Overview
The Email Header Analyser API provides deep inspection and forensic analysis of email message headers. Security professionals, incident responders, and email administrators use this tool to identify spoofing attempts, trace message routing, validate authentication protocols (SPF, DKIM, DMARC), and detect malicious headers.
Email headers contain critical metadata that reveals the true origin of messages, intermediate mail servers, and authentication status. This API parses raw headers and extracts actionable intelligence for phishing investigations, compliance audits, and email security operations.
Ideal users include SOC analysts, email security teams, incident response professionals, forensic investigators, and organizations requiring email authentication verification and threat intelligence capabilities.
Usage
Sample Request
CODEBLOCK0
Sample Response
CODEBLOCK1
Endpoints
POST /analyze-header
Analyzes a raw email header to extract authentication, routing, and security metadata.
Method: POST
Path: �INLINECODE0
Request Parameters:
| Parameter | Type | Required | Description |
|---|
| header | string | Yes | Raw email header text containing one or more Received headers, authentication headers, and message metadata. |
Response Schema:
The response contains extracted header analysis including:
| Field | Type | Description |
|---|
| senderip | string | IP address of the originating mail server. |
| senderdomain |
string | Hostname of the originating mail server. |
| from_address | string | Email address in the From header. |
| to_address | string | Email address in the To header. |
| received_servers | array | List of mail servers in the routing path with hostname, IP, and timestamp. |
| authentication | object | Authentication protocol results (spf, dkim, dmarc status). |
| subject | string | Email subject line. |
| date | string | Message date in ISO 8601 format. |
| return_path | string | Return-Path header value. |
| suspicious_indicators | array | List of detected anomalies or security concerns. |
Status Codes:
- - 200: Successful analysis returned.
- 422: Validation error—header field missing or invalid.
Pricing
| Plan | Calls/Day | Calls/Month | Price |
|---|
| Free | 5 | 50 | Free |
| Developer |
20 | 500 | $39/mo |
| Professional | 200 | 5,000 | $99/mo |
| Enterprise | 100,000 | 1,000,000 | $299/mo |
About
ToolWeb.in - 200+ security APIs, CISSP & CISM, platforms: Pay-per-run, API Gateway, MCP Server, OpenClaw, RapidAPI, YouTube.
References
- - Kong Route: https://api.mkkpro.com/security/email-header-analyser
- API Docs: https://api.mkkpro.com:8016/docs
概述
邮件头分析API提供对电子邮件消息头的深度检查和取证分析。安全专业人员、事件响应人员和邮件管理员使用此工具来识别伪造尝试、追踪消息路由、验证认证协议(SPF、DKIM、DMARC)以及检测恶意邮件头。
邮件头包含关键的元数据,可揭示消息的真实来源、中间邮件服务器和认证状态。本API解析原始邮件头并提取可操作的情报,用于钓鱼调查、合规审计和邮件安全运营。
理想用户包括SOC分析师、邮件安全团队、事件响应专业人员、取证调查人员以及需要邮件认证验证和威胁情报能力的组织。
使用说明
示例请求
json
{
header: Received: from mail.example.com (mail.example.com [192.0.2.1]) by mx.targetdomain.com with SMTP id abc123; Wed, 15 Jan 2025 10:30:45 +0000\nFrom: sender@example.com\nTo: recipient@targetdomain.com\nSubject: Security Analysis\nAuthentication-Results: targetdomain.com; spf=pass smtp.mailfrom=sender@example.com; dkim=pass header.d=example.com; dmarc=pass\nReturn-Path: \nDate: Wed, 15 Jan 2025 10:30:45 +0000
}
示例响应
json
{
sender_ip: 192.0.2.1,
sender_domain: mail.example.com,
from_address: sender@example.com,
to_address: recipient@targetdomain.com,
received_servers: [
{
hostname: mail.example.com,
ip: 192.0.2.1,
timestamp: 2025-01-15T10:30:45Z
},
{
hostname: mx.targetdomain.com,
ip: null,
timestamp: null
}
],
authentication: {
spf: pass,
dkim: pass,
dmarc: pass
},
subject: Security Analysis,
date: 2025-01-15T10:30:45Z,
return_path: sender@example.com,
suspicious_indicators: []
}
接口端点
POST /analyze-header
分析原始邮件头以提取认证、路由和安全元数据。
方法: POST
路径: /analyze-header
请求参数:
| 参数 | 类型 | 必需 | 描述 |
|---|
| header | string | 是 | 包含一个或多个Received头、认证头和消息元数据的原始邮件头文本。 |
响应结构:
响应包含提取的邮件头分析结果,包括:
| 字段 | 类型 | 描述 |
|---|
| senderip | string | 原始邮件服务器的IP地址。 |
| senderdomain |
string | 原始邮件服务器的主机名。 |
| from_address | string | From头中的电子邮件地址。 |
| to_address | string | To头中的电子邮件地址。 |
| received_servers | array | 路由路径中的邮件服务器列表,包含主机名、IP和时间戳。 |
| authentication | object | 认证协议结果(spf、dkim、dmarc状态)。 |
| subject | string | 邮件主题行。 |
| date | string | ISO 8601格式的消息日期。 |
| return_path | string | Return-Path头值。 |
| suspicious_indicators | array | 检测到的异常或安全问题的列表。 |
状态码:
- - 200: 成功返回分析结果。
- 422: 验证错误——邮件头字段缺失或无效。
定价
| 套餐 | 每日调用次数 | 每月调用次数 | 价格 |
|---|
| 免费版 | 5 | 50 | 免费 |
| 开发者版 |
20 | 500 | $39/月 |
| 专业版 | 200 | 5,000 | $99/月 |
| 企业版 | 100,000 | 1,000,000 | $299/月 |
关于我们
ToolWeb.in - 200+安全API,CISSP和CISM认证,平台:按次付费、API网关、MCP服务器、OpenClaw、RapidAPI、YouTube。
参考链接
- - Kong路由:https://api.mkkpro.com/security/email-header-analyser
- API文档:https://api.mkkpro.com:8016/docs
