# Mail Header Analyzer — Examples

> Concrete Mail Header Analyzer walkthroughs: paste headers, read the delivery route, check authentication, upload an .eml, and read the spam score.

Source: https://www.jpkc.com/db/en/tools/mail-header/examples/

Back to overview: [Mail Header Analyzer](https://www.jpkc.com/db/en/tools/mail-header/) · Open the live tool: [www.jpkc.com/tools/mail-header/](https://www.jpkc.com/tools/mail-header/)

This page shows the **Mail Header Analyzer** through concrete walkthroughs. How the individual functions work in detail is covered in the [manual](https://www.jpkc.com/db/en/tools/mail-header/manual/) — here it's about typical real-world tasks.

## Example 1: Play through the sample header

Goal: get to know the tool without having an email of your own handy.

1. In the **Parse** tab, click **Example**. The text area fills with a realistic header (a message delivered through Postfix to Google, with SPF, DKIM, DMARC, and spam headers).
2. Click **Analyze**.

**Result:** the tool jumps to the **Overview** and unlocks the four analysis tabs. You see the Authentication Summary with three green badges (SPF/DKIM/DMARC `pass`) and the Key Fields table with From, To, Subject, and Date. From here you can click through Route, Security, and All Headers and see what a cleanly delivered message looks like — the ideal baseline for real cases.

## Example 2: Analyze your own headers from Gmail

Goal: get to the bottom of a message you actually received.

1. In Gmail, open the message → **More** (three-dot menu) → **Show original**.
2. Copy the header block and paste it into the Parse tab's text area.
3. Click **Analyze** (or <kbd>Ctrl</kbd>+<kbd>Enter</kbd>).

**Result:** the Overview shows the central fields. Using the copy icon next to a value, you can drop the `Message-ID`, say, straight onto the clipboard — handy when you need it for a support request or a log search. If a field occurs more than once, the overview shows the first match; the full list is in the **All Headers** tab.

## Example 3: Read the delivery route and find a holdup

Goal: understand why a message arrived hours late.

1. Paste the headers and click **Analyze**.
2. Switch to the **Route** tab.

**Result:** you see the stations as a timeline from the green first hop (sender) to the blue last one (recipient). Between two hops sits the waiting time: "Held at *mail-gw.example.com* for *2m 14s* before *mx.google.com* accepted it". A **red** gap (5 minutes and up) instantly reveals where it got stuck — often greylisting or a full queue. Below, the summary names the **total transit time** and the **longest wait** including the server. Watch the TLS marker per hop: a yellow "No TLS" flags an unencrypted leg. If a **clock skew** notice appears instead of a wait, the servers' clocks disagree — the real waiting time then can't be determined.

## Example 4: Check SPF, DKIM, and DMARC

Goal: determine whether a message could authenticate itself.

1. Paste the headers, **Analyze**, switch to the **Security** tab.

**Result:** three cards show the status. A green `PASS` on all three is the ideal case. A `softfail` or `fail` on SPF points to an unauthorized sending IP, a `fail` on DKIM to a broken signature (or a message altered in transit). If the DKIM card shows "DKIM-Signature header present (no verification result found)" with status *neutral*, the message does have a signature, but the receiving server didn't (visibly) verify it. If everything reads "NOT FOUND", the message contained no authentication results — typical for internal or very old messages. Below the cards, **Raw Authentication-Results** shows the unfiltered original string if you need the detail.

## Example 5: Upload a `.eml` file

Goal: analyze a message stored as a file without copying headers out.

1. In the Parse tab, click **Upload** and pick a `.eml` or `.txt` file — or drag the file **straight onto the text area**.
2. That's it.

**Result:** the tool reads the file locally, strips the body at the first blank line, and analyzes only the headers. A notice reports the number of header lines loaded and whether a body was removed, then you land in the Overview. The file is **not** uploaded — everything happens in the browser.

## Example 6: Read the spam score

Goal: see whether a spam filter flagged the message.

1. Paste the headers of a message that passed through a SpamAssassin-style filter, **Analyze**, **Security** tab.

**Result:** the **Spam Analysis** card shows the score from `X-Spam-Score` or `X-Spam-Status`. The color places it: up to 0 green (clean), under 5 yellow, 5 and above red — with these filters a higher value means more spam suspicion. So a negative score like `-2.1` is a good sign. The card additionally lists `X-Spam-Flag` and `X-Spam-Level` if present. If all spam headers are missing, it reads "No spam-related headers found." — then the receiving server either checked nothing or didn't write the results into the headers.

## Example 7: Search, copy, and save headers

Goal: find a specific header and pass the raw data on.

1. After the analysis, switch to the **All Headers** tab.
2. Type `received`, say, into the search field — the table narrows to matching rows.
3. Grab a single value via its copy icon, click **Copy All** for the complete raw text, or use **Download** to save the file `email-headers.txt`.

**Result:** you have the headers at hand — for instance to pass them to a host or attach them to a ticket. Because this tab shows duplicates in full, you'll also find here all the `Received` lines the overview summarizes.

---

More on the individual functions is in the [manual](https://www.jpkc.com/db/en/tools/mail-header/manual/); strategic notes and pitfalls are in the [tips & tricks](https://www.jpkc.com/db/en/tools/mail-header/tips/). To dive straight in, open the [tool](https://www.jpkc.com/tools/mail-header/).