Email Threat Analyzer

In Gmail: open the email, click the three-dot menu, select 'Show original'. In Outlook: open the email, go to File → Properties → Internet headers. In Apple Mail: View → Message → All Headers. In most webmail clients, there is a 'View source' or 'Show original' option in the message menu. Copy the entire header block (everything above the email body) and paste it into the analyzer.

A failed SPF result means the email was sent from a server not authorized by the domain's SPF record — a strong indicator of spoofing or a misconfigured mail relay. A failed DKIM result means the email's cryptographic signature either doesn't exist or doesn't match — indicating the message may have been modified in transit or sent by an unauthorized server. Both failures together, especially combined with a suspicious originating IP, are high-confidence phishing indicators.

Yes. BEC attacks frequently involve domain spoofing, lookalike domains (yourcompany vs. yourcompаny with a Cyrillic character), or compromised legitimate email accounts. The analyzer checks for display name / envelope From mismatches, flags suspicious originating IPs against threat intelligence, and detects lookalike domain variations. These patterns are characteristic of BEC campaigns targeting finance and executive teams.

Absolutely. When an employee reports a suspicious email, copy the headers, paste them into the analyzer, and within seconds you have: the true sending server, authentication failures, IP reputation of the origin, and routing anomalies. This dramatically reduces investigation time compared to manual header parsing and lets tier-1 SOC analysts quickly determine whether a reported email is genuine phishing without escalation.