How do I read email headers?

Email headers record the path a message took from sender to your inbox. Paste the raw headers here and the analyzer shows each delivery hop in order, the time spent at each, and the authentication results (SPF, DKIM, DMARC) so you can see where a message really came from.

Is my email uploaded anywhere?

No. The headers you paste are parsed entirely in your browser using JavaScript. Nothing is sent to, logged by, or stored on any server. Close the tab and it is gone.

What do SPF, DKIM and DMARC results mean?

SPF checks that the sending server is allowed to send for the domain. DKIM verifies a cryptographic signature proving the message was not altered. DMARC ties the two together and tells receivers what to do on failure. A 'pass' on all three is a strong signal the mail is legitimate; failures can indicate spoofing or misconfiguration.

Email Header Analyzer

Paste the raw headers of an email to trace its delivery path hop-by-hop, see how long each step took, and check the SPF, DKIM and DMARC results. Everything runs in your browser — nothing is uploaded.

Private — parsed locally, never uploaded.

Authentication

Message details

Delivery path (origin → your inbox)

This analyzer reads the standard Received, Authentication-Results and Received-SPF headers. Times come from each server's own clock, so small skews between hops are normal.

What is an email header?

Every email carries a block of headers — metadata your mail client usually hides. They record who sent the message, the chain of servers it passed through, timestamps at each step, and the results of authentication checks. Reading them is the fastest way to answer questions like "where did this really come from?", "why was it slow?", or "is this a spoof?".

How to read email headers

The most useful part is the Received: chain. Each mail server that handles the message prepends its own Received line, so the list reads newest-first — the top line is the server closest to your inbox and the bottom is closest to the original sender. This tool reverses them into chronological order, draws the journey from origin to delivery, and shows the time gap between each hop so you can spot delays.

What do SPF, DKIM and DMARC mean?

SPF (Sender Policy Framework) checks that the server which sent the mail is authorised to send for the From domain.
DKIM (DomainKeys Identified Mail) verifies a cryptographic signature, proving the message wasn't altered in transit and genuinely came from the signing domain.
DMARC ties SPF and DKIM to the visible From address and tells receiving servers what to do when a check fails (none, quarantine, or reject).

A pass on all three is a strong signal the mail is legitimate. A fail can mean spoofing — or simply a misconfigured sender — so read it alongside the delivery path.

How to find the raw headers

Gmail: open the message → the ⋮ menu → Show original → copy the whole page.
Outlook (desktop): open the message → File → Properties → copy the Internet headers box.
Apple Mail: select the message → View → Message → All Headers.
Yahoo: open the message → More → View raw message.

Is this analyzer private?

Yes. The headers you paste are parsed entirely on your device with JavaScript — they are never sent to, logged by, or stored on our servers. That's the same privacy-first principle behind our disposable email service, our disposable domain checker, and our password generator.

Testing your own email's headers?

If you build software that sends mail and want to verify SPF/DKIM/DMARC end-to-end automatically, MailboxTemp offers a free disposable email API and an open-source npm client — generate a throwaway inbox, send to it from your app, then read back the delivered message and its headers from your test code.