← All toolsClient-side

Email Header Analyzer

Paste raw email headers to see authentication results, delivery path, DKIM signatures, and any red flags, instantly.

Your headers are parsed entirely in your browser. Nothing is sent to our servers.

Parsed in your browser, no account required. Track authentication failures across all your mail.

See plans →

How to read email authentication results

Every email carries authentication results in its headers, specifically the Authentication-Results header added by the receiving server. It's the same data you'd see clicking "View Original" in Gmail, but the raw format is dense and non-obvious. This tool parses those headers and breaks down exactly what passed, what failed, which domain each result applies to, and what it means for deliverability. No account required, processed in your browser.

What you can see in email headers

  • DMARC result:whether the message passed DMARC and which alignment path it took (DKIM or SPF)
  • DKIM result:whether the signature verified and which domain signed the message
  • SPF result:whether the sending IP was authorized by the domain's SPF record
  • Delivery path:each hop the message took, with timestamps and server identifiers

Frequently asked questions

How do I read email headers?
In Gmail, open a message and click the three-dot menu, then “Show original.” In Apple Mail, open View, then Message, then All Headers. Copy the full header block and paste it into the analyzer above. The tool extracts and explains every field; no need to parse the raw text manually.
What is the Authentication-Results header?
It's a header added by the receiving mail server that records the outcome of every authentication check it ran: DMARC, DKIM, and SPF, along with the domain each check applied to. It's the receiving server's own record of what it verified, which makes it the most reliable source for debugging authentication failures on a specific message.
How do I find DMARC results in email headers?
Look for the Authentication-Results header. It will contain a line starting with dmarc= followed by pass, fail, or none. The analyzer above extracts this automatically, but if you're reading raw headers, search for “dmarc=” and check the value and the header.from domain it evaluated.

Seeing authentication failures across multiple messages?

Checking individual headers tells you what happened to one email. DMARCdrift shows you which senders are causing DMARC failures across all the mail your domain receives, aggregated, tracked over time, with alerts when something changes.

Get started free →

Spot authentication failures before your customers do. Free monitoring.

See plans →