Craig Peterson
Phish Check

The Six-Tier Security Scan

Enterprise-grade analysis. 60-second verdicts.

2 Simple Steps

Step 1: Forward the Suspicious Email

When you receive an email that looks suspicious, forward it to:

[enable JavaScript to see email]

Tip: Forward the email with headers intact. The best method is to forward as an attachment rather than using regular forward. This preserves the technical information we need for deeper analysis.

See our 60-Second Setup Guide for step-by-step instructions for your email client.

Step 2: Get Your Verdict in 60 Seconds

Within 60 seconds, you'll receive an email with your verdict. The subject line clearly identifies the result:

Example: [enable JavaScript to see tag] Invoice #12345 Due Today

Invitation Only:

Phish Check is currently available by invitation only. If you have access, simply forward suspicious emails as attachments to get your verdict.

Want access? Contact [enable JavaScript to see email] to request an invitation.

SAFE

The email appears legitimate. You can proceed normally.

SUSPICIOUS

The email has some red flags. Verify the sender before taking action.

PHISHING

This is almost certainly a phishing attempt. Delete it immediately.

SPAM

Junk mail or mass marketing. Delete it.

FORGED

The sender information is fake. Do not trust this email.

Each verdict includes a plain-English explanation of what we found and specific recommended actions.

Behind the Scenes

While you wait just 60 seconds, your email goes through six layers of enterprise-grade analysis:

Tier 1: Email Authentication

"Verifying the sender's digital passport"

Validates SPF, DKIM, and DMARC records to confirm the email originated from authorized servers. Forged emails are flagged immediately before consuming analysis resources.

Technical: Checks authentication headers against DNS records to detect spoofing attempts.

Tier 2: Sender Reputation

"Investigating the sender's history"

Analyzes domain age, IP reputation, and sending history. New domains, recently registered for attacks, and IPs with poor deliverability records raise red flags.

Technical: Cross-references domain WHOIS data, IP blacklists, and historical sending patterns.

Tier 3: AI Content Analysis

"Detecting manipulation tactics"

Our AI examines email content for social engineering patterns, urgency triggers, authority exploitation, and psychological manipulation techniques used in phishing attacks.

Technical: Claude AI analyzes language patterns, emotional triggers, and deceptive framing.

Tier 4: Link & Domain Analysis

"Exposing deceptive domains and malicious links"

Extracts all URLs and domains, follows redirects, and inspects destinations. Includes typosquatting detection to catch impersonation domains like paypa1.com, micros0ft-support.com, or amaz0n-security.com. Automatically skips unsubscribe/opt-out links to avoid confirming your email address to spammers.

Technical: Levenshtein distance, homoglyph detection, character substitution analysis, browser automation to follow links safely, and unsubscribe link filtering.

Tier 5: Threat Intelligence

"Cross-referencing 74+ security databases"

Checks extracted URLs and domains against PhishTank, URLhaus, and 74+ other threat intelligence feeds to identify known malicious infrastructure.

Technical: Real-time API lookups against community-reported phishing sites and malware distribution networks.

Tier 6: Verdict Synthesis

"Combining all signals for your final answer"

All analysis results are synthesized into a clear verdict: SAFE, SUSPICIOUS, or PHISHING. Includes confidence level and detailed reasoning for every decision.

Technical: Weighted aggregation of all tier results with explainable AI reasoning.

What We Check For

Every email undergoes 15+ specialized security checks

Authentication & Identity

  • SPF record validation
  • DKIM signature verification
  • DMARC policy compliance
  • Header forgery detection
  • Return-path mismatch detection

Domain & Link Security

  • Typosquatting detection (brand impersonation)
  • Homoglyph character detection (Cyrillic, etc.)
  • Character substitution (0 for o, 1 for l)
  • Domain age and WHOIS analysis
  • Redirect chain following
  • Unsubscribe link protection (safe analysis)

Content Analysis

  • Urgency and fear tactics detection
  • Authority exploitation patterns
  • Social engineering indicators
  • Credential harvesting language
  • Business Email Compromise (BEC) patterns

Threat Intelligence

  • PhishTank database lookup
  • URLhaus malware database
  • IP and domain blacklists
  • Known malicious infrastructure
  • 74+ threat intelligence feeds

Protected brands: PayPal, Microsoft, Amazon, Google, Apple, Netflix, Meta, Chase, Bank of America, Wells Fargo, Citibank, Capital One, American Express, USPS, FedEx, UPS, DHL, IRS, Dropbox, DocuSign, Adobe, LinkedIn, and more.

What You Can Check

The 60-Second Verdict System works with any email you receive:

  • Emails claiming to be from your bank or financial institutions
  • Package delivery notifications
  • Password reset requests
  • Invoices or payment requests
  • Emails from vendors or partners you're unsure about
  • "Urgent" requests from executives or coworkers
  • Prize or lottery notifications
  • Tech support alerts

Tips for Best Results

Do:

  • Forward as attachment when possible (preserves headers for better analysis)
  • Forward the email as soon as you're suspicious — don't click anything first
  • Check from any email client — Gmail, Outlook, Apple Mail, etc.

Don't:

  • Click links in the suspicious email before forwarding
  • Download attachments before forwarding
  • Reply to the suspicious email
  • Copy and paste the email text (we lose important header information)

What's Included

The 60-Second Verdict System provides comprehensive email analysis.

  • Six-Tier Security Scan
  • Plain-English Verdicts
  • 24/7 Protection
  • No software to install

Note: Currently available by invitation only.

Want Access to Phish Check?

Currently available by invitation only.

Questions? Contact us at [enable JavaScript to see email]