Header-level threat analysis
Read what an email won't tell you.
Drop a raw .eml file and Inspector dissects the parts a preview pane hides — authentication results, sender mismatches, link destinations, and the social-engineering pattern underneath. Verdict in seconds.
~/analyze/inbound.eml
backend not checked
EML
Drop an .eml file here
or browse your files
RAW MESSAGE · NOTHING IS STORED
Findings 0
Header evidence
What gets inspected
/ AUTH
Identity checks
SPF, DKIM and DMARC results are pulled straight from the message headers and weighed — a triple failure rarely travels alone.
/ ROUTE
Sender & reply paths
From, Reply-To and Return-Path are compared. A reply address that quietly points elsewhere is a hallmark of redirection fraud.
/ INTENT
Links & language
Destinations are unmasked and the body is read for urgency, payment changes and pressure — the tells that turn a header into an attack.