DuckIntel / Security Tools
Free email header analyzer. Detect phishing, check SPF/DKIM/DMARC authentication, trace routing hops, extract IPs and IOCs. Paste Gmail, Outlook, or Apple Mail headers.
The Email Header Analyzer is a free phishing detection tool that dissects raw email headers to reveal authentication failures, suspicious routing paths, spoofed senders, and embedded indicators of compromise. Paste headers from Gmail, Outlook, Apple Mail, or any email client and get an instant analysis with a clear verdict on whether the email is legitimate or suspicious.
Email headers contain a detailed forensic record of every server the message passed through, the authentication checks applied at each hop, and the original sending IP address. Analyzing these headers is one of the most important skills for a Tier 1 SOC analyst. A spoofed From address, a failing SPF record, or a suspicious relay server can expose a phishing campaign that would otherwise look convincing to end users.
The tool checks SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting, and Conformance) authentication results. It extracts all IP addresses and domains from routing hops, runs them against 19 detection rules, and flags indicators like Reply-To mismatches, delayed delivery anomalies, and unusual geographic routing. A guided beginner walkthrough explains each finding in plain English for analysts who are new to email forensics.
Related tools
Email Header DiffDMARC ValidatorAttachment Risk ScorerCalendar Analyzer
Part of DuckIntel.io — 59 free browser-based security tools for SOC analysts. No login. No tracking. 100% client-side.