Free Forensic Tool
Email Header Analyzer
Paste email headers. See where the email came from, how it got to you and whether it is legitimate.
Free email header analysis tool from Sherlock Forensics. Parses Received headers into a visual hop-by-hop timeline, checks SPF, DKIM and DMARC authentication, identifies originating IP and geographic route, flags sender mismatches and produces a legitimacy verdict. Used by IT admins, security teams, lawyers and HR departments to trace email origins and detect spoofing.
Paste Email Headers
Paste the full headers from the email you want to analyze. The header text is parsed in your browser and is not sent to our servers. To plot the geographic journey, the public IP addresses in the Received chain are queried client-side against ip-api.com, a public geolocation service. Public IP addresses are public by design; anyone with the headers can look them up.
Authentication Results
Sender Analysis
Routing Trace (0 hops)
Questions