A browser-local forensic tool that bridges raw email headers and real-world reputation.
Zero uploads. Zero logs. Total clarity. Your data stays local — names and emails are redacted before analysis.
🔒Your data stays local. Sensitive info (names, emails) is redacted in your browser before analysis. Only the sender's IP is checked for threats.
How do I find my headers?
Gmail: Open email → Click ⋮ → "Show original" → "Copy to clipboard"
Outlook: File → Properties → "Internet headers"
Apple Mail: View → Message → All Headers
Outlook Web: Open email → Click ⋯ → "View message source"
Who is this for? Founders handling "banking" emails, HR/Finance teams targeted by wire transfer scams, junior security analysts doing ticket triage, and the privacy-conscious.
Why now? AI-generated phishing makes "vibes" unreliable. You cannot trust the words — you must trust the infrastructure.
🔐
Identity
Did they sign it?
This validates the Handshake. It confirms that the domain sending the email (e.g., paypal.com) is actually the one authorized to do so. Without a cryptographic signature (SPF/DKIM), the name on the envelope means nothing.
📍
Origin
Where did it start?
This validates the Geography. It bypasses the forwarding services and proxies to find the literal machine that hit 'send.' It answers: Is this coming from an office in San Francisco or a data center in a high-risk region?
🏷️
Reputation
Have they been naughty?
This validates the History. This is the Bullshit Filter. An email can have a perfect Identity and a clear Origin, but if that Origin has a history of spam reports, it is a threat.