Question 1

How does the Phishing Email Analyzer work?

Accepted Answer

The tool parses the email headers and body to extract SPF, DKIM, and DMARC authentication results, identify hidden or suspicious URLs, and detect common phishing patterns such as urgency language, credential prompts, and display-name spoofing. You get a risk score and plain-English verdict in seconds.

Question 2

Does it send my email to any external service?

Accepted Answer

No. All analysis is performed server-side in Node.js. Your email is never sent to VirusTotal, Google Safe Browsing, or any third-party service. We do not store your email after analysis.

Question 3

What are SPF, DKIM, and DMARC?

Accepted Answer

These are email authentication protocols that verify a message actually came from the domain it claims to be from. SPF validates the sending server is authorized, DKIM verifies the message content was not altered in transit, and DMARC ties the two together with a published policy. Failures on all three are a strong phishing indicator.

Question 4

Can this detect all phishing emails?

Accepted Answer

No tool catches 100% of attacks. This analyzer flags the most common technical and content-based indicators, but sophisticated spear-phishing can sometimes pass some checks. Always verify unexpected requests through a separate channel — call the sender at a known number, not one from the email.

Question 5

What does the risk score mean?

Accepted Answer

The score ranges from 0 to 100. 0–19 is Low (likely safe), 20–39 is Medium (caution warranted), 40–69 is High (do not act on this email), and 70–100 is Critical (delete it immediately). Each section below the score explains the specific findings.

Is this email
legitimate or a phishing attack?

Three checks in 30 seconds

Is this emaillegitimate or a phishing attack?

Three checks in 30 seconds

Is this email
legitimate or a phishing attack?