Paste raw email headers to extract and analyse routing path, authentication results (SPF, DKIM, DMARC), delivery delays, and sender info.
Paste the full raw email headers below (Gmail: ⋮ → Show original → Copy to clipboard)
Every email carries a set of headers — metadata added by each mail server the message passes through. Analyzing these headers reveals the true origin of an email, the path it took, authentication results, and whether it was delayed or tampered with.
Each mail server adds a Received: header. Reading them from bottom to top traces the email's path from origin to your inbox, including timestamps and server IPs.
The Authentication-Results header shows SPF, DKIM, and DMARC pass/fail status as assessed by your incoming mail server.
The lowest Received: header (the first one added) shows the IP address of the originating mail server — useful for tracing spam or phishing to its source.
Comparing timestamps between consecutive Received: headers identifies which hop in the chain caused delays in email delivery.
Yes — any header above the first "trusted" Received: header (added by your own mail server) can be forged by the sender. Always trust only headers added by your own infrastructure.
A non-standard header added by some webmail providers showing the IP address of the user's browser when they composed the message. Not present in all emails.