Email header analyzer tool for detailed email insights
Whether you’re running a business or working solo, keeping your inbox safe from scams and phishing is more important than ever. One smart way to do this is by checking email headers — they tell you where the email actually came from. But reading these email headers isn’t an easy process and honestly time takes a lot of time
That is where Mailmodo Email Header Analyzer comes in, it quickly breaks down those complex headers to help you identify threats and suspicious emails before they cause harm.
How to use this Mailmodo email header analyzer tool
- Open up the email you want to analyze and search for options like "show original " or "view message".
Note: The exact wording for this feature can vary depending on your email client, but it’s usually found in a dropdown menu that indicates additional settings.
Copy the entire email header and paste it into email header analyzer text box
Click on the analyze button. You will instantly get information on the email sender like common headers, authentication information (like SPF, DKIM, and DMARC), server paths, and more.
How to copy email headers from different email clients
As mentioned above, to use this tool, you will first need to get complete header information of the email you want to analyze. However, if you’re still unsure how to do this or couldn’t find it following the previous instructions, below is a step-by-step guide on how you can find it in popular email clients.
Gmail ( Web)
Open the email you want to analyze.
Click the three vertical dots (⋮) in the top-right corner of the email.
Select “Show original” from the dropdown menu.
A new tab will open showing the raw email data.
Click “Copy to clipboard” to copy the full email header.
Outlook (Web)
Open the email in your Outlook web inbox.
Click the three horizontal dots (•••) in the upper-right corner.
Choose “View message source” to display the full header and message source.
Select and copy the header section.
Outlook (Desktop App)
Open the email in the Outlook desktop application.
Click “File” in the top menu.
Select “Properties.”
In the new window, look for the “Internet headers” box, that’s where the email header is located.
Highlight and copy the entire content from the box.
Apple Mail
Open the email in the Apple Mail app.
Click on the “View” menu at the top of your screen.
Choose “Message” > “All Headers.”
The header details will now be visible. Copy the entire text.
Yahoo Mail
Open the email in your Yahoo Mail inbox.
Click the three dots (•••) in the upper-right corner of the message.
Select “View raw message.”
Copy the header information displayed.
What key details the analyzer extracts from your header
| Parameter | Description |
|---|---|
| Subject | The subject line of the email. |
| Message Id | Unique identifier for the email message. |
| Creation time | When the email was created or sent. |
| From | Sender’s email address. |
| To | Recipient’s email address. |
| List-Unsubscribe | URL or email address used to unsubscribe from mailing lists. |
| SPF | Sender Policy Framework results to verify sender’s domain. |
| DKIM | DomainKeys Identified Mail signature verification results. |
| DMARC | Domain-based Message Authentication, Reporting & Conformance status. |
| ARC | Authenticated Received Chain headers for email authentication. |
Common Headers:
| Parameter | Description |
|---|---|
| delivered-to | Final recipient’s email address. |
| return-path | Address where bounces are sent. |
| content-type | Type and format of the email content. |
| date | Date and time the email was sent. |
| from | Sender’s email address. |
| mime-version | MIME version used in the email. |
| message-id | Unique message identifier. |
| subject | Email subject line. |
| auto-submitted | Indicates if the message was auto-generated. |
| to | Recipient’s email address. |
Authentication Headers:
| Parameter | Description |
|---|---|
| delivered-to | Final recipient’s email address. |
| return-path | Address where bounces are sent. |
| content-type | Type and format of the email content. |
| date | Date and time the email was sent. |
| from | Sender’s email address. |
| mime-version | MIME version used in the email. |
| message-id | Unique message identifier. |
| subject | Email subject line. |
| auto-submitted | Indicates if the message was auto-generated. |
| to | Recipient’s email address. |
Server Headers:
| Parameter | Description |
|---|---|
| x-sg-id | SendGrid message ID (if sent via SendGrid). |
| x-sg-eid | SendGrid event ID. |
| x-received by | Server that received the email. |
| x-google-smtp-source | Google SMTP source information. |
| x-entity-id | Entity identifier used by some servers. |
| received from | Server details where the email originated. |
| received by | Server details where the email was received. |
What suspicious signs to look for in your analysis report
When you analyze an email header, there are several red flags to watch out for. One common sign is failing authentication checks like SPF, DKIM, or DMARC, which verify whether the sender is authorized to use the domain. Mismatches between these results and the sender’s information can indicate spoofing. Additionally, irregular ‘Received’ paths that route through unknown or unrelated servers raise suspicion.
Other signs include inconsistent timestamps, missing headers, or unusual geographic locations of sending servers. These anomalies can suggest tampering or attempts to hide the true source of the email. Being aware of these signs allows you to better protect yourself from phishing and other malicious email attacks.
When analyzing an email header, there are several key red flags you need to watch out for to spot suspicious activity. These include:
Authentication failures: Checks like SPF, DKIM, and DMARC verify if the sender is authorized to use the domain. If these fail or don’t match the sender’s information, it’s often a sign of spoofing.
Irregular ‘Received’ paths: Emails routing through unknown or unrelated servers can indicate the message was tampered with or sent from a hidden source.
Other suspicious signs: Inconsistent timestamps, missing headers, or unusual geographic locations of sending servers. These anomalies may suggest attempts to hide the true origin of the email or tamper with its delivery.
What steps to take after identifying a suspicious email source
If you identify any suspicious email, here are some steps you can take right away:
Avoid interaction: Don’t click on any links or download attachments in the email to prevent potential harm.
Report: Notify your IT or security team immediately so they can investigate and respond appropriately.
Mark as spam or phishing: Use your email client’s options to label the message, helping improve spam filters and detection algorithms.
Block the sender: Consider blocking the sender’s IP address or domain through your firewall or email gateway to stop further emails from that source.
Review logs: Check your system logs to see if similar emails have been received or if any security breaches have occurred.
