Phishing Inspector

About Phishing Inspector

A free, private, AI-powered email security tool built to protect everyone from phishing — without a subscription, an account, or a data compromise.

Our Mission

Phishing is the most common entry point for cyberattacks, yet most people have no reliable way to quickly verify whether an email is legitimate. Enterprise security tools cost thousands of dollars and require IT teams to operate. Free tools are often shallow, single-purpose, or privacy-invasive.

Phishing Inspector was built to close that gap: a professional-grade email security analysis tool that anyone can use, instantly, for free — with no signup, no data stored, and no strings attached.

How It Works

AI Language Models

Two independent large language models (Llama 3.1 8B and Qwen2.5 3B) analyze email content in parallel, detecting social engineering language, impersonation patterns, and manipulation tactics.

Real-Time Threat Intelligence

Every link is checked against Google Safe Browsing, VirusTotal (70+ security engines), URLhaus, and URLScan.io in real time. IP addresses are verified against AbuseIPDB and DNS blacklists.

Email Authentication

SPF, DKIM, and DMARC records are validated to detect spoofing and domain impersonation — the core of business email compromise (BEC) attacks.

Behavioral Analysis

The system detects urgency tactics, authority impersonation, credential harvesting attempts, and other social engineering patterns that AI models alone might miss.

Who Is This For?

Everyday Users

Anyone who receives suspicious emails and wants a quick, trustworthy second opinion before clicking a link.

Security Professionals

SOC analysts and IT teams who need detailed technical reports with IOC extraction, MITRE ATT&CK mappings, and header analysis.

Organizations

Teams that want to supplement existing email security solutions with an additional free verification layer for reported phishing emails.

Privacy Commitment

We never store, log, or share any email content you submit. All analysis runs in memory and data is permanently discarded the moment your report is generated. No user accounts. No tracking of submitted emails. No training data collected.

The only data sent externally are URLs and IP addresses to threat intelligence APIs (Google Safe Browsing, VirusTotal, URLhaus, AbuseIPDB) — and these services receive no context about the email they came from.

Read the full Privacy Policy →

Ready to Scan an Email?

Free. No signup. Results in seconds.

Analyze an Email
FAQHow To UseTechnical DocsContact