/ developer & network toolbox
← all tools

$ hdr

runs locally

Email Header Analyzer

Paste raw email headers to see the delivery hop timeline with delays, SPF/DKIM/DMARC results and key fields. All local.

headers — invoker.tools

Parsed entirely in your browser — headers can expose internal hosts and IPs, so nothing is sent anywhere.

About the Email Header Analyzer

The email header analyzer takes the raw headers from a message and turns them into a readable delivery timeline. Paste the headers from Gmail's Show original or Outlook's View source view, and it parses every Received hop, calculates the delay at each step and the total transit time, and shows the originating source IP. It also surfaces SPF, DKIM and DMARC authentication results plus key and spam or filter headers.

Use it to investigate why a message was delayed, trace where an email actually came from, or check whether authentication passed when troubleshooting deliverability or suspected spoofing. Everything runs entirely in your browser, so the headers you paste are never uploaded to a server.

How to use it

  1. Open the message and copy its raw headers (Gmail: Show original; Outlook: View source / message options).
  2. Paste the headers into the input box.
  3. Run the analysis to parse the Received hops into a timeline.
  4. Review per-hop delays, total transit time and the source IP.
  5. Check the SPF, DKIM and DMARC results and any spam or filter headers.

Examples

  • Paste headers from a slow email and find a single hop that added several minutes, pinpointing where the delay occurred.
  • Trace a suspicious message back to its source IP and see that SPF and DKIM both failed, a sign of possible spoofing.
  • Confirm a newsletter passed DMARC and moved through each relay quickly with low per-hop delays.

Frequently asked questions

What are email headers?

Email headers are the metadata at the top of every message that record its path, sender, authentication results and processing notes. The Received lines in particular log each server the message passed through.

How do I get the raw headers from my email?

In Gmail open the message, click the menu and choose Show original. In Outlook open the message and use View source or message options to see the internet headers, then copy the text.

Is it safe to paste email headers here?

Yes. The analyzer runs entirely in your browser using client-side code, so the headers you paste are never sent to or stored on any server.

How is the source IP determined?

The tool reads the chain of Received headers and identifies the earliest external hop, which typically corresponds to the originating mail server's IP address.

Why do the per-hop delays sometimes look wrong?

Delays are calculated from the timestamps each server records, and clocks are not always perfectly synchronized. Large or negative gaps usually reflect clock skew rather than an actual delay.

Can I use this to detect spoofed or phishing email?

It helps. By showing the real source IP and the SPF, DKIM and DMARC results, the analyzer makes it easier to spot when a message's claimed sender does not match its actual origin.

More email / dns tools

SPF CheckerDMARC CheckerMX LookupDKIM Checker