Cactus

Check if an email looks like phishing

Paste a suspicious email's subject and body (and the raw headers, optionally). Cactus scans the wording for common phishing patterns - urgency, threats, credential requests - and analyzes each link it finds. This checks the email's content, not whether your address has been breached.

Before you analyze
  • Every link Cactus finds in the body will be sent to Google Web Risk for a known-threat lookup, and Cactus may make a small HEAD request to each link to follow redirects, plus an RDAP query to look up its domain registration date. One email can trigger multiple external lookups.
  • Do not paste private message content if you can avoid it. Redact names, account numbers, ticket IDs, or any text you would not want stored in a log.
  • If you paste raw headers, the analysis happens entirely on the Cactus server — headers are not forwarded to any third party. They may still contain recipient addresses or Message-IDs, so redact those if they are sensitive.
Paste raw email headers (optional, but improves accuracy)

Raw headers let Cactus check SPF / DKIM / DMARC results and spot mismatches between the visible From address and the Reply-To or Return-Path. Most clients have a "Show original" or "View source" option that reveals them.

How to find your email's headers

Gmail (web)

  1. Open the email, then click the three-dot menu at the top right.
  2. Choose "Show original".
  3. Click "Copy to clipboard", then paste it into the box below.

Outlook (web)

  1. Open the email and click the three-dot menu at the top right.
  2. Choose "View", then "View message source".
  3. Select all, copy, then paste it into the box below.

Apple Mail (Mac)

  1. Open the email.
  2. In the menu bar choose View → Message → Raw Source.
  3. Copy the text and paste it into the box below.

Frequently asked questions

How can I tell if an email is a phishing scam?

Look for urgency, a mismatched sender address, generic greetings, and links that don't match the company. Paste the email here and we'll analyze the links, sender, and wording in plain language.

Is it safe to open a suspicious email?

Opening an email is usually safe; the danger is clicking links or opening attachments. Check those first - and never enter a password from an email link.

What should I do with a phishing email?

Don't click anything. Verify through the company's official site, report it to your provider or IT team, then delete it.

How our checks work