Message headers

Browser-side only

Header Analyzer

Parse raw message headers locally to summarize SPF, DKIM, DMARC and alignment clues.

Health score--Browser-side only

Signal checklist

The result summarizes authentication signals, detected domains and privacy-safe warnings.

Header Analyzer

Paste message headers in the browser to inspect Authentication-Results, Received-SPF and DKIM-Signature lines locally.

Methodology

Result

Paste raw message headers before running the analyzer.

Support

Keep this free result available

Use the result first. Support and promotional areas stay separate from the useful result.

  • Useful result first
  • No signup required
  • Promotions kept separate
Choose an amount before the secure payment page opens.

Guide and interpretation

How to use this check

Paste message headers in the browser to inspect Authentication-Results, Received-SPF and DKIM-Signature lines locally.

The analyzer unfolds header lines in the browser and extracts only authentication status clues for display.

How to interpret the result

Authentication-Results from the receiving system is usually more trustworthy than a sender-provided claim.

Example

A header with spf=pass dkim=pass dmarc=pass and aligned From/Return-Path domains is generally healthier.

Common issues and next steps

Forwarding and mailing lists can change Return-Path or body signatures, causing SPF or DKIM to fail.

Compare Authentication-Results, From, Return-Path and DKIM d= domains before changing DNS.

Methodology and limits

Headers can contain personal addresses and message IDs; the free analyzer never sends them to an API.

FAQ

Are pasted headers uploaded?

No. Header analysis runs in the browser and does not use localStorage, sessionStorage or a product API.

Can this prove a message is legitimate?

No. Header analysis is one signal and must be combined with sender, content and account context.