ZonoTools
Home/Developer/Email Header Analyzer

Email Header Analyzer

Raw email headers

Paste email headers, then click Analyze.

Parsing runs entirely in your browser when you click Analyze. Paste only headers you are allowed to analyze.

How to use

  1. Open the message in your mail app and copy raw headers — see How to get raw headers below for Gmail, Outlook, Apple Mail, and Thunderbird.
  2. Paste the full block into the tool (Delivered-To, Received, Authentication-Results, From, To, Subject, and the rest).
  3. Click Analyze — parsing runs only when you press the button, not while typing.
  4. Review Summary, Authentication, Received hops, and the full table; copy JSON if needed.

FAQ

How do I get headers from Gmail?

Open the message → ⋮ (More) → Show original. Copy the entire page content (Delivered-To, Received, Received-SPF, Authentication-Results, DKIM-Signature, From, To, Subject, etc.) and paste it here.

How do I get headers from Outlook on the web?

Open the message → ⋮ → View message details or View source. Copy the full header block and paste it into the analyzer.

Is my email uploaded?

No. Parsing runs entirely in your browser when you click Analyze. Headers are not sent to our servers.

Should I paste the body too?

Headers are read until the first blank line; MIME body after that is ignored for the header table.

Can this prove SPF/DKIM passed?

It displays Authentication-Results, Received-SPF, and DKIM-Signature from what you pasted — the receiving MTA already made that judgment.

Why does nothing show until I click Analyze?

Large pasted blocks are processed on demand so the page stays responsive and you control when parsing runs.

How do I find the DKIM selector?

After Analyze, read the DKIM-Signature line for s= and d=, then verify DNS with DKIM Checker.

Introduction

An email header analyzer turns opaque raw headers into a readable story: who sent the message, which servers relayed it, and whether SPF, DKIM, or DMARC checks passed or failed at the receiver. That is essential for spam false positives, phishing triage, and deliverability debugging.

Everything runs locally in your browser when you click Analyze — nothing is uploaded.

How to get raw headers

Copy the full header block from your mail client, then paste it into this tool and click Analyze. You can include lines below the headers — the parser stops at the first blank line — but copying everything from “Show original” or “View source” is fine.

Gmail (web)

  1. Open the email.
  2. Click the three dots (⋮) on the right side of the message toolbar.
  3. Choose Show original.
  4. Gmail opens a page with the complete raw message. You will typically see lines such as:
Delivered-To: ...
Received: ...
Received-SPF: pass
Authentication-Results: ...
DKIM-Signature: ...
From: ...
To: ...
Subject: ...
  1. Select and copy the entire content from that page, then paste it into the tool.

Tip: On mobile Gmail, open the message in a browser (or use “Show original” from the web app) — the desktop web UI is easiest for selecting all header text.

Outlook on the web (Outlook.com / Microsoft 365)

  1. Open the email.
  2. Click the three dots (⋯) menu for the message.
  3. Select View message details or View source (wording may vary by tenant and layout).
  4. Copy the full header section shown in the panel or source view.
  5. Paste into the analyzer and click Analyze.

If you only see metadata fields, look for a View source or Message source option — you need the raw Received: and Authentication-Results: lines, not just the friendly From/To summary.

Apple Mail (macOS)

  1. Open the email in Mail.
  2. From the menu bar: View → Message → All Headers to inspect headers in the message pane, or View → Message → Raw Source for the full MIME source.
  3. Copy the header block (from the first header line through the blank line before the body, or the whole raw source).
  4. Paste into the tool.

Shortcut workflow: Raw Source gives you the same kind of paste-friendly block as Gmail’s Show original.

Mozilla Thunderbird

  1. Open the email.
  2. Open the More menu (or right-click the message).
  3. Choose View Source (or View → Message Source).
  4. Copy the source — the top section is headers; you may copy the entire window.
  5. Paste into the analyzer.

Thunderbird’s source view includes headers followed by the MIME body; the tool ignores body content after the first blank line.

What to paste

Include as much of the top of the message as your client provides. The most useful lines for deliverability debugging are:

  • Authentication-Results — SPF, DKIM, DMARC verdicts from the receiver
  • Received-SPF — SPF result in older or parallel format
  • DKIM-Signature — signing domain (d=) and selector (s=)
  • Received — each hop in the delivery path
  • From, To, Subject, Date, Message-ID, Return-Path

Then click Analyze in this tool — nothing is parsed until you press the button.

What does this tool parse?

The analyzer:

  • Unfolds continuation lines (headers split across multiple lines per RFC 5322)
  • Stops at the first blank line (body below is ignored)
  • Builds a summary: From, To, Subject, Date, Message-ID, Return-Path
  • Highlights Authentication-Results, Received-SPF, and DKIM-Signature
  • Lists every Received hop in order (newest first in the table — chain shows path)
  • Renders a sortable-style table of all header names and values
  • Exports JSON (name/value pairs) for tickets

Important headers are visually emphasized in the table.

Key Features

  • Large paste area; empty on first load.
  • Analyze on click — no parsing while typing long headers.
  • Sample loads a realistic multi-hop example for learning the UI.
  • Authentication block for quick pass/fail reading.
  • Received chain for routing and delay analysis.
  • Copy JSON for Jira, Slack, or SOC documentation.

Common Use Cases

  • Explaining why a message landed in spam (read spf=, dkim=, dmarc= in Authentication-Results).
  • Tracing forwarding loops or unexpected relays in Received.
  • Extracting Message-ID and Return-Path for provider support tickets.
  • Finding DKIM s= selector and d= domain before using DKIM Checker.
  • Teaching header structure without installing desktop mail clients.

Best Practices

  • Paste only headers you are authorized to handle (customer mail, abuse reports, your own tests).
  • Compare Authentication-Results on the final receiving hop — intermediates may differ.
  • Use s= from DKIM-Signature with DKIM Checker; verify SPF/DMARC DNS with SPF Checker and DMARC Checker.
  • Headers show what one receiver saw; they do not replace live DNS checks (MX Lookup) or Email Validator for list hygiene.
  • Redact PII before sharing JSON exports externally.

Related Tools

Email ValidatorDisposable Email CheckerMX LookupSPF CheckerDKIM CheckerDMARC Checker
Explore all Developer Tools