Primary use
Header parsing
Turn raw headers into a structured summary before starting incident review.
Run a free header analysis
Paste the full raw header block from a received message. The analyzer summarizes sender-policy verdicts, routing hops, and the rest of the parsed header map.
Best fit
This page is strongest when a team already has a suspicious message and needs to understand what actually happened before escalating the incident.
Upgrade path
A parsed header explains one message. Production confidence comes from combining that evidence with repeatable inbox, auth, and content checks.
Primary use
Turn raw headers into a structured summary before starting incident review.
Auth view
See the sender-policy outcomes that usually explain why trust or alignment broke.
Route view
Inspect relay hops and timing to locate delay or routing anomalies more quickly.
Output
Keep the original evidence visible in a grouped format that is easier to review and share.
What this checks
Header dumps are only useful when the important signals are made obvious. This analyzer emphasizes sender-policy verdicts, routing hops, and identity fields before the rest of the header map.
Auth
Verdict summary
Start with SPF, DKIM, and DMARC outcomes before chasing lower-signal clues.
Routing
Hop chain
See the path through receiving systems and identify suspicious or slow relays.
Identity
From vs return-path
Compare visible sender identity and envelope domains during alignment review.
Evidence
Parsed headers
Keep the raw header families available for deeper review once the summary points to a likely cause.
Triage order
Most message-header investigations do not need every field at once. Start with authentication, then trace the route, then compare sender identity fields before changing DNS or provider settings.
Check SPF, DKIM, and DMARC results first so sender-policy failures are not mistaken for content or routing issues.
Follow the relay path and timestamps to find queue delay, unexpected hops, or provider handoff problems.
Compare From, Return-Path, Reply-To, and DKIM signing domains when alignment looks suspicious.
Move into SPF, DKIM, DMARC, spam, or inbox-placement checks once the header evidence points to a likely owner.
Operational use
Searchers usually want an email header analyzer because a message misbehaved, not because they want generic documentation. Treat this page as the first forensic step after a suspicious receipt outcome.
Parse the suspicious message first so SPF, DKIM, DMARC, and hop delays are visible before the incident expands into guesswork.
Inspect headers after provider changes to confirm the new sender path is producing the expected auth and routing evidence.
Share a structured header summary instead of a raw dump when multiple teams need to review the same message quickly.
Validate the published SPF record when Authentication-Results shows sender-policy problems.
Open toolConfirm the selector and DNS record behind a DKIM verdict in the headers.
Open toolPair header forensics with broader spam-risk diagnostics before escalating a deliverability issue.
Open toolUse controlled inbox testing when you need repeatable placement and receipt validation, not just one message analysis.
Open toolThis email header analyzer parses raw RFC 5322 headers, summarizes SPF, DKIM, and DMARC results, maps the Received chain, and groups the remaining headers so incident review starts from a structured output instead of a wall of text.
Use header analysis during delivery incidents, after infrastructure changes, or when a message lands unexpectedly. Headers are usually the fastest source of truth for auth, routing, and timing questions.
Start with Authentication-Results and the Received chain. That usually tells you whether the message failed sender policy, took an unexpected route, or encountered delays between relays.
No. Header analysis explains what happened to a specific message. It is strongest when paired with sender-auth checks and controlled inbox testing for repeatable validation.