Analyzing mail headers - about the tool
It’s incredibly useful - when troubleshooting email - to examine the mail headers. They usually reveal any issues,
but they can be a pain to read and make sense of. That’s why I’ve created the Mail Header Analyzer.
The tool parses all headers, decodes any encoded values, and presents everything in an ordered, structured,
and readable format. Whether you’re after basic info, metadata, security headers, or trying to trace the delivery
route due to delays, the tool makes it easy to read and understand.
Paste headers into the text area or drag-and-drop the email as a text file.
FAQ
What is a mail header, and why does it matter?
A mail header is the part of an email that contains metadata about the message—such as sender, recipient, subject,
sending servers, timestamps, and security checks. While invisible to most users, headers are essential
for diagnosing delivery issues, tracing the path of an email, and verifying authenticity (e.g. SPF, DKIM, DMARC).
How do I see and copy the mail headers in my mail program?
Viewing mail headers depends on your email client. Here's how to find them in the most common ones:
- Gmail (web): Open the email → click the three dots (⋮) next to the reply button → select 'Show original'
- Outlook (desktop): Double-click the email to open it → click File → Properties → look under Internet headers
- Outlook.com (web): Open the email → click the three dots (⋮) → choose 'View message source'
- Yahoo Mail (web): Open the email → click the "more" icon (three horizontal dots, ...) above the message → select "View Raw Message"
- Proton Mail (web): Open the email → click the three dots (⋮) icon at the top of the message → select "View headers".
- Apple Mail: Open the email → click View → Message → All Headers or Raw Source
- Thunderbird: Select the email → press Ctrl+U (or Cmd+U on Mac) to view the full source
What are the most important headers to look at?
When analyzing email headers, some stand out as especially useful:
- Received: Shows the path the email took from sender to recipient. Use them to trace delays or detect forged origins.
- From / To / Subject / Date: Basic message info – useful to confirm authenticity.
- Return-Path: Tells you where bounces go – often reveals the true sender behind spoofed messages.
- DKIM-Signature, Authentication-Results, SPF, DMARC: Security headers that show whether the email passed authentication checks.
- Message-ID: A unique identifier for the message – helpful when tracking or correlating related messages.
What do 'Received' and 'X-Received' headers tell me, and how do they differ?
The Received headers show the full path an email took across servers - from the original sender to your inbox. Each time the
message is passed between mail servers, a new Received line is added (at the top), recording the time, server IP/hostname,
and protocol. Reading these from bottom to top reveals the delivery route and timing. They're essential for diagnosing
delays, spotting spoofed emails, or verifying the true sender.
X-Received headers are non-standard and mainly used by Google (e.g. Gmail) for internal tracking between their systems.
They serve a similar purpose but are only visible in some messages and are specific to how Google’s infrastructure
handles mail. Use both when analyzing mail flow—Received shows the public route, X-Received gives hints about the
provider's internal handling.
Can I trust the mail headers?
Partially. Some headers, like Received, are added by trusted mail servers along the delivery path and are usually reliable - especially those
added by your own or known providers. However, headers from the sender’s side or the first hop can be forged, as they aren’t always
authenticated. Spammers and attackers often fake these to hide their identity or spoof domains.
To verify authenticity, look at DKIM, SPF, and DMARC results in the headers. They can help you decide whether the message
genuinely comes from the claimed sender. Always treat early headers with caution.
iamroot.tech
DNS lookup
DNS propagation check
Port scan + probeing
WHOIS / RDAP lookup
HTTP/S request tool
TLS/SSL certificate check
E-mail DNSBL blacklist check
Reverse DNS
CIDR calculator
ASN database lookup
What is my IPv4 and IPv6?
GeoIP location
QR code generator
Ping / traceroute
Connection & service tester (TCP/UDP)
Color contrast checker
Color picker
Lorem ipsum generator
URL encode/decode
HTML encode/decode
BASE64 encode/decode
Hash calculator
Compression util
Password generator
SPF multitool
DKIM Key Generator
DMARC check / generate
Mail header analyzer
DMARC Report Analyzer
World map, day/night + local time
Signup using Google
Make a donation