CHECKLINK AI
Email phishing workflow

Email Phishing Checker

Extract suspicious email links locally and inspect header signals such as From, Reply-To, SPF, DKIM, and DMARC.

What it checks

Hidden href links
Displayed vs actual destinations
Short links
From and Reply-To context
Return-Path
SPF/DKIM/DMARC when present
Message-ID domain
Links found in headers

Limitations

CheckLink provides risk signals and review context, not a guarantee. Verify sensitive links through official channels before acting.

Email links need context

A suspicious email can hide risky URLs behind normal-looking text. Headers, sender fields, and reply paths can add context, but they are still signals rather than proof.

Displayed text can differ from the real href
Short links may hide the final domain
Reply-To and Return-Path can differ from From

How to use this tool

1. Paste email text into Email Link Inspector.
2. Scan only the URLs you choose.
3. Paste headers into Email Header Inspector if you have them.
4. Request manual review for invoices, login links, or high-impact requests.

What results mean

Email text and headers can be complex.
Authentication failures are caution signals, not proof.
Sender mismatches deserve review.
Only selected URLs are sent to the scanner.

Related tools

Next step: use the related tool that matches your situation, or request manual review when the link affects money, credentials, accounts, work, or customers.

FAQ

Does CheckLink upload pasted email text?

No. The Email Link Inspector processes pasted text locally and sends only selected URLs to the scanner.

Do failed SPF/DKIM/DMARC results prove phishing?

No. They are caution signals that need context.