NeoShield Security logo NeoShield Security Quantum X

// tool reference · Incident & Response

AI Phishing Email Analyzer Free

Paste a suspicious email for a verdict, red flags and defanged links.

Open AI Phishing Email Analyzer →


What it does

Paste a suspicious email — headers included — and get per-indicator analysis: sender authenticity, lookalike domains, header inconsistencies, and social-engineering technique.

When to use it

Inputs

Field names are the actual form parameters, verified against source.

FieldTypeRequiredNotes
email_raw textarea required The FULL email including headers. Headers carry most of the signal — body alone is much weaker.

What you get back

Verdict plus per-indicator findings with severity.

Worked example

Input

From: "PayPal Security" <security@paypa1-verify.top>
Reply-To: collect@mailbox.ru
Subject: Your account has been limited
Return-Path: bounce@sendgrid-relay.net

Output (abridged)

VERDICT: PHISHING — high confidence

CRITICAL  Lookalike domain: 'paypa1-verify.top' — digit 1 for letter l,
          on a TLD PayPal does not use.
CRITICAL  Reply-To mismatch: replies go to collect@mailbox.ru, an
          unrelated free provider. Classic collection-address split.
HIGH      Return-Path does not align with From — SPF cannot pass for
          the displayed domain.
MEDIUM    Urgency pretext ('account limited') to bypass deliberation.

→ Block the sender domain. Search the tenant for other recipients.
→ If anyone clicked: rotate credentials, review sign-in logs.

How it works

Deterministic header parsing (SPF/DKIM/DMARC alignment, Reply-To mismatch, domain similarity), then AI analysis of the pretext.

Limits

Read live from the platform configuration.

Rate limit5 requests / 10 minutes

Privacy

The email is sent to the AI provider for analysis and is not retained.

Standards

MITRE ATT&CK (T1566 Phishing)DMARC / SPF / DKIM

Related tools

← All tools Manual home