JPKCom DB

Mail Header Analyzer — Examples

Concrete Mail Header Analyzer walkthroughs: paste headers, read the delivery route, check authentication, upload an .eml, and read the spam score.

Back to overview: Mail Header Analyzer · Open the live tool: www.jpkc.com/tools/mail-header/

This page shows the Mail Header Analyzer through concrete walkthroughs. How the individual functions work in detail is covered in the manual — here it's about typical real-world tasks.

Example 1: Play through the sample header

Goal: get to know the tool without having an email of your own handy.

  1. In the Parse tab, click Example. The text area fills with a realistic header (a message delivered through Postfix to Google, with SPF, DKIM, DMARC, and spam headers).
  2. Click Analyze.

Result: the tool jumps to the Overview and unlocks the four analysis tabs. You see the Authentication Summary with three green badges (SPF/DKIM/DMARC pass) and the Key Fields table with From, To, Subject, and Date. From here you can click through Route, Security, and All Headers and see what a cleanly delivered message looks like — the ideal baseline for real cases.

Example 2: Analyze your own headers from Gmail

Goal: get to the bottom of a message you actually received.

  1. In Gmail, open the message → More (three-dot menu) → Show original.
  2. Copy the header block and paste it into the Parse tab's text area.
  3. Click Analyze (or Ctrl+Enter).

Result: the Overview shows the central fields. Using the copy icon next to a value, you can drop the Message-ID, say, straight onto the clipboard — handy when you need it for a support request or a log search. If a field occurs more than once, the overview shows the first match; the full list is in the All Headers tab.

Example 3: Read the delivery route and find a holdup

Goal: understand why a message arrived hours late.

  1. Paste the headers and click Analyze.
  2. Switch to the Route tab.

Result: you see the stations as a timeline from the green first hop (sender) to the blue last one (recipient). Between two hops sits the waiting time: "Held at mail-gw.example.com for 2m 14s before mx.google.com accepted it". A red gap (5 minutes and up) instantly reveals where it got stuck — often greylisting or a full queue. Below, the summary names the total transit time and the longest wait including the server. Watch the TLS marker per hop: a yellow "No TLS" flags an unencrypted leg. If a clock skew notice appears instead of a wait, the servers' clocks disagree — the real waiting time then can't be determined.

Example 4: Check SPF, DKIM, and DMARC

Goal: determine whether a message could authenticate itself.

  1. Paste the headers, Analyze, switch to the Security tab.

Result: three cards show the status. A green PASS on all three is the ideal case. A softfail or fail on SPF points to an unauthorized sending IP, a fail on DKIM to a broken signature (or a message altered in transit). If the DKIM card shows "DKIM-Signature header present (no verification result found)" with status neutral, the message does have a signature, but the receiving server didn't (visibly) verify it. If everything reads "NOT FOUND", the message contained no authentication results — typical for internal or very old messages. Below the cards, Raw Authentication-Results shows the unfiltered original string if you need the detail.

Example 5: Upload a .eml file

Goal: analyze a message stored as a file without copying headers out.

  1. In the Parse tab, click Upload and pick a .eml or .txt file — or drag the file straight onto the text area.
  2. That's it.

Result: the tool reads the file locally, strips the body at the first blank line, and analyzes only the headers. A notice reports the number of header lines loaded and whether a body was removed, then you land in the Overview. The file is not uploaded — everything happens in the browser.

Example 6: Read the spam score

Goal: see whether a spam filter flagged the message.

  1. Paste the headers of a message that passed through a SpamAssassin-style filter, Analyze, Security tab.

Result: the Spam Analysis card shows the score from X-Spam-Score or X-Spam-Status. The color places it: up to 0 green (clean), under 5 yellow, 5 and above red — with these filters a higher value means more spam suspicion. So a negative score like -2.1 is a good sign. The card additionally lists X-Spam-Flag and X-Spam-Level if present. If all spam headers are missing, it reads "No spam-related headers found." — then the receiving server either checked nothing or didn't write the results into the headers.

Example 7: Search, copy, and save headers

Goal: find a specific header and pass the raw data on.

  1. After the analysis, switch to the All Headers tab.
  2. Type received, say, into the search field — the table narrows to matching rows.
  3. Grab a single value via its copy icon, click Copy All for the complete raw text, or use Download to save the file email-headers.txt.

Result: you have the headers at hand — for instance to pass them to a host or attach them to a ticket. Because this tab shows duplicates in full, you'll also find here all the Received lines the overview summarizes.

More on the individual functions is in the manual; strategic notes and pitfalls are in the tips & tricks. To dive straight in, open the tool.