Free Tool

Email Header Analyzer

Analyze raw email headers to verify authentication (SPF, DKIM, DMARC), trace routing hops with delay detection, and review email metadata. Get an instant health score with actionable recommendations.

Paste your email headers

What is Email Header Analyzer?

Email headers are metadata attached to every email that travel with the message from sender to recipient. They contain authentication results (SPF, DKIM, DMARC pass/fail), the routing path through mail servers, timestamps, and sender information. Analyzing headers helps you diagnose deliverability issues, verify authentication is working, and identify delays or suspicious routing.

Why It Matters

When your emails go to spam and you can't figure out why, the answer is almost always in the headers. They reveal exactly where authentication failed, which server flagged your message, and how long delivery took. Without header analysis, you're debugging deliverability blind. This is the tool experienced email ops teams use first when diagnosing inbox placement issues.

How to Use This Tool

Get Your Email Headers

Open an email in your inbox (Gmail, Outlook, Yahoo, or Apple Mail) and use the 'Show original' or 'View source' option to access the raw headers. Copy the full text.

Paste and Analyze

Paste the copied headers into the text box above. The tool instantly parses them and shows your authentication results, routing path, and health score.

Review Authentication

Check that SPF, DKIM, and DMARC all show 'Pass'. If any show 'Fail' or 'Not Found', use our free generators to set up the missing records.

Check Routing

Review the routing timeline for unusual delays or excessive hops. Long delays between hops can indicate server issues that affect delivery speed.

Common Mistakes to Avoid

Only checking authentication and ignoring routing delays

Long delays between hops can indicate server misconfiguration or rate limiting by receiving servers — both signs of reputation problems that authentication checks alone won't reveal.

Testing with internal emails only

Emails between accounts on the same domain often skip spam filtering. Always test deliverability by sending to external Gmail, Outlook, and Yahoo addresses.

Ignoring 'softfail' SPF results

A softfail (~all) means the sender isn't explicitly authorized. While emails may still deliver, many providers treat repeated softfails as a negative signal over time.

Not checking headers after DNS changes

After updating SPF, DKIM, or DMARC records, always send a test email and analyze headers to confirm the changes are reflected. DNS propagation can take 24-48 hours.

Frequently Asked Questions

Email headers are lines of metadata prepended to every email by mail servers along the delivery path. They include sender/recipient information, timestamps, authentication results (SPF, DKIM, DMARC), and routing details. They're normally hidden but can be viewed in any email client.

No. Email headers are separate from the email body. The 'Show original' view in most clients includes both headers and body, but this tool only parses the header section. Either way, everything runs in your browser — nothing is sent to any server.

SPF verifies the sending server is authorized to send for the domain. DKIM verifies the email hasn't been tampered with using a digital signature. DMARC ties them together with a policy that tells receiving servers what to do when checks fail. All three should show 'Pass' for optimal deliverability.

Common causes: SPF record is missing or doesn't include your sending service, DKIM isn't configured in your email platform, or DMARC isn't published. Use our free SPF, DKIM, and DMARC generators to create the correct DNS records.

Most emails pass through 3-5 hops. More than 5 hops isn't necessarily a problem, but it can indicate complex routing. What matters more is the delay — each hop should add less than a second. Delays over 30 seconds suggest server issues.

Open the email, click the three dots (⋮) in the top-right corner of the message, select 'Show original'. This opens a new tab with the full headers. Copy all the text and paste it into the analyzer.

Related Free Tools

DMARC Record Generator

Generate a DMARC DNS TXT record to protect your domain from email spoofing and phishing.

Try it free

SPF Record Generator

Generate an SPF DNS TXT record to authorize which servers can send email on behalf of your domain.

Try it free

DKIM Record Generator

Generate DKIM DNS records and cryptographic keys to verify your emails haven't been tampered with in transit.

Try it free

Authentication verified? Now build your reputation.

You've confirmed your email authentication is working. The next step is warming up your sender reputation. TrulyInbox automates email warmup so you land in the inbox.