Last updated
Key Fields the Parser Extracts
- From, To, CC, BCC — sender and recipient addresses
- Subject — email subject line
- Date — when the email was composed
- Message-ID — unique identifier for the message
- Received chain — full routing path with timestamps and IP addresses
- Authentication-Results — SPF, DKIM, and DMARC results
- X-Spam-Score — spam score assigned by the receiving server
- X-Mailer / User-Agent — email client used to send the message
- MIME-Version and Content-Type — message format information
- Return-Path — the envelope sender address used for bounces
The Email Header Parser on TechConverter.me makes it easy to understand every field in an email header, trace delivery paths, verify authentication, and investigate suspicious messages — all without any technical expertise required beyond copying and pasting the raw headers.
Examples
Example 1: Tracing a Spam Email's Origin
A user receives a suspicious email claiming to be from their bank. They open the raw headers in their email client and paste them into the parser. The tool immediately highlights that the actual sending IP address belongs to a server in a different country, and the From header domain does not match the envelope sender domain — a classic phishing indicator.
The parsed Received chain looks like this (read bottom to top):
Received: from mail.suspicious-domain.xyz (203.0.113.45)
by mx.recipient.com with ESMTP; Mon, 10 Mar 2026 09:12:44 +0000
Received: from localhost (localhost [127.0.0.1])
by mail.suspicious-domain.xyz with ESMTP; Mon, 10 Mar 2026 09:12:40 +0000
The parser shows the authentication results clearly:
Authentication-Results: mx.recipient.com;
spf=fail (domain of bank.com does not designate 203.0.113.45 as permitted sender)
dkim=fail (signature verification failed)
dmarc=fail (p=reject)
All three checks — SPF, DKIM, and DMARC — failed. The parser flags this as a high-risk email and explains what each failure means, helping the user confirm the email is a phishing attempt.
Example 2: Diagnosing Slow Email Delivery
An email administrator receives a complaint that emails from the company's marketing platform are taking 20+ minutes to arrive. They send a test email, copy the raw headers, and paste them into the parser. The tool calculates the total delivery time and breaks it down by hop:
- Sender to marketing platform relay: 2 seconds
- Marketing platform relay to outbound MTA: 18 minutes (bottleneck identified)
- Outbound MTA to recipient MX: 4 seconds
The Received header at the bottleneck hop shows a delay message:
Received: from relay.marketingplatform.com (198.51.100.22)
by outbound.company.com with ESMTP id abc123;
Mon, 10 Mar 2026 09:30:12 +0000
(delay: 00:18:07 — queue congestion)
The parser highlights this hop in red and explains that the delay occurred at the outbound MTA queue, pointing the admin directly to the server that needs attention.
Example 3: Verifying Email Authentication Setup
A developer has just configured SPF, DKIM, and DMARC for a new domain. They send a test email to a Gmail account, copy the raw headers from Gmail's "Show original" view, and paste them into the parser to verify everything is working.
Authentication-Results: mx.google.com;
dkim=pass header.i=@company.com header.s=mail header.b=AbCdEfGh;
spf=pass (google.com: domain of noreply@company.com designates 192.0.2.10
as permitted sender) smtp.mailfrom=noreply@company.com;
dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=company.com
The parser shows all three checks as green passes. The developer can now be confident that their email authentication is correctly configured before sending to real customers.