Phish Check

How Phish Check Works

3 Simple Steps

Step 1: Forward the Suspicious Email

When you receive an email that looks suspicious, forward it to:

[enable JavaScript to see email]

Important: Forward the email with headers intact. The best method is to forward as an attachment rather than using regular forward. This preserves the technical information we need to analyze where the email really came from.

See our How to Forward Emails guide for step-by-step instructions for your email client.

Step 2: AI Analyzes the Email

Your email goes through a two-tier analysis for thorough protection:

Quick Triage

First, we check for obvious spam and forged emails - lottery scams, fake senders, authentication failures. If it's clearly junk, you get an instant verdict.

Deep Analysis

If it's not obviously spam, we perform comprehensive analysis using multiple intelligence sources:

  • Sender verification - Does the sender match who they claim to be? We validate IP addresses against claimed domains using reverse DNS confirmation.
  • Link inspection - Do URLs actually go where they claim? Are there lookalike domains (paypa1.com, amaz0n.com)?
  • Domain intelligence - We check domains against:
    • 74 security vendors via VirusTotal (Kaspersky, Sophos, Fortinet, McAfee, and more)
    • Google Safe Browsing database of known phishing and malware sites
    • DNS blocklists including Spamhaus, SpamCop, and SURBL
    • WHOIS records to detect newly-registered domains (a major phishing indicator)
  • Content patterns - Urgency tactics, credential requests, threats, impersonation?
  • Header inspection - SPF, DKIM, and routing analysis to detect spoofing
  • Brand impersonation - Is someone pretending to be a known company?

Step 3: Get Your Verdict

Within minutes, you'll receive an email with your verdict:

SAFE

The email appears legitimate. You can proceed normally.

SUSPICIOUS

The email has some red flags. Verify the sender before taking action.

PHISHING

This is almost certainly a phishing attempt. Delete it immediately.

SPAM

Junk mail or mass marketing. Delete it.

FORGED

The sender information is fake. Do not trust this email.

Each verdict includes a detailed explanation of what we found and specific recommended actions.

What You Can Check

Phish Check works with any email you receive:

  • Emails claiming to be from your bank or financial institutions
  • Package delivery notifications
  • Password reset requests
  • Invoices or payment requests
  • Emails from vendors or partners you're unsure about
  • "Urgent" requests from executives or coworkers
  • Prize or lottery notifications
  • Tech support alerts

Tips for Best Results

Do:

  • Forward as attachment when possible (preserves headers for better analysis)
  • Forward the email as soon as you're suspicious - don't click anything first
  • Check from any email client - Gmail, Outlook, Apple Mail, etc.

Don't:

  • Click links in the suspicious email before forwarding
  • Download attachments before forwarding
  • Reply to the suspicious email
  • Copy and paste the email text (we lose important header information)

What's Included

Your Phish Check purchase includes 100 email checks, valid for 3 months from purchase.

  • No subscription required
  • No software to install
  • Works with any email provider
  • Verdicts delivered to your inbox

Note: The email address you use to purchase will be your authorized sending address for checks.

Enterprise-Grade Analysis

Every email check includes the same intelligence sources used by Fortune 500 security teams:

SourceWhat It Does
VirusTotalAggregates verdicts from 74 security vendors including Kaspersky, Sophos, Fortinet, McAfee, Bitdefender, and ESET
Google Safe BrowsingGoogle's real-time database of phishing, malware, and deceptive sites
DNS BlocklistsSpamhaus, SpamCop, SURBL - the same lists that protect email servers worldwide
WHOIS IntelligenceDetects newly-registered domains - 90% of phishing domains are less than 30 days old
AI AnalysisTwo-tier AI analysis for nuanced detection that signature-based tools miss

Your Registered Email

The email address you use to purchase Phish Check is your registered email. Forward suspicious emails from that address to receive your verdicts.

Need to use a different email? Contact [enable JavaScript to see email] and we'll get you set up.