Email Header Parser
Parse raw email headers to extract routing, authentication, and spoofing indicators
/v1/email/headers
curl -X POST "https://email.toolkitapi.io/v1/email/headers" \
-H "Content-Type: application/json" \
-H "x-api-key: YOUR_API_KEY" \
-d '{"raw_headers": "From: [email protected]\nTo: [email protected]\nSubject: Test Email\nDate: Mon, 14 Apr 2026 12:00:00 +0000\nMessage-ID: <[email protected]>\nReceived: from mail.toolkitapi.io (mail.toolkitapi.io [93.184.216.34]) by mx.example.org with ESMTPS; Mon, 14 Apr 2026 12:00:00 +0000\nAuthentication-Results: mx.example.org; spf=pass; dkim=pass; dmarc=pass"}'
import httpx
resp = httpx.post(
"https://email.toolkitapi.io/v1/email/headers",
json={"raw_headers": "From: [email protected]\nTo: [email protected]\nSubject: Test Email\nDate: Mon, 14 Apr 2026 12:00:00 +0000\nMessage-ID: <[email protected]>\nReceived: from mail.toolkitapi.io (mail.toolkitapi.io [93.184.216.34]) by mx.example.org with ESMTPS; Mon, 14 Apr 2026 12:00:00 +0000\nAuthentication-Results: mx.example.org; spf=pass; dkim=pass; dmarc=pass"},
)
print(resp.json())
const resp = await fetch("https://email.toolkitapi.io/v1/email/headers", {
method: "POST",
headers: {
"Content-Type": "application/json",
},
body: JSON.stringify({"raw_headers": "From: [email protected]\nTo: [email protected]\nSubject: Test Email\nDate: Mon, 14 Apr 2026 12:00:00 +0000\nMessage-ID: <[email protected]>\nReceived: from mail.toolkitapi.io (mail.toolkitapi.io [93.184.216.34]) by mx.example.org with ESMTPS; Mon, 14 Apr 2026 12:00:00 +0000\nAuthentication-Results: mx.example.org; spf=pass; dkim=pass; dmarc=pass"}),
});
const data = await resp.json();
console.log(data);
# See curl example
{
"subject": "Test Email",
"from_address": "[email protected]",
"to_address": "[email protected]",
"date": "Mon, 14 Apr 2026 12:00:00 +0000",
"message_id": "<[email protected]>",
"return_path": null,
"received_hops": [
{
"index": 0,
"from_host": "mail.toolkitapi.io",
"by_host": "mx.example.org",
"timestamp": "Mon, 14 Apr 2026 12:00:00 +0000",
"delay_seconds": null,
"protocol": "ESMTPS"
}
],
"auth_results": [
{"method": "SPF", "result": "pass", "detail": null},
{"method": "DKIM", "result": "pass", "detail": null},
{"method": "DMARC", "result": "pass", "detail": null}
],
"originating_ip": "93.184.216.34",
"total_delivery_time_seconds": null,
"spoofing_risk": "low",
"header_count": 7
}
Description
How to Use
1. Copy the raw email headers from your email client (usually available via "Show Original" or "View Source").
2. Send a POST request with the `raw_headers` field containing the header text.
3. Check `spoofing_risk` for an overall assessment — "low" means authentication passed, "high" means likely spoofed.
4. Review `auth_results` for individual SPF, DKIM, and DMARC verdicts, and `received_hops` for the delivery path.
About This Tool
The Email Header Parser analyzes raw email headers to extract routing information, authentication results, and spoofing risk indicators. It parses Received header chains to trace the email's path, extracts SPF, DKIM, and DMARC authentication results, identifies the originating IP address, and assesses the overall spoofing risk level.
Paste raw email headers from any email client and get structured data about how the email was routed, whether it passed authentication checks, and how likely it is to be spoofed.
Why Use This Tool
- Phishing investigation — Analyze suspicious email headers to determine if the sender is legitimate
- Deliverability debugging — Trace why emails are landing in spam by checking authentication results
- Security audit — Verify that your outbound emails pass SPF, DKIM, and DMARC checks
- Forensic analysis — Trace the routing path and originating IP of suspicious messages
Frequently Asked Questions
How is spoofing risk determined?
What email format should I paste?
Can this detect all types of email spoofing?
Start using Email Header Parser now
Get your free API key and make your first request in under a minute.