Free Tool · No sign-up

Email Header Analyzer – Trace & Check for Spoofing

Paste raw email headers to see the delivery path and SPF, DKIM & DMARC results. Private.

Paste the raw headers of an email to see the route it travelled, how long each hop took, and whether it passed SPF, DKIM, and DMARC — the checks that reveal whether a message is genuine or spoofed.

Headers are parsed entirely in your browser. Nothing you paste is sent anywhere, logged, or stored.

Paste an email's raw headers to reveal the exact route it travelled, how long each hop took, and whether it passed the three authentication checks that expose spoofing: SPF, DKIM, and DMARC. It's the fastest way to answer “is this email real or fake?” — and every header is parsed in your browser, never uploaded.

How to get an email's raw headers

  • Gmail: open the email → ⋮ menu → Show original → copy everything.
  • Outlook: open the email → File → Properties → copy the Internet headers box.
  • Apple Mail: View → Message → Raw Source.

Frequently asked questions

What do SPF, DKIM, and DMARC mean?

SPF checks the sending server is allowed to send for that domain. DKIM verifies the message wasn't tampered with using a cryptographic signature. DMARC ties the two together and tells receivers what to do if they fail — a DMARC pass is the strongest sign an email is genuine.

Is my email data private?

Yes. The headers are parsed entirely in your browser with JavaScript. Nothing you paste is transmitted, logged, or stored.

The email failed the checks — is it definitely a scam?

Not always — misconfigured mailing lists and forwarded mail can fail legitimately. But a failed DMARC on a message claiming to be from a bank, delivery service, or well-known brand is a strong red flag. Don't click links or download attachments.