← Back to Features
Email Header Analyzer
Visualize mail routing, parse spam reports, and anonymize sensitive headers
LogScrub automatically detects email headers and provides powerful analysis tools. Visualize the complete routing path through mail servers, parse SpamAssassin and rspamd reports into readable tables, check TLS encryption at each hop, and anonymize sensitive information before sharing.
Email Routing Visualization
When you paste email headers containing Received: headers, LogScrub parses them and displays an interactive routing diagram showing exactly how your email traveled from sender to recipient.
sender-smtp.example.com
↓ +0.5s 🔒 TLSv1.3
mx1.google.com [142.250.x.x]
↓ +1.2s 🔒 TLSv1.3
spam-filter.google.com
↓ +0.1s
final-delivery.google.com
What Gets Parsed
- Server hostnames — From and by server names
- IP addresses — IPv4 and IPv6 addresses in headers
- Timestamps — When each server received the message
- Transit times — Duration between each hop
- TLS encryption — Version and cipher suite used
- Protocol — SMTP, ESMTP, LMTPS, etc.
- Authentication — DKIM, SPF, DMARC results
- Queue IDs — Server-specific message identifiers
TLS Indicator: A padlock icon on connector lines shows encrypted transmission. Hover to see the TLS version (e.g., TLSv1.3) and cipher suite.
Spam Report Parsing
LogScrub detects and parses spam filter reports from SpamAssassin and rspamd, displaying them in a sortable table instead of raw header text.
| Score |
Rule |
Description |
| -0.1 |
DKIM_VALID |
Message has valid DKIM signature |
| -0.1 |
DKIM_VALID_AU |
DKIM signature from author's domain |
| -0.0 |
SPF_PASS |
SPF: sender matches SPF record |
| +2.5 |
URIBL_BLOCKED |
Contains URL listed in blocklist |
| +1.0 |
HTML_MESSAGE |
HTML included in message |
Total Score: 3.3 (Threshold: 5.0)
Supported Spam Filters
SpamAssassin
- X-Spam-Report header parsing
- Rule scores and descriptions
- Total score and threshold
rspamd
- X-Spam-Report header parsing
- Symbol scores with groups
- Action taken (no action, add header, reject)
When both SpamAssassin and rspamd reports are present, LogScrub displays tabs to switch between them for comparison.
Header Anonymization
Email headers contain sensitive information that should be removed before sharing. LogScrub detects and anonymizes:
From: John Smith <john.smith@company.com>
To: Jane Doe <jane@example.org>
Received: from mail.company.com (192.168.1.50) by mx.example.org
X-Originating-IP: [203.0.113.45]
Message-ID: <ABC123@mail.company.com>
X-Mailer: Microsoft Outlook 16.0
From: [NAME-1] <[EMAIL-1]>
To: [NAME-2] <[EMAIL-2]>
Received: from [HOSTNAME-1] ([IPV4-1]) by [HOSTNAME-2]
X-Originating-IP: [[IPV4-2]]
Message-ID: <[MESSAGE_ID-1]>
X-Mailer: Microsoft Outlook 16.0
What Gets Anonymized
- Email addresses — From, To, Cc, Bcc, Reply-To
- Names — Display names in address fields
- IP addresses — Originating IPs, server IPs
- Hostnames — Mail server names
- Message IDs — Unique identifiers
- Subjects — Optional, can be preserved
- Custom headers — X-headers with sensitive data
- Authentication details — DKIM selectors, domains
Use Cases
- Email delivery debugging — Identify where delays occur in the delivery chain
- Security analysis — Verify TLS encryption was used throughout the route
- Spam investigation — Understand why emails are marked as spam
- Phishing analysis — Trace the origin of suspicious emails
- Compliance documentation — Document that email was transmitted securely
- Support tickets — Share email headers without exposing addresses
How to Get Email Headers
Gmail
- Open the email
- Click ⋮ (More) → "Show original"
- Copy the headers section
Outlook
- Open the email
- File → Properties
- Copy from "Internet headers"
Apple Mail
- Open the email
- View → Message → Raw Source
- Copy the headers section
Thunderbird
- Open the email
- View → Message Source (Ctrl+U)
- Copy the headers section
Detection Rules for Email
LogScrub includes specialized detection rules for email-specific patterns:
- Email Message-ID — Matches <id@domain> format identifiers
- Email addresses — Standard email pattern detection
- Received header IPs — Extracts IPs from Received: headers
- Mail server hostnames — Detects MX and mail server names
Tip: Enable the "Email Message-ID" rule in the Detection Rules panel when working with email headers. It's disabled by default to avoid false positives in other content.
Ready to analyze email headers?
Paste your email headers into LogScrub to visualize routing and anonymize sensitive data.
Launch LogScrub