What Are Email Headers?
Every email contains hidden metadata called email headers that record the complete journey from sender to recipient. Headers include information about the sending server, delivery route, timestamps, and authentication results (SPF, DKIM, DMARC). An email header analyzer parses this metadata to reveal who sent the email, which servers handled it, where delays occurred, and whether the message passed authentication checks.
Email headers are added by each mail server the message passes through. The most important header is Received: — each hop adds one, building a traceable delivery path. Our free email header analyzer parses all headers, builds a visual timeline of hops with delay calculations, and checks authentication results to help you trace email origin and diagnose delivery issues. The analysis runs 100% in your browser — your headers are never uploaded to any server.
How to Analyze Email Headers (3 Methods)
There are several ways to analyze email headers and trace email delivery. Our online email header analyzer is the fastest method, but you can also inspect headers manually in your email client or use command-line tools.
curl -s --head https://mail.example.com to inspect SMTP headers, or save raw email as .eml and open in a text editor. For DNS-level checks, use our DNS Lookup tool to query TXT records directly.What Email Headers Reveal
Our email header analyzer extracts four key categories of information from raw email headers to help you trace email origin, diagnose delivery issues, and verify authentication:
Each Received: header represents a mail server hop. Our analyzer maps the complete route from origin to destination, showing server names, IP addresses, and protocols used at each hop.
The Authentication-Results: header shows whether SPF, DKIM, and DMARC passed, failed, or were not checked. Failed authentication is a strong indicator of spoofing or misconfiguration.
By comparing timestamps between consecutive Received headers, the analyzer calculates the delay at each hop. This pinpoints where delivery slowdowns occur — from greylisting, spam scanning, or server queue backlogs.
Headers like From:, Reply-To:, Return-Path:, and X-Originating-IP: reveal the sender's identity and IP address — essential for email tracing and forensic investigation.
Common Email Headers Explained
Understanding key email headers is essential for effective email header analysis. Here are the most important headers you'll encounter:
The sender's display name and email address. Can be easily spoofed — always verify with SPF/DKIM/DMARC results.
The recipient addresses. To is the primary recipient, Cc is carbon copy, Bcc is hidden.
Added by each mail server hop. Shows from (sending server) and by (receiving server) with timestamps.
A unique identifier for the email, generated by the originating server. Useful for tracking and correlating messages across systems.
Shows SPF, DKIM, and DMARC pass/fail results. Critical for verifying email authenticity and detecting spoofing attempts.
The sender's IP address. Not always present (some providers strip it for privacy). Key header for email tracing.
Contains the cryptographic signature, signing domain (d=), and selector (s=). Verify with our DKIM Checker.
The envelope sender address used for bounce handling. SPF checks are performed against this address, not the From header.
Defines the MIME type of the email body: text/plain, text/html, or multipart/mixed for attachments.
What We Check in Headers
Email Authentication Best Practices
Related Email & DNS Tools
Check SPF records, count DNS lookups, and resolve include chains.
Check DMARC policy, reporting settings, and alignment mode.
Check DKIM records, auto-detect selectors, and verify key strength.
Test SMTP server connectivity, EHLO capabilities, and TLS support.
Check MX records and detect email providers for any domain.
Check if your mail server IP is blacklisted on major RBLs.