Stephen Harrison 🗓️ Updated ⏱️ — 📝 —


Authentication Results Header Checker – Decode SPF, DKIM & DMARC in Plain English

If an email feels “almost right” but something’s off, the fastest way to sanity-check it is in the headers, especially the authentication results line. On the Authentication Results Header Checker tool, you can paste raw headers and get a clear, plain English readout of SPF, DKIM, and DMARC, plus the most common red flags (like mismatched From, Reply-To, or Return-Path).

The goal is simple, to help you decide what to do next — trust it, verify it safely, or treat it as suspicious, without jargon, panic, or uploading your email anywhere.


Authentication Results Header Checker (Email Header Analyser)

Paste raw email headers to spot common red flags (spoofing, mismatched domains, suspicious routing) and to understand key authentication checks like SPF, DKIM and DMARC. Everything runs locally in your browser — nothing is uploaded.

Privacy-first (offline) 🧾 Plain-English summary 🛡️ SPF/DKIM/DMARC parsing 📋 Copyable report

1) Paste raw headers

0 lines 0 chars
Where to find raw headers: In most email apps, open the message → look for More / View original, Show source or Message details. Copy everything under “Headers” (not the message body).

2) Results

No analysis yet
Paste headers

Paste the raw headers on the left and click Analyze headers to see an authentication summary and red-flag checks.

    Authentication checks (SPF, DKIM, DMARC)
    Run an analysis to populate this section.
    Routing & originating IP (Received chain)
    Run an analysis to populate this section.
    Red flags found
    Run an analysis to populate this section.
    What to do next (safe steps)
    • If anything looks off, don’t click links or open attachments yet.
    • Verify via a trusted channel (type the company’s website manually, call a known number, or reply using a verified address).
    • Use your provider’s Report phishing feature (Outlook, Gmail, etc.) so they can investigate.
    • If this is a work account, forward the message to your IT/security team with full headers.

    Tip: A pass on SPF/DKIM/DMARC helps, but it doesn’t guarantee the email is safe. Attackers can still send “legitimate-looking” mail from compromised accounts.

    Privacy note: This tool analyzes headers in your browser only. Still, don’t paste personal message content.

    Was this page helpful?

    Helpful: —



    Share