Check an email claim or sender context.

A workflow for reading headers, sender alignment, links, and attachments safely.

Goal

Separate visible email evidence from assumptions about sender identity or intent.

Best for

Phishing triage, awareness training, and suspicious email review.

Inputs

Email headers, Sender domain, Links, Attachment names

Steps

Preserve the header

Keep raw headers and observation time.

Check: The original message is not altered.

Read SPF, DKIM, DMARC, and alignment.

Check: Authentication is interpreted with limits.

Separate domains, redirects, and attachments without entering data.

Check: No risky click or login is performed.

State visible indicators, uncertainty, and user-safe action.

Check: No malware or bypass instruction is included.

Output

Email triage note, header summary, link context, and recommended response.

Report line

Email header and link traces show suspicious context, but sender identity and intent require further confirmation.