Are pasted headers uploaded?

No. The analyzer runs locally in the browser and does not send pasted headers to a MyIPScan API.

Can this prove an email is safe?

No. It can surface header signals, but it cannot prove sender intent or complete safety.

What should I remove before pasting?

If you are cautious, remove message body content and unrelated personal notes. The parser only needs raw headers.

Email Security Tool

Email Header Analyzer

Paste raw email headers to inspect routing and authentication-result signals locally. The pasted text stays in your browser.

Analyze headers locally

Paste email headers to start.

What the results mean

Received headers show handoff paths. Authentication-Results can include SPF, DKIM, and DMARC outcomes as seen by a receiving system. Header signals can be useful, but they do not prove whether a message is safe.

How to use this tool

Open the raw original message in your email client.
Copy the headers only.
Paste them here and review routing plus authentication signals.

FAQ

Does this send headers to MyIPScan?

No. The parser is browser-local.

Can headers be forged?

Some headers can be forged or added by different systems. Interpret them with context.

Does this replace mail-provider security tools?

No. Treat it as a local inspection helper, not a complete email investigation.

B2B diagnostic report model

Email domain diagnostics

Email checks connect MX, SPF, DMARC, optional DKIM selector records, PTR/rDNS, sender-IP context, blacklist context, and email-header evidence.

SummaryStart with a plain-language status for the public target.

Top issuesPrioritize the few findings that need attention first.

What passedShow expected public signals without turning them into a certification.

What needs reviewSeparate limited, unavailable, and review-worthy signals.

Why it mattersExplain the business, delivery, crawl, or implementation impact.

Recommended fixesPoint to the DNS, hosting, email, CMS, or SEO owner who can act.

What this tool cannot checkThis does not send mail, inspect private mailboxes, guarantee inbox placement, or certify sender reputation everywhere.

Client-safe copyClient-safe copy should keep authentication findings and fixes while removing email local-parts, raw TXT payloads, raw sender IP details, and private mailbox context.

Monitoring beta (optional)Optional monitoring beta can compare MX, SPF, DKIM selector checks, DMARC policy, PTR/rDNS, and selected blacklist signals for approved domains.

Client-safe report

Share findings without leaking raw technical material

Use Safe Copy or this page's summary when sending results to a client, vendor, developer, or support team. Raw headers, credentials, tokens, cookies, private addresses, email local-parts, and oversized payloads should stay out of client-facing copy.

Review Safe Copy Ask about monitoring beta

Check my email domain

What this checks

Public mail-domain records and pasted email-header signals such as MX, SPF, DMARC, DKIM selector context, and sender-route clues.

Limits

What this cannot check

It cannot guarantee inbox placement, inspect private mailboxes, or certify sender reputation everywhere.

Read results

How to use the output

Treat results as review signals for this browser/session or public target. Re-test after one change, then use Safe Copy or notes that avoid raw identifiers.