Security & Threat Analysis

Phishing Email Checker

Paste any suspicious email and get an instant threat analysis. We check authentication records, sender signals, suspicious links, urgency patterns, and more.

SPF / DKIM / DMARC analysisSuspicious link detectionNo data stored100% free

For the most accurate analysis, paste the complete email source including headers. This lets us check SPF, DKIM, and DMARC authentication results.

0 characters
HOW TO COPY THE FULL EMAIL SOURCE
  1. Open the suspicious email in Gmail
  2. Click the three dots (⋮) in the top-right corner of the email
  3. Click "Show original"
  4. In the new tab, click "Copy to clipboard", then paste above

About

The Phishing Email Checker analyzes pasted email content for signs of credential theft, brand impersonation, suspicious links, and dangerous attachments.

It answers the key question: is this email trying to trick me into revealing my password, banking information, or personal data?

Credential theft detection

Flags requests for passwords, OTP codes, banking details, and other sensitive information.

Link & attachment analysis

Detects brand-spoofing URLs, misleading link text, and risky file types like .zip or .exe.

Header authentication

In full-source mode, checks SPF, DKIM, and DMARC results plus Reply-To mismatches.

No data stored

Analysis runs in real time, your email content is not saved or logged.

How to use this tool

Paste the email

Use full email + headers for best accuracy, or body-only for quick content checks.

Parse headers & body

Extracts sender, Reply-To, subject, links, attachments, and authentication results.

Run threat signals

Checks brand impersonation, urgency language, credential requests, and link heuristics.

Review risk score

Get a Low / Medium / High risk rating with detected signals and actionable next steps.

Understanding the results

Risk scores range from 0 (safest) to 100 (highest risk). Multiple high-severity signals increase the score.

Low Risk

No major phishing signals detected. Stay cautious, targeted spear phishing can still look legitimate.

Medium Risk

Some suspicious indicators found. Verify the sender independently before clicking links or replying.

High Risk

Multiple phishing signals detected. Do not click links, open attachments, or provide any information.

Important result fields

Risk score

Weighted sum of detected signals, higher means more likely phishing.

Detected signals

Individual findings like brand impersonation, bad links, or auth failures.

What to do

Contextual recommendations based on the overall risk level.

Links found

Count of URLs extracted from the email body for analysis.

Best practices & recommendations

Use full email source

Paste the complete raw source (Show original in Gmail) for SPF/DKIM/DMARC and Reply-To checks.

Verify independently

Contact the organization through official channels, never use phone numbers or links in the email.

Report high-risk mail

Mark as phishing in your email client and notify IT if it arrived at a work address.

Never share credentials

Legitimate companies do not ask for passwords, OTP codes, or banking details via email.

Frequently asked questions

No. The analysis runs synchronously and your pasted content is not saved to any database.

Full mode analyzes headers (SPF/DKIM/DMARC, Reply-To) plus body content. Body-only mode checks content patterns and links only.

Yes. New phishing pages and targeted spear phishing may not trigger all signals. Always verify unexpected requests.

The display name or body references a well-known brand but the email was sent from an unrelated domain.

Archive files are commonly used to deliver malware or credential-harvesting pages inside compressed packages.

No. Use this tool to analyze links without visiting them. If in doubt, go directly to the official website.

Run this check once, or have it watched 24/7.

SenderSignal monitors these signals continuously: 48 blacklists, SPF, DKIM, DMARC, TLS and more, with alerts in Slack, email and signed webhooks.

Start monitoring free All free tools