1. Home
  2. Products
  3. Email headers analyser

Email Headers Analyzer

Trace the IP address from an email as well as information about its sender, recipient(s), servers, and more.

Upload an email message file in EML or Outlook MSG format by either:

  • dragging and dropping the email directly from an app like Thunderbird or Outlook.
  • Downloading and saving the message from a desktop mail application or even a web client (like Gmail).

Header analysis is only possible if the email was received from someone. Self-created EML/MSG files will not contain any headers for analysis.

Introducing the Innovative Email Headers Analyzer Application

In the digital age, emails have become an indispensable part of our lives, serving as a primary mode of communication for personal and professional purposes. However, not many people are aware of their hidden details and the journey they make while traversing the internet. Our advanced Email Headers Analyzer application is designed to reveal the secrets hidden within such message files, providing users with valuable insights and enhancing their understanding of delivery processes.

What is an email header?

An email header is a block of text that contains metadata about an email message. It includes technical information about the message, such as the sender's and recipient's mail addresses, date and time stamps, the subject line, and other details about the message's delivery, routing, and content type. The header is usually hidden from view in most email clients but can be easily accessed by specialized tools like our email headers analyzer. The headers are important for troubleshooting issues, verifying the authenticity of messages, and tracking the path of the message from the sender to the recipient.

What information is usually contained in a header?

From:the sender's name and address
To:the recipient's name and address
Subject: a short description of the main idea of the message contents
Date:date and time the message was sent
Message-ID:its unique identification number
MIME-Version: the version of the MIME (Multipurpose Internet Mail Extensions) protocol used to send the message
Content-Type:the type of content, for example, text or HTML
Reply-To:email address to which replies can be sent
CC/BCC: carbon copy and/or blind carbon copy with names and addresses of the recipients who will get the copy of the document either with or without other recipients knowing about it
Received: Details about the servers that the message moved through on its way to the intended recipient

How Does the Application Work?

A mail file, being uploaded for analysis, is securely transmitted to our server. Our server utilizes a specialized library for reading message files, supporting a wide range of email formats. This ensures that users' files are read accurately, as the library is well-established, widely used, and has had numerous bugs resolved over time, guaranteeing the highest level of file support.

Users can be confident about the safety of their files, as our application does not store them on disk or share them with any third parties. The analyzer instantly reads their headers and promptly deletes the file from memory. Currently, the application focuses on headers containing information about the servers involved in the mail transmission.

Typically, messages do not travel directly from the sender to the recipient, but rather pass through multiple intermediate servers. The information about these servers can be quite useful, and our application not only displays the list of these servers but also gathers as much additional information as possible. For each server, the application obtains its IP address and domain name (if available). Based on the IP address, we strive to determine the server's geographical location, allowing us to construct a geographical route of your email's journey.

Additionally, for every domain name, we retrieve the Whois information, enabling users to find out how long the domain has been registered, identify its owner, registrar, and other useful details. All the obtained information is displayed on a map and as a list of servers. Users can explore each server in more detail by simply clicking on the desired server or using their mouse.

To enhance user experience, the server being viewed at any given moment will be highlighted on the map in a different color. This makes it easier to track the email's journey and learn more about the infrastructure that supports our daily communication.


What can the Application do?

Check a mail message for authenticity

By tracing IP addresses and examining sender domains and authentication information, the app can quickly determine if the content is from a legitimate source or not. This is particularly useful for people and organizations that want to identify and remove spam quickly and avoid receiving other unwanted or irrelevant information.

Identify domain names of servers

Our app can identify the domain names of servers that the message passed through on its way from a sender to a recipient. It searches for the owner of the domain name in the public database Whois and displays it on the screen. This way, you can discover the source of the document.

Detect server issues

It helps users detect and investigate server problems, such as mail delivery failures, spam filtering issues, phishing attacks, etc. This information can help resolve problems with a server, thus, improving email performance for effective infrastructure and message delivery management.

Manage Your Mail Efficiently

If you are looking for a way to manage your mail more efficiently, then our analyzer is a must-have tool either for individual or business purposes. It is a powerful tool for those who want to gain insights into the world of mail transmission. By unveiling the hidden information within its headers, users can better understand the complex processes that occur behind the scenes, ensuring a more comprehensive and informed approach to email management.

Our application works for headers from different clients, including Gmail, Outlook, and Thunderbird.

Why analyzing email route is important?

Analyzing the route of an email is important for several reasons. Here are few examples:

  • Identifying the Sender: Analyzing the email headers can help identify the real sender of an email. This can be useful in cases where the sender's email address may be spoofed or misleading. For example, an email claiming to be from "someone@gmail.com" could be identified as suspicious if the email headers reveal that it actually originated from a different domain.
  • Understanding the Sender's Infrastructure: The email headers can reveal information about the sender's email server and the path the email took to reach the recipient. This can provide insights into the sender's IT infrastructure, which can be useful for troubleshooting technical issues or for understanding the sender's technical capabilities.
  • Detecting Phishing Attempts: Many phishing attempts involve spoofed email addresses. By analyzing the email headers, recipients can potentially identify these attempts and avoid falling for these scams.
  • Identifying the Geographical Location: Sometimes, the IP addresses in the email headers can be used to identify the geographical location of the sender or the servers the email passed through. This can be useful in certain investigative or forensic contexts.

Email Header analyzis and security

Analyzing email headers can be an important part of maintaining email security. By understanding the path an email took to reach its recipient, users can identify potential security threats, such as unauthorized relays, suspicious domains, or other signs of malicious activity.

There is a well known issue with email encryption. Unfortunately, email servers usually do not use end-to-end encryption algorithms. They use Transport Layer Security instead. But what does it mean to the user?

It means that the email is encrypted only while it is being transmitted between two email servers. Once it reaches the server, it is decrypted and reencrypted again, to be sent to the next one. This process is repeated until the email reaches the final recipient.

This is where the email headers come into play. They contain information about the servers that the email passed through. By analyzing these headers, users can identify any potential security threats or attacks, which can be useful in protecting their personal or business data.

However, it is important to note that while it is a potential vulnerability, attacks of this nature are relatively rare and TLS encryption still provides a significant level of security. But, it is always better to be safe than sorry.

How it works

How do I use Email Headers Analyzer?


Save the message to a file

Save the email you want to trace from the mail client to disk in eml or msg format.


Open the app.

Open the analyzer tool in your web browser.


Upload the message

Click the Upload email message button. Find the previously saved file on the disk with eml or msg extension, and hit Open.


Wait for results

Wait for the tool to analyze the content and generate a report that displays all fields of the email header.

Frequently asked questions

Find answers to your questions about the app

Why do I need to use an Email Header Analyzer?

Email Header Analyzers can help you identify the source of an email message, check for signs of spamming or phishing, and verify the authenticity of an email. It can also help in identifying any potential security threats or attacks, which can be useful in protecting your personal or business data.

How do I find malicious emails?

To find malicious emails, you can look for any suspicious activity in the email header. Check for any mismatches in the sender's IP address, domain name, or email client used to send the message. You can also check for any unauthorized modifications to the email header, such as changes to the email's route or authentication mechanisms used in transmission. By analyzing the email header with our Email Header Analyzer, you can identify any potential security threats or attacks and take appropriate action to protect your personal or business data.

How do I track an email source?

Follow the steps described in the "HOW IT WORKS" section on the main page of our Email Headers Analyzer application. Upload the file and analyze the header information provided by the tool. Look for the sender's IP address, domain name, and email client used to send the message. Use the sender's IP address to determine the approximate location of the sender using a geolocation tool.

Do email headers contain IP address?

Yes, the email header information includes the IP address of the email server that sent the message. The IP address can be used to identify the approximate location of the sender, which can be useful in determining the authenticity of the email and detecting any potential security threats or attacks.