Drop in a suspicious email and this tool inspects what senders can't fake — SPF, DKIM, and DMARC authentication — checks every link against threat-intelligence databases, then has an AI read the content for social-engineering patterns. Verdict in about ten seconds.
The email you submit is processed by AWS and analyzed by Anthropic's Claude. Don't submit messages containing passwords, financial details, or personal data you wouldn't share with a cloud service. Results are advisory — when real money or credentials are at stake, verify with the sender through a channel you already trust.
Deterministic checks establish the facts. Threat intelligence corroborates them. AI reads for intent. No single layer decides alone.
SPF, DKIM, and DMARC results, weighted the way mail servers actually trust them: DMARC is the senior signal, and a DKIM failure on legitimately forwarded mail won't trigger a false alarm.
Every URL is extracted — including ones hidden in HTML — and checked for shorteners, IP-literal hosts, anchor-text bait, homoglyph lookalikes of major brands, and known-malicious reputation in VirusTotal, urlscan.io, and PhishTank.
An AI model reads the message for the patterns humans fall for: manufactured urgency, authority impersonation, credential prompts, and payment redirection — grounded in the header facts, not overruled by them.
Serverless end to end: your email enters via SES or this page's upload, and one Lambda function runs the whole pipeline.
Email arrives via SES or the web upload. Rate limits and loop protection run before anything else touches it.
Headers, body, and every URL are extracted — from plain text and from HTML anchor tags where phishing kits hide targets.
SPF/DKIM/DMARC weighting, sender-alignment checks, lookalike-domain detection, and threat-intel lookups produce hard signals.
Claude Haiku reads content against the hard signals; uncertain verdicts escalate to Claude Sonnet for a second opinion.
A structured verdict — tier, confidence, indicators, recommendation — returns by email reply or right here as JSON.
SES → S3 → Lambda (Python 3.13) → header analysis + URL reputation + Claude Haiku 4.5 / Sonnet → verdict → reply / JSON → CloudWatch telemetry
Check it here, or forward the suspicious email as an attachment to check@fredsprivacy.com.
Analyze an email