email still looked like spam. Why?+
Passing SPF/DKIM/DMARC only proves the message really came from wherever it claims to — it says nothing about whether that sender is legitimate or trustworthy. A scammer who registers a fresh domain and sets up SPF/DKIM/DMARC correctly on it will pass all three checks while still being a scammer. Authentication and reputation are different problems.
More free checks