parse_email_headers
Parse raw email headers to detect spoofing, SPF/DKIM/DMARC failures, From vs Return-Path mismatches, and extract the real originating IP. Ideal for analyzing suspicious emails offline.
Instructions
Analyze raw email headers for spoofing (offline, no key): SPF/DKIM/DMARC results, From vs Return-Path vs Reply-To mismatches (reply-hijacking), and the real originating IP (feed it to check_ip).
Use when: the user can paste the full raw headers of a suspicious email.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| params | Yes |
Output Schema
| Name | Required | Description | Default |
|---|---|---|---|
| result | Yes |