Phishing Email Checker analyses suspicious emails and returns a scored verdict — low risk, suspicious, or likely phishing — along with the specific evidence that drove the score. Pass whatever you have: the email text, sender details, raw headers, a screenshot, or just a list of URLs from the message. It works with all of them individually or combined.
The tool combines local heuristics with live enrichment checks: DNS and email authentication lookups (SPF, DKIM, DMARC), domain registration age, URL reputation checks against threat databases, and vision analysis of screenshots. It surfaces the top signals that matter — sender spoofing, authentication failures, brand impersonation, suspicious link destinations — and gives you a concrete recommendation on what to do next.
What you can do
- Score any email for phishing risk with a verdict and confidence level
- Detect sender spoofing, display name impersonation, and domain lookalikes
- Analyse email headers for SPF, DKIM, DMARC failures and suspicious Reply-To fields
- Check links against threat intelligence databases
- Analyse screenshots of emails using vision — useful when you can't copy the text
- Run offline-only analysis without live lookups when needed
Who it's for
IT security teams, help desk staff, individuals who receive suspicious messages, and anyone building email security workflows or phishing awareness training. Also useful for security researchers and journalists investigating phishing campaigns.
How to use it
- Use check_email with whatever evidence you have — even just the sender and subject is a start
- Add email_text for content analysis, raw_headers for authentication signals, and links for URL checks
- Provide an image_url of a screenshot if you can't copy the email text directly
- Set check_live_sources to false for a fast offline-only pass
Getting started
No setup required for basic analysis — add a threat intelligence account for enriched URL lookups.
