Email Analyzer
Detect spoofing and phishing
Email Analyzer: Detect Phishing from Headers
Email headers reveal the true origin and route of a message. Our analyzer parses SPF, DKIM, DMARC, hop-by-hop delivery, and identifies phishing signals invisible to the untrained eye.
Paste the full raw headers of the email (View Original in Gmail, View Message Source in Outlook) and get a security report: SPF/DKIM/DMARC authentication, IP reputation, spoofing detection, and origin geolocation.
Essential for security teams, journalists, and anyone who wants to verify if a suspicious email is legitimate before clicking or sharing information.
How does it work?
- 1Extract email headers
In Gmail: More menu > Show original. In Outlook: File > Properties > Internet headers.
- 2Paste the complete headers
Copy the entire header block (from Received: to X-...) into the analysis field.
- 3Review the results
You'll see authentication (PASS/FAIL), hop chain, source IPs, and specific phishing warnings.
Frequently Asked Questions
SPF verifies the sending IP is authorized for the domain. DKIM verifies the message wasn't tampered with in transit. DMARC combines both and defines what to do if they fail. All three PASS = legitimate email.
The From: field is trivially forgeable. However, Received: fields are added by the traversing servers and are hard to falsify without controlling those servers. That's why SPF/DKIM/DMARC exist.
No. Everything is processed in your browser. Headers never leave your device. You can inspect the network traffic to verify no data is sent.