Show us anythingfrom the email.
Sender, subject, body — or just a screenshot. Our AI reads everything you give it and runs ten parallel reputation checks in the background. One paste, one verdict, in seconds.
Give it as much — or as little — as you have.
The only hard rule is body OR screenshot. Sender and subject are optional. The AI sees every field you provide and cross-checks them against the reputation engine in parallel.
Sender
address · Gmail line · raw headers
- Brand impersonation
- Domain age
- Via-domain analysis
- Auth (SPF/DKIM/DMARC)
Subject
the line that lands in your inbox
- Urgency cues
- Brand mimicry
- Scam-pattern phrasing
Body
the message text itself
- Phishing language
- Credential prompts
- Embedded URLs
- AI red flags
Screenshot
what you actually see in your inbox
- OCR'd From line
- Visible URLs
- Brand logos
- Visual deception
Why this scanner sees what others miss.
Most “email validators” stop at MX records. We bolt on the detectors that actually catch modern phishing — display-name impersonation, throwaway via-domains, and a vision model that reads your screenshot the way you do.
Display-name impersonation
Catches "PayPal Support" sending from xyz.us — names that claim a brand the sender domain isn't authorised for.
Via-domain forensics
High-entropy throwaway relays vs known ESPs vs aligned senders. The shape of the path matters as much as the address.
Brand-lookalike radar
Typosquats (paypa1.com), homoglyphs (Cyrillic 'а' for Latin 'a'), Levenshtein-1 mimics of the top 50 phished brands.
Breach + reputation
HIBP, DNSBL, RDAP age, MX/SMTP — the structural infrastructure picture that tells you if mail to this address is even real.
Vision OCR
A multimodal analyst reads your screenshot — extracts the From line, body text, visible URLs, and rates visual phishing tells.
AI analyst verdict
Reasoning model weighs every signal above against the message material and produces phishing likelihood + recommendation.
Recently scanned addresses
We never store the raw address.
Every address is SHA-256 hashed before it reaches the database. The report URL /email-scan/<64-hex> IS the hash. We keep the local-part and domain separately so the report can display them — the original raw input is never written. Screenshots are decoded once for the vision pass and discarded; the bytes never touch persistent storage.
Common questions
What's the minimum I need to paste?
Either the message body OR a screenshot. Everything else — sender, subject — is optional. The AI does the heavy lifting with whatever you give it. If you just have a screenshot, drop it in; vision OCR will read the From line, subject, and body for you.
Do you store the email address I check?
No. We hash every address with SHA-256 before it touches the database. The report URL IS the hash — `/email-scan/<64-hex>`. We keep the local part and domain separately so the report can display them, but the original raw input (including any display name) is never written anywhere.
What does the screenshot upload give me that pasting text doesn't?
Phishing emails often LOOK identical to legitimate ones. Vision OCR catches things text alone can't: a fake Microsoft logo that's just a lookalike PNG, a Reply button that goes to a different colour scheme, a footer address that's a known scam template. It also extracts URLs that wouldn't appear in pasted text (image-mapped buttons, etc.).
Will my check trigger an alert at the email provider?
The MX / RDAP / DNSBL / HIBP checks are passive lookups — the recipient never knows. The optional SMTP probe opens a TCP connection to their mail server, says 'would you accept mail for X?' and disconnects without sending anything. Most large providers (Gmail, Outlook) accept all probes regardless to defeat enumeration, so the probe usually returns 'unknown' for those.
What's the difference between 'safe' and 'inconclusive'?
'Safe' means we ran the checks and they all came back clean. 'Inconclusive' means too many checks failed or were skipped to give a confident answer (e.g. RDAP blocked, DNSBL timed out). When you see 'inconclusive', look at the individual check cards — they'll tell you what we couldn't see.
Got another suspicious email?
Free for everyone. No account required. Sign in with your forum account to unlock 100 scans per hour and a personal scan history.