Paste any suspicious email and get an instant threat analysis. We check authentication records, sender signals, suspicious links, urgency patterns, and more.
The Phishing Email Checker analyzes pasted email content for signs of credential theft, brand impersonation, suspicious links, and dangerous attachments.
It answers the key question: is this email trying to trick me into revealing my password, banking information, or personal data?
Flags requests for passwords, OTP codes, banking details, and other sensitive information.
Detects brand-spoofing URLs, misleading link text, and risky file types like .zip or .exe.
In full-source mode, checks SPF, DKIM, and DMARC results plus Reply-To mismatches.
Analysis runs in real time, your email content is not saved or logged.
Use full email + headers for best accuracy, or body-only for quick content checks.
Extracts sender, Reply-To, subject, links, attachments, and authentication results.
Checks brand impersonation, urgency language, credential requests, and link heuristics.
Get a Low / Medium / High risk rating with detected signals and actionable next steps.
Risk scores range from 0 (safest) to 100 (highest risk). Multiple high-severity signals increase the score.
No major phishing signals detected. Stay cautious, targeted spear phishing can still look legitimate.
Some suspicious indicators found. Verify the sender independently before clicking links or replying.
Multiple phishing signals detected. Do not click links, open attachments, or provide any information.
Weighted sum of detected signals, higher means more likely phishing.
Individual findings like brand impersonation, bad links, or auth failures.
Contextual recommendations based on the overall risk level.
Count of URLs extracted from the email body for analysis.
Paste the complete raw source (Show original in Gmail) for SPF/DKIM/DMARC and Reply-To checks.
Contact the organization through official channels, never use phone numbers or links in the email.
Mark as phishing in your email client and notify IT if it arrived at a work address.
Legitimate companies do not ask for passwords, OTP codes, or banking details via email.
No. The analysis runs synchronously and your pasted content is not saved to any database.
Full mode analyzes headers (SPF/DKIM/DMARC, Reply-To) plus body content. Body-only mode checks content patterns and links only.
Yes. New phishing pages and targeted spear phishing may not trigger all signals. Always verify unexpected requests.
The display name or body references a well-known brand but the email was sent from an unrelated domain.
Archive files are commonly used to deliver malware or credential-harvesting pages inside compressed packages.
No. Use this tool to analyze links without visiting them. If in doubt, go directly to the official website.
SenderSignal monitors these signals continuously: 48 blacklists, SPF, DKIM, DMARC, TLS and more, with alerts in Slack, email and signed webhooks.