PhishAnalyze email threat scanner.

Upload a suspicious .eml file and get a clear phishing verdict, risk score, evidence, analyzer status, locked checks, and next steps in one private workspace.

Open scanner Trust and privacy

Phishing verdict Likely phishing

Sender mismatch, risky link wording, and unusual urgency were found.

Risk82%

Checks6 run

Locked2 shown

Header authenticationCompleted

URL reputationCached

Browser detonationLocked

Attachment sandboxNot configured

About PhishAnalyze

A suspicious-email scanner built around evidence, not just a score.

PhishAnalyze is the general suspicious-email scanner in the shared FastAPI detection platform. It helps users inspect phishing, malicious URLs, sender and domain risk, attachments, social-engineering language, and scan history from one private workspace.

Built by Meidie Fei as part of a security engineering portfolio focused on practical detection workflows and clear safety boundaries.

View the MDP Studio project page

Input

Saved .eml files and monitored mailbox messages preserve headers, sender data, body text, URLs, and attachment metadata for analysis.

Analyzer set

Local and plan-aware checks cover header authentication, URL reputation, domain intelligence, detonation, attachments, sender profiling, intent, and brand impersonation.

Output

Each scan returns a clear verdict, score, evidence, analyzer status, locked checks, skipped checks, and next steps for the user.

1 Upload the original email

Use the saved .eml file so headers, sender data, body text, URLs, and attachments stay intact.

2 Run local and plan-aware checks

Free checks run first. Paid or unavailable checks are recorded clearly instead of silently disappearing.

3 Review evidence and next steps

The report explains why the email is clean, suspicious, likely phishing, or confirmed phishing.

Learn the signals

Public guides that turn suspicious emails into teachable checks.

PhishAnalyze can rank for useful safety questions while giving students and small teams a safe path into the scanner.

Email header analysis How to read From, Reply-To, Return-Path, SPF, DKIM, DMARC, and link evidence together. Safe .eml scanner workflow How to preserve a suspicious email and scan it without opening risky links. Phishing example patterns Fake document shares, urgent account warnings, and AI instruction attacks to watch for.

Clear result layer

Designed for people who just need to know what to do next.

PhishAnalyze separates raw analyzer output from the customer-facing report. Users see plain-English evidence, failed or skipped checks, and a practical action list without reading JSON or API logs.

Clean Suspicious Likely phishing Confirmed phishing

Private by default Workspace-owned history

Signed-in users only see their own workspace scans, with delete controls for stored results.

Plan transparent Locked checks stay visible

The report shows when a check was locked, skipped, cached, failed, or not configured.

Non-technical reports Readable evidence first

The scanner explains sender risk, links, attachment signals, and social-engineering language.

Manual-first workflow

Useful before mailbox setup

Anyone can start with a saved .eml upload, then add monitoring later when credentials and controls are ready.

Evidence contract

Status-aware analyzer rows

Each analyzer reports status, cost tier, plan gate, evidence, risk contribution, timing, and safe details.

Trust boundary

No raw unsafe rendering

Reports keep dangerous email content behind safe rendering, CSRF checks, file limits, and account ownership checks.