How to Use

1. Export the email — In your email client (Gmail, Outlook, Thunderbird), save or export the email as a .eml file. In Gmail, click the three dots → “Download message”.
2. Upload or paste — Drag the .eml file into the upload zone above, or click to browse. Alternatively, open the file in a text editor, copy the raw content, and paste it.
3. Analyze — Click “Analyze Email” and wait for the results. The analysis inspects headers, authentication records, embedded URLs, IP addresses, and attachments.
4. Review results — Check the authentication status (SPF, DKIM, DMARC), inspect any IOCs, and review attachment details for potential threats.

What is EML Analysis?

EML (Electronic Mail) analysis is the process of examining the full source of an email message to identify security threats, verify sender authenticity, and extract indicators of compromise (IOCs). Unlike viewing an email in a mail client, EML analysis inspects the complete message including:

1. Email Headers — The routing path, server hops, and timestamps that reveal the true origin of the message.
2. Authentication Results — SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication) checks that verify the sender is legitimate.
3. Indicators of Compromise — Suspicious IP addresses, URLs, domains, and email addresses embedded in the message that may link to phishing, malware, or command-and-control infrastructure.
4. Attachments — File names, types, sizes, and cryptographic hashes (MD5, SHA-256) of attached files that can be cross-referenced with threat intelligence databases.
5. SpamAssassin Scoring — A score indicating the likelihood that the email is spam, based on hundreds of pattern-matching rules.

EML analysis is essential for incident response, phishing investigations, and email security auditing. Security professionals use it to determine whether an email is malicious before taking action.