Email Header Analyzer
Parse email headers, trace relay hops, and check SPF/DKIM/DMARC authentication results.
Examples
Click to load a sample header set
Legitimate email (SPF/DKIM/DMARC all pass)
Phishing email (DKIM fail, SPF softfail, Reply-To mismatch)
How it works
Email headers are parsed by unfolding continuation lines (lines beginning with whitespace), then splitting each header into name and value at the first colon.
Relay hops are extracted from all Received: headers. The bottom-most header represents the earliest hop (sender's server); the topmost is the final delivery server.
SPF (Sender Policy Framework) verifies that the sending IP is authorised to send mail for the domain. DKIM validates a cryptographic signature on the message. DMARC ties SPF and DKIM together with a policy for handling failures.