ESENRODEFRIT
Contact

Free Email Scanner · Analyse suspicious emails in seconds | OCIRIA

Paste or forward a dubious email. We tell you whether to trust or suspect, with explanation.

Email Scanner

Analyse a suspicious email in under a minute

Did an email arrive that made you hesitate? Paste it here. We return a verdict in plain language: whether it shows signs of phishing, impersonation or fraud attempt, and why. No registration, no install and we do not keep your email.

[Button: Analyse an email]

---

How it works

Step 1 · Paste or forward the email. Copy the full email (including headers, if your client lets you see them) and paste it into the form. Alternatively, forward it to the address the system indicates when you click "Forward email".

Step 2 · We analyse in real time. The system breaks the email down into its parts (sender, server route, subject, body, links, attachments) and compares each part against public reputation sources and known fraud indicators.

Step 3 · You receive an explained verdict. In under a minute we show the result on screen: risk traffic light, list of positive and negative indicators detected, and recommended action ("ignore and delete", "verify via alternative channel", "forward to your security lead").

---

What it analyses

---

What happens to your email

Zero storage. The email is processed in memory and discarded once analysis ends. It is not stored in any persistent log, not indexed, not shared with third parties.

Zero model training. We do not use your email to train any system of ours or third parties. The analysis runs against external public sources, not against a model fed with user data.

Zero external sending of content. The body of the email is not sent to third-party APIs. Queries to external sources are made on technical pieces (attachment hash, link domain), not on the message text.

No mandatory registration for one-off use. You can analyse emails without creating an account. If you want history or personalised report, there is an optional path with email address.

GDPR compliance. Minimum processing, purpose limited to the requested analysis, no unnecessary international transfers.

---

Results you will see

Green verdict · Low risk. Main indicators are coherent (correct authentication, known and aged domain, links within the sender's own organisation, no suspicious patterns). You can act with reasonable confidence, maintaining your usual common sense.

Yellow verdict · Requires verification. There are mixed indicators. Something does not fit: partial authentication, suspicious link without a known brand impersonated, odd tone without evident urgency. Recommendation: verify via alternative channel before acting (call the sender, message through another medium, consult your security lead).

Red verdict · High risk. Clear signs of phishing, impersonation or fraud. Failed authentication, recently registered domain similar to a known brand, link redirecting to a credential capture site, attachment with known malware signature, or combination of several minor indicators. Recommendation: do not click, do not reply, report it to your security team if applicable, delete it.

Each verdict comes with the specific list of indicators that justify it. No black box: you see why we say what we say.

---

Who finds it useful

Individuals and self-employed who receive a suspicious email and have no security team to consult. An accessible tool that replaces the "I do not know if this is real, I will open it to see".

SMEs without formal SOC. Professional firms, shops, small consultancies, executive assistants. It can be the difference between catching a wire fraud in time and falling for it.

Mid-market IT teams that constantly receive "is this email real?" questions from employees and need a tool that helps them respond in a structured way instead of reviewing each case from scratch.

CISO or security leads who want to offer their organisation a first-line tool before each case escalates to the central team.

---

Frequently asked questions

Is it really free?

Yes. Unlimited analysis at no cost. If you want advanced features (history, API integration, personalised reports), there is a managed version available to discuss with us, but the free tool is complete and sufficient for one-off use or small teams.

Does it work with emails in any language?

Yes. Technical analysis is language-agnostic. Linguistic pattern analysis covers major European languages.

Can it get it wrong?

Like any automated tool, there may be false positives (a legitimate email flagged yellow) and false negatives (a very well-done fraud that passes the filter). That is why we deliver the indicators justifying the verdict: you decide with informed judgement. When in doubt, verify via alternative channel.

How do I find the headers of my email to paste them?

In Gmail · "Show original" in the email menu. In Outlook · "View message source" or "Properties". In Apple Mail · "Show all headers". If you cannot access headers, paste at least the email body and visible links: the analysis will still be useful, if less precise.

Can you check legitimate emails for a second opinion?

Yes. The tool does not differentiate between "suspicious" and "to confirm". If you have doubt, run the analysis. It is the closest to a free technical second opinion available.

---

Want something more complete?

If your organisation handles high volume of suspicious emails, consider the options of managed monitoring or integration with your incident inbox: automated analysis, alerts to security team, historical panel of campaigns targeting your organisation.

Let us talk · [[email protected]](mailto:[email protected])

[Button: Analyse an email now] · [Button: Try NIS2 Assessment too](/en/tools/nis2-assessment)