Paste the raw headers of an email to trace its path, reveal the originating IP and mail server, and read the SPF, DKIM and DMARC results — or look up the authentication records for any domain. Nothing is stored; everything runs on this page.
| SPF | Sender Policy Framework — a DNS record that lists which servers are allowed to send mail for a domain. Pass means the sending IP is authorized. |
| DKIM | DomainKeys Identified Mail — a cryptographic signature added by the sending server. Pass means the message wasn’t altered and really comes from the signing domain. |
| DMARC | Builds on SPF and DKIM and tells receivers what to do with messages that fail (none / quarantine / reject). It also requires the visible From domain to align with SPF/DKIM. |
| Received chain | Each server that handled the message adds a Received line. Read bottom-to-top to follow the path from origin to your inbox and spot the real originating IP. |
Tip: a message can show a friendly From address while the Received chain and Return-Path point somewhere else — a classic sign of spoofing or a compromised relay.