Free Email Phishing Analyzer
Upload a suspicious .eml file for deep phishing analysis, sender authentication, link scanning, attachment checks, and social engineering detection. Free, private, no account required.
Analyze an Email, FreeWhy Email Remains the Top Phishing Vector
Email phishing remains the single most common entry point for cyberattacks. Phishing emails account for the majority of data breaches and ransomware incidents worldwide.
Modern phishing emails pass spam filters, display correct sender names, use real company logos, and replicate the visual style of legitimate messages so accurately that even experienced users can be deceived. ScanTotal's email analyzer goes beyond simple spam detection, examining technical headers, authentication records, links, and content to give you a complete picture.
What the Email Analyzer Checks
Sender Authentication, SPF, DKIM, and DMARC. Three email security protocols that verify whether an email truly came from the domain it claims:
- SPF checks whether the sending server is authorized to send on behalf of the "From" domain. A failing SPF check is a strong indicator of a spoofed sender.
- DKIM verifies the email content hasn't been modified in transit using a cryptographic signature. A DKIM failure means the email may have been tampered with.
- DMARC ties SPF and DKIM together, specifying what should happen to emails that fail authentication. A DMARC failure combined with a suspicious email is a major red flag.
Link extraction and scanning. Every URL in the email body is extracted and checked against Google Safe Browsing and threat databases. Phishers often disguise malicious links with display text like "Click here to verify" while the actual URL leads to a fraudulent site.
Attachment analysis. Attached files are checked for known malware signatures and file types commonly used in attacks, macro-enabled Office files, executables disguised as PDFs, etc.
Social engineering detection. We analyze the email body for psychological manipulation tactics: urgency, fear, impersonation, and requests for sensitive information, highly reliable indicators of phishing.
How to Save an Email as a .eml File
- Gmail: Open the email, click the three-dot menu (More), select "Download message." Saves as .eml.
- Apple Mail: Select the email, go to File → Save As, choose "Raw Message Source."
- Outlook: Open the email, go to File → Save As, or drag the message to your desktop to create a .msg file (also supported).
- Thunderbird: Right-click the email and select "Save As" to export as .eml.
Frequently Asked Questions
What file format does the email analyzer accept?
The analyzer accepts .eml files (standard format used by Gmail, Apple Mail, Thunderbird) and .msg files (Microsoft Outlook format).
Is my email content stored after scanning?
No. Email files are analyzed in memory and immediately discarded. We do not store email content, sender information, or any personal data in the message.
Can I analyze work emails?
Yes. Because we don't store file contents, you can safely analyze sensitive work emails. The file is processed and discarded immediately after the scan completes.
What if the email passes all authentication checks, can it still be phishing?
Yes. Some phishing operators set up properly authenticated domains specifically for attacks. Passing SPF, DKIM, and DMARC reduces likelihood of phishing but doesn't eliminate it. Always consider context, were you expecting it?