Where do I find raw email headers?

In Gmail, open the message and choose 'Show original' from the three-dot menu. In Outlook, open the message and go to File, Properties, Internet headers. In Apple Mail, use View, Message, All Headers. Copy everything above the message body and paste it into the tool.

Back to Apps

Mail Header Analyser

Paste raw email headers to inspect the sender, authentication results, and delivery path. Spot phishing patterns and trace where a message really came from.

Header Input

What Are Email Headers?

Every email carries a set of headers above the visible message body. Headers contain routing information, sender details, authentication results, and the delivery path. They reveal what really happened behind the scenes: who sent the message, which servers handled it, and whether it passed SPF, DKIM, and DMARC checks.

How to Use This Tool

Open the suspicious email in your inbox, find the option to view the raw source or original message, and copy everything above the body. Paste it into the input field above and click Analyse. The tool breaks the headers into:

Summary: From, To, Subject, Return-Path, Reply-To, and Message-ID.
Signals: Suspicious patterns flagged with severity levels.
Authentication Results: SPF, DKIM, and DMARC outcomes as reported by the receiving server.
Delivery Path: Each Received hop showing which servers handled the message.

Where to Find Raw Headers

Client	How to view headers
Gmail	Open message → three dots menu → Show original
Outlook	Open message → File → Properties → Internet headers
Apple Mail	View → Message → All Headers (or Raw Source)
Yahoo Mail	Open message → More → View raw message

Frequently Asked Questions

Is this a phishing detector?+

No. This tool is a header inspector. It parses the headers and flags patterns that are common in phishing, but legitimate emails can also trigger warnings (especially marketing emails and newsletters). Treat the output as a diagnostic aid and verify suspicious messages through other channels.

Why are the Received headers unreliable?+

Only the last few hops (from your trusted mail server backward) can be trusted. Anything earlier can be forged by the sender or intermediate relays. The tool displays the full chain, but give less weight to hops near the top of the chain.

What do SPF, DKIM, and DMARC mean?+

SPF verifies the sending IP is authorised by the sender domain. DKIM verifies the message was not altered in transit using a cryptographic signature. DMARC combines both and tells receivers what to do if checks fail. Legitimate senders typically pass all three.

Why does From differ from Return-Path?+

This is common for emails sent through third-party services like Mailchimp, Sendgrid, or Resend. The From shows the brand, and the Return-Path shows the service that actually delivered the message. It is normal for marketing mail, but worth double-checking on anything unexpected.

Is my data safe?+

Yes. All parsing happens in your browser. Nothing is sent to a server, stored, or logged. The tool is fully client-side.

What Are Email Headers?

How to Use This Tool

Summary: From, To, Subject, Return-Path, Reply-To, and Message-ID.

Signals: Suspicious patterns flagged with severity levels.

Authentication Results: SPF, DKIM, and DMARC outcomes as reported by the receiving server.

Delivery Path: Each Received hop showing which servers handled the message.

Client

How to view headers

Gmail

Open message → three dots menu → Show original

Outlook

Open message → File → Properties → Internet headers

Apple Mail

View → Message → All Headers (or Raw Source)

Yahoo Mail

Open message → More → View raw message