Instantly diagnose email delivery issues, detect spoofing attempts, and verify SPF, DKIM, and DMARC authentication. Upload an email header or EML file to analyze routing, delays, and security risks in seconds.
Paste a header or upload an .eml, .txt, or .msg file to get started.
The Email Header Analyzer parses raw email headers to evaluate SPF, DKIM, and DMARC authentication, routing paths, and spoofing signals.
Use it to determine whether an email was legitimately sent by the domain it claims to come from.
Parses Authentication-Results for SPF, DKIM, and DMARC pass/fail status.
Traces Received hops to identify the sending IP and mail path.
Highlights alignment failures and suspicious routing patterns.
Structured summary table plus expandable raw headers.
Paste raw headers or upload a .eml / .txt file (up to 10 MB).
Extracts DKIM-Signature and Authentication-Results including folded headers.
Checks SPF/DKIM/DMARC pass status and alignment with the From domain.
Shows Received hops, sender IP, and security signals like MTA-STS presence.
SPF, DKIM, and DMARC all passed, strong evidence the sender is authentic.
Some authentication passed but not all three, investigate before trusting the email.
Authentication failed, the sender may not be who they claim. Treat with caution.
SPF, DKIM, and DMARC results with alignment status for each.
Sender IP, applied DMARC policy, reporter, and alignment modes.
Each Received header with source IP and hostname.
Whether MTA-STS, TLS-RPT, BIMI, and auth records are present on the domain.
In Gmail, use Show original → Copy to get complete Authentication-Results headers.
Pass is not enough, verify SPF and DKIM domains align with the From address.
Legitimate senders use consistent IPs and authentication patterns over time.
At minimum: From, Authentication-Results, DKIM-Signature, and Received. Full source is best.
Folded Authentication-Results headers can cause parsing issues, this tool handles RFC822 folding correctly.
No. A compromised account or lookalike content can still pass authentication.
Yes. Upload .eml, .txt, or .msg files up to 10 MB.
SPF/DKIM domains must match the From domain (strict or relaxed) for DMARC to pass.
SenderSignal monitors these signals continuously: 48 blacklists, SPF, DKIM, DMARC, TLS and more, with alerts in Slack, email and signed webhooks.