How it works Detection Pricing Blog Contact Header Analyzer Phishing Quiz
Free Tool

Email Header Analyzer

Paste the raw headers of any email and instantly see whether it passed SPF, DKIM and DMARC, whether the visible sender matches the real one, and the path it actually travelled to reach you.

Runs 100% in your browser — headers never leave your device

Authentication results

Sender identity checks

Delivery path (oldest hop first — the top row is where the email started)

#From serverReceived byDelay
This checked one email's envelope. Phixo checks every email — content included.

Headers can't catch a convincing scam written on a clean domain. The Phixo extension scans the sender, links, and the actual language of every email you open in Gmail or Outlook — automatically.

Add to Chrome — free

How to get an email's raw headers

GmailOpen the email → click the three-dot menu → Show original → copy the whole page.
Outlook / Microsoft 365Open the email → menu → ViewView message source.
Yahoo MailOpen the email → menu → View raw message.
Apple MailOpen the email → ViewMessageAll Headers (or Raw Source).

What this tool checks

Honest limits: header analysis proves where an email came from — not whether its content is a scam. A phisher on a freshly registered domain can pass all three checks. And servers below the first trusted hop can forge earlier Received lines. Treat a failure as a strong warning; treat a pass as one good sign, not a verdict. And if you’ve already clicked a link in the email you’re checking, start with our step-by-step guide on what to do if you clicked a phishing link.

Frequently asked questions

Are my email headers uploaded to a server?

No. This tool is plain JavaScript running in your browser — nothing you paste is sent anywhere, stored, or logged. You can verify it yourself: open your browser's developer tools, watch the network tab, and click Analyze. No request fires.

If SPF, DKIM and DMARC all pass, is the email safe?

Not necessarily. Passing means the email genuinely came from the domain it claims — but scammers register their own domains with perfect authentication. A pass on paypa1-secure.com proves only that the scammer controls paypa1-secure.com. Always read the domain itself.

Why does a legitimate email fail SPF?

Usually forwarding: when a mail server forwards an email, the forwarding server isn't in the original domain's SPF record. That's exactly the problem DKIM survives (the signature travels with the message), and why DMARC accepts either one passing.

What's the difference between this and the Phixo extension?

This tool inspects one email's envelope, manually, when you think to check. The Phixo extension checks authentication automatically on every email you open — plus the things headers can't show: the links, the language, brand impersonation, and known-phishing intelligence.