Email Header Analyzers: The Ultimate Guide and 5 Tools to Use

An email header is the block of metadata that precedes the body of an email message. It contains routing information, sender and recipient addresses, timestamps, and authentication results like SPF, DKIM, and DMARC. Analyzing these headers helps you diagnose delivery problems, identify delays, and detect spam or phishing attempts.

Your email client hides most of this data by default. But when an email gets stuck, flagged as spam, or takes too long to arrive, the header is where you find the answers.

This guide explains what email headers contain, how to view them in Gmail and Outlook, and the 5 best free tools for analyzing them.

Table of Contents

• • Key Insight
• Key Terms
• What Are Email Headers?
• Common Email Header Fields
• Why Analyze Email Headers?
  • • Pro Tip
• How to View Email Headers in Gmail
• How to View Email Headers in Outlook
• Email Header Analyzer Tools
  • 1. Google Admin Toolbox Messageheader
    • Quick Summary
  • 2. MXToolbox
    • Quick Summary
  • 3. WhatIsMyIPAddress Email Header Analyzer
    • Quick Summary
  • 4. Mailheader.org
    • Quick Summary
  • 5. Gaijin Email Header Analyzer
    • Quick Summary
    • Pro Tip
• Comparison Table
• Start Here: Your Email Header Analysis Checklist
• Frequently Asked Questions
  • What is an email header?
  • How do I view email headers in Gmail?
  • How do I view email headers in Outlook?
  • Why would I need to analyze email headers?
  • What is the best free email header analyzer?
  • What is DKIM in email headers?
  • What does the Received field in an email header mean?

Key Insight

Email authentication standards have become stricter since 2024. Google, Yahoo, and Microsoft now require SPF, DKIM, and DMARC compliance for bulk senders. Header analysis is the fastest way to confirm your emails pass all three checks.

Key Terms

Email Header: The metadata block at the top of every email message containing routing, authentication, and delivery information. Email clients parse select fields (From, To, Subject, Date) for display and hide the rest.

SMTP (Simple Mail Transfer Protocol): The standard internet protocol used by mail servers to send, receive, and relay email messages between systems.

Mail Transfer Agent (MTA): A server that routes email from one system to another. Each MTA that handles a message stamps it with a Received header line recording the handoff.

SPF (Sender Policy Framework): An email authentication method that checks whether the sending server’s IP address is authorized by the domain’s DNS records.

DKIM (DomainKeys Identified Mail): An authentication protocol that attaches a cryptographic signature to outgoing emails. The recipient’s server verifies the signature against a DNS-published public key.

DMARC (Domain-based Message Authentication, Reporting, and Conformance): A policy framework built on SPF and DKIM that tells receiving servers how to handle messages failing authentication checks.

RFC 822: The original internet standard defining the format of email message headers. Updated by RFC 2822 and RFC 5322, it remains the baseline reference for header structure.

Received Header: A line added by each mail server that handles an email during delivery. Reading Received lines from bottom to top traces the message’s full path from sender to recipient.

What Are Email Headers?

Every email has three parts: an envelope (used internally for routing), a header (metadata about the message), and a body (the content you write). The header is the most useful for troubleshooting.

Header lines include the sender, recipient, subject, date, routing path, and authentication results. Your email client parses these fields and displays the basics: From, To, Subject, and Date. The rest stays hidden unless you choose to view it.

Here’s a simplified example of what a full email header looks like:

Return-Path: <sender@example.com>
Received: from mail.example.com ([192.168.1.1])
  by mx.recipient.com with ESMTP id abc123;
  Mon, 10 Mar 2026 09:15:22 -0500
Authentication-Results: mx.recipient.com;
  spf=pass; dkim=pass; dmarc=pass
From: Taylor Evans <sender@example.com>
To: Jon Smith <recipient@company.com>
Subject: Business Development Meeting
Date: Mon, 10 Mar 2026 09:15:00 -0500
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii

Common Email Header Fields

Each header field serves a specific purpose. Here are the most important ones you’ll encounter during analysis.

From: The sender’s display name and email address. This field can be spoofed, which is why SPF, DKIM, and DMARC checks exist to verify it.

To: The recipient’s email address, including any CC or BCC addresses.

Date: The timestamp when the email was composed and sent.

Subject: The subject line of the email. For tips on writing better ones, see our guide on sales email subject lines that actually work.

Received: The most critical field for troubleshooting. Each server that handles the email adds a Received line with its name, IP address, and timestamp. Read these from bottom to top to trace the message’s full path.

Authentication-Results: Shows pass/fail results for SPF, DKIM, and DMARC checks performed by the receiving server.

DKIM-Signature: The cryptographic signature attached by the sending domain’s mail server. Verifying this confirms the message wasn’t altered in transit.

MIME-Version: Indicates which version of the MIME standard the email uses for formatting.

Content-Type: Specifies whether the email body is plain text or HTML.

X-Spam-Status / X-Spam-Score: Spam filtering results assigned by the receiving server. Higher scores indicate a greater likelihood of being classified as spam.

Why Analyze Email Headers?

Header analysis answers three categories of questions about email delivery. If you want to maximize your email marketing campaign results, this information is essential.

Mail routing: How many servers handled the email? Which MTAs were involved? Did the message take an unexpected path?

Delay identification: Were there significant gaps between server handoffs? Which hop caused the delay? Received timestamps reveal this precisely.

Authentication and spam analysis: Did the email pass SPF, DKIM, and DMARC? Was it flagged as spam? If so, which server flagged it and what score did it receive?

Pro Tip

Since 2024, Google, Yahoo, and Microsoft require bulk senders (5,000+ messages/month) to pass SPF, DKIM, and DMARC. If your marketing emails are landing in spam, the Authentication-Results header field is the first place to check.

How to View Email Headers in Gmail

Follow these steps to view the full email header in Gmail:

1. Open Gmail and find the message you want to analyze.
2. Click the three vertical dots in the upper-right corner of the message.
3. Select “Show Original.”
4. Gmail displays a summary with SPF, DKIM, and DMARC results at the top, followed by the full raw header text below.
5. Copy the full header text and paste it into an analyzer tool.

Gmail’s “Show Original” view gives you a quick pass/fail summary for authentication. For deeper analysis of routing delays and server hops, paste the header into one of the tools listed below.

How to View Email Headers in Outlook

Follow these steps to view the full email header in Outlook:

1. Open Microsoft Outlook and double-click the email to open it in its own window.
2. Go to File, then Properties (or click the small arrow in the Options section of the Message tab).
3. Find the “Internet Headers” section at the bottom of the Message Options window.
4. Right-click inside the headers, select all, and copy.
5. Paste the header text into an analyzer tool.

Outlook’s header view shows the raw text only, with no built-in summary. An external analyzer tool is essential for making sense of the data.

Email Header Analyzer Tools

These tools parse raw email headers into readable reports. All five are free, and all work the same way: paste your header, click analyze, and review the results.

1. Google Admin Toolbox Messageheader

Quick Summary

Google’s own email header analyzer. It identifies delivery delays, approximate delay sources, and which server may be responsible. Free, no account required.

Google Admin Toolbox Messageheader (formerly listed as G Suite Toolbox) is the best starting point for Gmail users. It visualizes server hops and highlights delays in a clean, color-coded timeline.

The tool focuses specifically on delivery timing. It shows each hop between mail servers, the time elapsed at each, and flags any hop that introduced significant delay.

Key Features:

• Color-coded delivery delay visualization showing each server hop and time elapsed
• Identifies the approximate source (server) responsible for delays
• Part of Google’s broader Admin Toolbox, which includes DNS, MX, and log analysis tools
• No login or account required

Who Should Choose Google Admin Toolbox Messageheader:

• Gmail and Google Workspace users who need a quick, reliable first-pass analysis
• IT administrators troubleshooting delivery delays within Google’s email infrastructure
• Anyone who wants a clean visual timeline of server hops without extra complexity

Pricing: Free.

2. MXToolbox

Quick Summary

The most comprehensive email header analyzer available. MXToolbox parses headers according to RFC 822 and provides SPF, DKIM, and deliverability analysis alongside routing data.

MXToolbox goes beyond basic header parsing. It checks authentication results, blacklist status, and relay information in a single report. The tool also links directly to MXToolbox’s broader suite of DNS, DMARC, and deliverability tools.

For teams managing email at scale, MXToolbox’s paid Delivery Center adds inbox placement testing, DMARC monitoring, and bulk sender compliance checks.

Key Features:

• RFC 822-compliant header parsing with detailed field-by-field breakdown
• SPF, DKIM, and DMARC authentication result analysis
• Hop delay detection and relay information
• Links to MXToolbox’s DNS lookup, blacklist check, and DMARC monitoring tools

Who Should Choose MXToolbox:

• Email marketers and sysadmins who need comprehensive authentication and deliverability analysis
• Teams troubleshooting SPF, DKIM, or DMARC failures alongside routing issues
• Organizations that need a full email infrastructure diagnostic toolkit, not just header parsing

Pricing: Free header analyzer. Delivery Center plans from $129/month.

3. WhatIsMyIPAddress Email Header Analyzer

Quick Summary

WhatIsMyIPAddress offers a straightforward header analyzer alongside helpful educational content explaining what each header field means.

This tool is a good choice if you’re new to email headers. The site includes detailed explanations and examples of header fields alongside the analyzer itself.

The analysis output is simpler than MXToolbox’s, focusing on the core routing and sender information rather than deep authentication diagnostics.

Key Features:

• Clean, beginner-friendly interface with educational content
• Parses sender, recipient, routing, and timestamp information
• Includes reference examples of common header formats

Who Should Choose WhatIsMyIPAddress:

• Beginners who want to understand email headers while analyzing them
• Non-technical users who need a simple, no-frills tool for basic header parsing

Pricing: Free.

4. Mailheader.org

Quick Summary

Mailheader.org is a lightweight, open-source email header analyzer that displays results in a clean visual format with server hop timelines.

Mailheader.org provides a modern interface with hop-by-hop visualization. It also includes sample headers you can analyze to learn how the tool works before pasting your own.

The open-source codebase means security-conscious teams can review exactly how the tool processes header data.

Key Features:

• Visual hop-by-hop timeline with delay highlighting
• Sample header data for learning and testing
• Open-source codebase available for review

Who Should Choose Mailheader.org:

• Security-conscious users who want an open-source analyzer they can audit
• Teams that prefer a modern, visual interface over raw text output

Pricing: Free.

5. Gaijin Email Header Analyzer

Quick Summary

Gaijin is a simple email header parser that extracts and displays key fields in a readable table format.

Gaijin’s analyzer is no-frills by design. Paste a header, click analyze, and get a clean table of parsed fields. It’s a solid backup option when other tools don’t return the specific field you need.

The tool also offers additional utilities for IP lookup, DNS queries, and other network diagnostics on the same site.

Key Features:

• Simple table-based output showing all parsed header fields
• Additional network tools (IP lookup, DNS) available on the same site
• Lightweight and fast with no account required

Who Should Choose Gaijin:

• Users who want a fast, minimal tool for quick header parsing
• Anyone who needs a backup analyzer when primary tools miss specific fields

Pricing: Free.

Pro Tip

If all five tools return confusing results, try reading the raw header yourself. Look for gaps in the Received timestamps (read bottom to top). Even without coding experience, you can usually spot where a delay occurred.

Comparison Table

#	Tool	Pricing	Best Feature	Best For
1	Google Admin Toolbox Messageheader	Free	Color-coded delay timeline	Gmail/Workspace users diagnosing delays
2	MXToolbox	Free (paid plans from $129/mo)	RFC 822 parsing + SPF/DKIM/DMARC analysis	Sysadmins and email marketers
3	WhatIsMyIPAddress	Free	Educational content alongside analyzer	Beginners learning email headers
4	Mailheader.org	Free	Open-source, visual hop timeline	Security-conscious teams
5	Gaijin	Free	Simple table output, fast parsing	Quick, no-frills header checks

Start Here: Your Email Header Analysis Checklist

1. Extract the header. In Gmail, click the three dots and select “Show Original.” In Outlook, open the message properties and copy the Internet Headers.
2. Run a first-pass analysis. Paste the header into Google Admin Toolbox Messageheader to check for delivery delays and routing issues.
3. Check authentication. Paste the same header into MXToolbox to verify SPF, DKIM, and DMARC results. Fix any failures at the DNS level.
4. Trace the route. Read Received lines from bottom to top. Identify which server introduced the longest delay.
5. Monitor ongoing performance. Use EmailAnalytics to track your team’s email activity, response times, and productivity over time.

If you want to test your email deliverability before sending campaigns, try the email deliverability test from Warmy.io. For a full list of recommended tools, see our guide to the best bulk email services.

Looking for more ways to analyze your email performance? EmailAnalytics works like Google Analytics for Gmail. Once integrated, you’ll see how many emails your team sends, your average email response time, busiest hours, and more. Sign up for a free trial to see how it works.

Frequently Asked Questions

What is an email header?

An email header is the block of metadata that precedes the body of an email message. It contains routing information, sender and recipient details, timestamps, and authentication results like SPF, DKIM, and DMARC.

Email clients like Gmail and Outlook hide most header fields by default, displaying only From, To, Subject, and Date.

How do I view email headers in Gmail?

Open the message, click the three vertical dots in the upper-right corner, and select “Show Original.” Gmail displays a summary of authentication results at the top, with the full raw header below.

Copy the full header text and paste it into a tool like Google Admin Toolbox or MXToolbox for detailed analysis.

How do I view email headers in Outlook?

Double-click the email to open it in its own window. Go to File, then Properties (or click the arrow in the Options section of the Message tab). The Internet Headers section appears at the bottom.

Right-click inside the headers, select all, copy, and paste into an analyzer tool.

Why would I need to analyze email headers?

Header analysis helps diagnose delivery problems, identify routing delays, check spam scores, verify authentication (SPF, DKIM, DMARC), and detect phishing attempts. It’s essential for troubleshooting emails that bounce, arrive late, or land in spam.

What is the best free email header analyzer?

Google Admin Toolbox Messageheader is the best starting point for Gmail users. MXToolbox is the most comprehensive option, offering RFC 822 parsing, authentication checks, and links to a full email infrastructure diagnostic suite.

Both are free. Start with Google’s tool for delays, then use MXToolbox for authentication issues.

What is DKIM in email headers?

DKIM (DomainKeys Identified Mail) is an authentication method that adds a cryptographic signature to outgoing messages. The receiving server checks this signature against a public key in the sender’s DNS records.

A passing DKIM check confirms the email wasn’t altered in transit and originated from the claimed domain.

What does the Received field in an email header mean?

The Received field records each server that handled the email during delivery. Each server hop adds a new Received line with a timestamp, server name, and IP address.

Read Received lines from bottom to top to trace the full journey. Gaps between timestamps reveal exactly where delays occurred.