Paste raw email headers to find out if an email genuinely came from who it claims. We check SPF, DKIM, and DMARC and explain the results in plain English.
Analyze Email Headers FreeGmail
Open email → three-dot menu (⋮) → "Show original" → copy all text
Outlook
Open email → File → Properties → copy "Internet headers" box
Apple Mail
Open email → View → Message → All Headers → select and copy
In Gmail: open the email, click the three dots menu, select "Show original". In Outlook: open the email, click File > Properties, copy the "Internet headers". In Apple Mail: with the email open, click View > Message > All Headers. Copy everything in the header section and paste it into SafeSearchScan's Email Header Analyzer.
Email spoofing is when an attacker sends an email that appears to come from a legitimate address (like your bank or a colleague) but actually originates from a completely different server. The "From" name in your email client can be set to anything — it doesn't prove authenticity. Email headers reveal the actual sending server, which is much harder to fake.
SPF fail means the email was sent from a server not authorised to send for that domain. DKIM fail means the email's cryptographic signature is invalid or missing — the content may have been tampered with. DMARC fail means the domain owner's policy wasn't satisfied. Any of these failures strongly suggests the email did not genuinely come from who it claims.
The "From" display name and even the From address in some clients can be set to anything. However, the Received headers — which show the chain of servers the email passed through — are added by each server and are much harder to forge. DKIM signatures are cryptographically verifiable. Our analyzer checks these technical records, not just the display name.
Paste headers from any suspicious email and get a plain English verdict in seconds.
Analyze Email Headers