trace·warrior
  • Tools
  • Monitoring
  • Pricing
  • Resources
  • About
Sign inGet started
trace·warrior

Network diagnostics for IT professionals. Built for speed, accuracy, and the long tail of the Friday afternoon outage.

ALL SYSTEMS NOMINAL
Tools
  • DNS Lookup
  • Ping Test
  • Port Checker
  • WHOIS
  • See all
Product
  • Monitors
  • Pricing
  • How-to guides
  • Compare
Resources
  • Blog
  • API docs
  • Tool index
  • Contact
Company
  • About
  • Privacy
  • Terms
  • Cookie policy
© 2026 Trace Warrior · made for engineers, by engineersnetwork forensics, quietly
/
/
tools/dns & domain/email-header-analyzer
DNS & Domain

Email Header Analyzer

Free email header analyzer. Paste the raw headers from any email and see the full delivery path hop by hop with the delay at each stop, the SPF, DKIM and DMARC authentication results, the spam-filter verdicts (including Microsoft's SCL), and the key message headers. Everything is parsed in your browser, nothing is uploaded. The fast way to see where a message went, how long it took, and whether it authenticated.

Parsed entirely in your browser. Nothing is uploaded.

What email headers reveal

Every email carries a stack of headers that record how it travelled. The Received lines are the delivery path, added by each server the message passed through, with the oldest (the origin) at the bottom. The Authentication-Results header records whether SPF, DKIM and DMARC passed at the receiving server. Timestamps between hops expose delays, and provider headers like Microsoft's SCL show the spam verdict. This tool parses all of it into a readable timeline so you can see where a message went, how long each hop took, and whether it authenticated, entirely in your browser.

How to get the raw headers

In Gmail, open the message, click the three-dot menu, and choose "Show original". In Outlook, open the message and go to File, Properties, and copy the "Internet headers" box (or, in new Outlook, the message's three-dot menu, View, View message details). In Apple Mail, select the message and choose View, Message, Raw Source. Paste the whole block into the tool above.

Frequently asked questions

How do I read email headers?

Paste the raw headers into the tool above. It reconstructs the delivery path from the Received lines, shows the delay at each hop, and extracts the SPF, DKIM and DMARC results and spam score, so you do not have to read the raw text by hand.

How do I find the sender's IP address from an email?

The bottom-most Received line usually names the originating server and its IP. Be careful: with webmail and large senders the true origin can be masked behind provider infrastructure, so treat the earliest external hop as the best available source.

What does the Received header mean?

Each Received header is a stamp added by one mail server as the message passed through it, recording where it came from, which server handled it, and when. Read from the bottom up, they trace the message's route from sender to your inbox.

How do I tell if SPF, DKIM and DMARC passed?

The Authentication-Results header records the verdict for each, for example spf=pass, dkim=pass, dmarc=pass. The tool surfaces these as clear pass or fail badges at the top of the result.

Related tools

To check whether the sending domain's records are set up correctly in the first place, run the Email Deliverability Test.

  • SPF Checker →
  • DKIM Checker →
  • DMARC Checker →
  • Blacklist Check →