Skip to main content
New Care about email deliverability? Monitor your DMARC, SPF, and DKIM compliance Try DMARC Report → →

Free Email Header Analyzer

Paste raw headers, see the full delivery path with per-hop time delays, and get SPF, DKIM, and DMARC results at a glance.

Parsed in your browser. Nothing uploaded.

What does each hop tell you?

A Received: line is stamped onto the message every time a mail server takes custody of it. The line records who handed the message off, who took it, the protocol used, the server’s identifier, and a timestamp. Read top to bottom in raw form, you are reading from final hop back to origin. The analyzer flips that around so the path reads naturally, oldest to newest.

The delay between any two adjacent hops is the most useful number on the page. Sub-second delays are normal. Multi-second or multi-minute delays usually point to a queueing or greylisting issue at the receiving end. Multi-hour delays nearly always mean a queue backed up because of a downstream problem (often spam-filter rate-limiting or DNS failure).

How to read the results

Delivery path

Each numbered hop is one server taking custody of the message. The +time on each hop is the time elapsed since the previous hop. Total transit at the top is origin to final hop.

Authentication results

SPF, DKIM, DMARC, and any other methods the recipient mail server checked. A pass on all three is the goal. A fail on DKIM with SPF passing usually means the message was modified in transit (forwarder rewriting headers).

Message identity

From, Return-Path, and DKIM signing domain (d=). When these disagree, you are likely looking at a third-party sender on behalf of someone else, which is fine if SPF/DKIM align, suspicious if they do not.

ARC chain

If the message went through a forwarder or mailing list, ARC headers preserve the original authentication results. The number of ARC instances tells you how many forwarders the message passed through.

One message at a time is fine. A regression you find tomorrow is not.

Mailflow Monitoring sends synthetic test messages through your real mail path on an interval, alerts on slow hops the moment they appear, and keeps the receipts so you can prove uptime to whoever asks.

Talk to an expert See how monitoring works

Frequently asked questions

What is an email header?

Email headers are the metadata attached to every message: the From, To, Subject, Date, and Message-ID lines you can already see, plus the Received: chain that records every server the message touched on its way to your inbox, the SPF / DKIM / DMARC results, and the DKIM signatures. Headers travel with the message and are how you trace a delivery problem back to its cause.

How do I get the raw headers from my email client?

Gmail: open the message, click the three-dot menu, choose Show original. Outlook on the web: open the message, three-dot menu, View, View message source. Apple Mail: View menu, Message, All Headers. Outlook desktop: open the message, File, Properties, Internet headers. Copy the entire block and paste it into the analyzer.

How do I read the delivery path?

Each Received: header is added by a mail server as the message moves through it. The most recent server is at the top of the raw headers. The analyzer reverses them so the origin (where the message was first composed or relayed) appears first and the final delivering server appears last. The +time on each hop is how long the message sat between that server and the previous one.

A hop shows a negative delay. What does that mean?

Negative or zero delays usually indicate clock skew between mail servers. It does not mean anything was tampered with. Some servers run slightly fast or slow against UTC and the timestamps on adjacent Received: lines can disagree by a few seconds.

Why are SPF, DKIM, and DMARC empty?

The analyzer reads the Authentication-Results header that the recipient mail server adds. If you pasted headers from a server that is upstream of the final delivery (e.g., a forwarder or relay), or from a sending server, that header will not be present. Always paste the headers as they arrived in the destination mailbox.

Are the headers I paste sent anywhere?

No. Parsing happens entirely in your browser. Nothing is uploaded, stored, or logged. You can confirm by opening DevTools and watching the Network tab while you paste.

When should I use this versus continuous mail flow monitoring?

This tool is for one-off forensics: a specific message arrived late, looks suspicious, or did not arrive at all and you want to retrace the path. For ongoing assurance, use Mailflow Monitoring to send synthetic test messages on an interval and alert you the moment a hop slows down or a delivery fails, so you find out before users do.

Stop reading headers by hand

Mailflow Monitoring exercises your real delivery path on an interval and alerts on hops that slow down before users notice.

Talk to an expert