Paste raw RFC 5322 email headers — the part above the body in "View source" or "Show original" of any email client. The analyzer surfaces the routing chain, originating IPs, and SPF/DKIM/DMARC results. All parsing happens in your browser.
Reads Authentication-Results and Received-SPF. Trust is only as good as the verifier —
headers added before the receiving server can be forged. The last Authentication-Results from your
own mail provider is the only one you can rely on.
Bottom (oldest) is the originator. Top (newest) is your inbox.