Mail Headers Analyzer

Paste your email headers to analyze hop delays, SPF/DKIM/DMARC and metadata.

Load example

What is Ανάλυση Mail Headers?

Every email you receive contains "headers" — hidden metadata that records the entire journey of the message from sender to recipient. Ανάλυση Mail Headers parses these headers and shows you: which servers processed the email, how much delay occurred at each hop, and whether it passed SPF, DKIM, and DMARC checks.

How do I find the headers of an email?

  • Gmail: Open the email → Three dots (...) → "Show original"
  • Outlook (web): Open email → Three dots → "View" → "View message source"
  • Outlook (desktop): Open email → File → Properties → "Internet headers"
  • Apple Mail: View → Message → All Headers
  • Thunderbird: View → Headers → All

What do the results show?

  • Hop path: A list of all mail servers from sender to recipient with timestamps.
  • Hop delays: The delay at each step — helps identify slow servers.
  • SPF/DKIM/DMARC: Authentication results — pass, fail, softfail, etc.
  • From/Reply-To/Return-Path: Check whether they match (important for phishing detection).
  • Message-ID: Unique ID for tracking in mail logs.

When should I use this tool?

  • An email is taking hours to arrive — find out which server is responsible.
  • Suspicious email — verify whether it passed SPF/DKIM or uses a spoofed sender.
  • Your emails are going to spam — see if SPF/DKIM/DMARC failed.
  • Troubleshooting mail server configuration.

Frequently Asked Questions

How can I tell if an email is phishing from its headers?
Check: (1) Does the "From" header match the Return-Path and envelope sender; (2) Is the SPF result "pass" and does the DKIM signing domain match the From domain; (3) Is the originating sending server a known IP/hostname. Mismatches indicate phishing or spoofing.
Why is my email taking a long time to arrive?
Look at the "hop delays" in the analysis. A hop with a delay >60 seconds is suspicious. Common causes: the receiving server is greylisting (intentional delay for spam filtering), the sending server is blacklisted, or there is network congestion.
What does "SPF softfail" in the headers mean?
It means the sending server is not explicitly listed in the domain's SPF record, but the policy is ~all (softfail) rather than -all (fail). The email is not rejected but may be flagged as spam. For tighter security, use -all.
Is it safe to share email headers?
Headers contain information about the sender, servers, and authentication results. They do not contain the body of the email. It is generally safe to share them for troubleshooting, but it is good practice to remove any personal IP addresses before making them public.
📖 Read the full guide: How to Read Email Headers →
SPF / DKIM / DMARC
SPF / DKIM / DMARC records
Blacklist Checker
Check against 20+ blacklists
SSL Checker
SSL certificate & chain check
Bulk SSL Checker
SSL check for multiple domains at once