buncha.tools
buncha/osint/email-headers

Email Header Analyzer

Raw email headers
How to read this. Start with the Authentication card — if SPF + DKIM + DMARC all pass, the message is almost certainly from the sender it claims to be. If DMARC is fail or none and the From domain is one a phisher might impersonate, treat the message as suspicious. The hop chain tells you the route the email took; a legitimate transactional email usually goes through 1-3 hops from a recognisable sending platform (sendgrid, mailgun, amazonses, gsuite). A long chain bouncing through unrelated hosts, or hops with no rDNS / no IP, is a common phish pattern. The Return-Path being different from the From domain is normal for newsletters (bounces go to a separate domain) but anomalous for a personal email.
Parsing is entirely client-side. Headers never leave your browser.
Read the guide
What is OSINT? A plain-English explainer

Pairs well with

Error Level Analysis
Quick image tampering check via Error Level Analys
Image Location Finder
Find where a photo was taken. First: read the EXIF
Reverse Image Search
Find where else an image appears online — drop a f
SSL Certificate Inspector
Pull a domain's TLS certificate history from the p

About Email Header Analyzer

Paste raw email headers and get a phishing-investigator dashboard: subject + from + to + date snapshot, SPF / DKIM / DMARC verdicts with plain-English explainers per result, a hop-chain timeline with per-hop delay and IP attribution, every X-header (spam scores, mailer software, list IDs), and the full parsed header list expandable. RFC 2047 encoded subjects decoded automatically. All client-side — headers never leave your browser.

Everything happens on your device. Close the tab and it's gone.
b
Built browser-first. Run by one developer.
Every tool runs on your device. No tracking pixels, no sign-up to start. The numbers below are pulled live from the registry.
386
Free tools
Across 14 categories
7
Visual editors
PDF · image · video · audio
34
Curated kits
By profession + lifestyle
27
AI tools
Powered by Claude API
Files never uploadNo tracking pixelsNo sign-up neededWorks in any modern browser
The handful of AI tools (paraphrase, summarise, blog, captions, etc.) send your prompt text to Anthropic's Claude API to do the work. Files, images, PDFs and video never leave your device. Pick the tools that fit your privacy comfort.