Analyze Email Headers for Authentication and Routing Signals

How to use it

Start With Authentication and Alignment

Headers do not prove that an email is safe, but they help explain whether the sender domain was authenticated and whether visible sender fields match the technical envelope.

About email headers

What Email Headers Reveal About a Message

What are email headers?

Every email carries metadata that records who claims to have sent it, which servers handled it on the way, and whether the sending domain was authenticated. This metadata is called the email header. Most mail clients hide it behind menus like "View source" or "Show original," but it is the most reliable place to look when you are trying to confirm whether a message is genuine, find why a transactional email landed in spam, or investigate a suspected phishing attempt.

What this analyzer checks

The tool parses the header text locally in your browser and surfaces the fields that matter for security: Authentication-Results (SPF, DKIM, DMARC), From, Reply-To, Return-Path, and the Received chain. It compares the visible From domain with the Return-Path and Reply-To domains, flags unusually long routing paths, and gives you a quick verdict score so you can decide whether to trust links and attachments. Nothing is sent to a server.

Reading SPF, DKIM, and DMARC results

SPF pass means the sending IP is authorized in the envelope domain's DNS. DKIM pass means the message was signed with a key the domain owner published, so the body was not modified in transit. DMARC pass means at least one of SPF or DKIM aligned with the visible From domain. A missing or fail result for any of the three is not proof of phishing on its own, but combined with mismatched Reply-To, unusual Received hops, or generic display names it is a strong signal to slow down.

Where to find raw headers

In Gmail open the message, click the three-dot menu and choose "Show original." In Outlook on the web, open the message, click "More actions" and pick "View message source." In Apple Mail use View → Message → All Headers. Copy the entire block, paste it into the field above, and the analyzer will run instantly.

Email Header Analyzer FAQ

Does the analyzer upload my email?
No. The analyzer runs entirely in your browser. The header text you paste is parsed locally and never sent to Temp.now or any third party.
How do I get the raw header from Gmail, Outlook, or Apple Mail?
In Gmail open the message and choose "Show original" from the three-dot menu. In Outlook on the web choose "View message source" from More actions. In Apple Mail open View → Message → All Headers. Copy everything from the top down to the blank line before the body.
What does a DMARC fail in the header actually mean?
DMARC fail means neither SPF nor DKIM aligned with the visible From domain. The message may still reach the inbox if the receiver only enforces DMARC at quarantine or reject, but it is a strong indicator that the sender either misconfigured authentication or that the message is spoofed.
Can a clean header prove an email is safe?
No. Passing authentication only proves that the sending domain authorized the IP and signed the message. Phishers can still pass SPF and DKIM on a domain they registered themselves. Always combine header analysis with sender reputation, link inspection, and the wording of the message itself.

Need to Publish Sender Records?

Use the SPF generator next when you are configuring a domain you control.

Open SPF Generator Open Temp Inbox

Browse all email tools