Phishing

Phishing Check

Use the same raw message source, but with a phishing-first lens: sender mismatches, login lures, urgent pressure, suspicious links, upstream spam hints, transport anomalies, and sender-domain DNS gaps.

Open Email Inspector How to get raw headers

Analyze

Paste full raw email or headers

The result is meant for rapid human review before any user clicks, replies, or releases the message.

Phishing analysis is strongest when you paste the original message source or header block. If you only have the rendered email view, open the raw email header guide first and copy the real evidence.

Current checks

Sender mismatch Flags `From`, `Reply-To`, and `Return-Path` combinations that deserve immediate review.
Link risk Highlights shorteners, punycode, and IP-based links from the supplied source.
Social-engineering cues Surfaces credential, urgency, payment, and attachment-lure language in the pasted content.
Mail path review Shows the Received timeline so suspicious delay patterns or timestamp inconsistencies are visible fast.
Sender DNS Checks whether the sender domain publishes believable MX, SPF, DMARC, DKIM selector, and BIMI records, then drafts sender-side fixes.

Run the phishing check to populate suspicious sender clues, link risk, authentication failures, and extracted indicators.