How to perform header forensics?
Obtain full headers: most clients have "view original" or "show headers" options. Copy complete header text for analysis. Headers read bottom to top chronologically.
Trace routing: examine Received headers from bottom (origin) to top (destination). Identify each server in the chain. Unknown or suspicious servers warrant investigation.
Verify authentication: check Authentication-Results for SPF, DKIM, DMARC outcomes. Failures suggest spoofing. Cross-reference claimed domains with actual routing. Tools like MxToolbox header analyzer help interpretation.
Need personalized help?
Analyze your suspicious email in real time. Open an AI assistant with your question pre-loaded — just add your details and send.
Was this answer helpful?
Thanks for your feedback!