Email Header Analyzer & SPF / DKIM / DMARC Checker

Paste the raw headers of an email to trace its path, reveal the originating IP and mail server, and read the SPF, DKIM and DMARC results — or look up the authentication records for any domain. Nothing is stored; everything runs on this page.

1. Analyze email headers

In your email client open “Show original” / “View source” and paste the full headers below.

2. Check a domain’s SPF / DKIM / DMARC

Enter a domain to fetch its live SPF, DMARC and MX records. Add a DKIM selector (optional) to check a specific DKIM key.

What these checks mean

SPFSender Policy Framework — a DNS record that lists which servers are allowed to send mail for a domain. Pass means the sending IP is authorized.
DKIMDomainKeys Identified Mail — a cryptographic signature added by the sending server. Pass means the message wasn’t altered and really comes from the signing domain.
DMARCBuilds on SPF and DKIM and tells receivers what to do with messages that fail (none / quarantine / reject). It also requires the visible From domain to align with SPF/DKIM.
Received chainEach server that handled the message adds a Received line. Read bottom-to-top to follow the path from origin to your inbox and spot the real originating IP.

Tip: a message can show a friendly From address while the Received chain and Return-Path point somewhere else — a classic sign of spoofing or a compromised relay.