Three Steps. A Few Seconds.
That's all it takes to know if an email is trying to fool you.
Forward the Email
Got something that feels off? Forward it to check@mailpi.app from any email client, on any device. Your first scan is free — no account needed.
Dual AI Analysis
Two independent AI systems analyze the email simultaneously — headers, links, sender domain age, writing patterns, and intent. One keeps the other honest.
Get Your Report
A risk score from 0–100, a plain-English explanation of red flags, and clear guidance on what to do. No jargon. Just the truth about that email.
Here's What You Actually Get
This is a real example report — generated from a fake phishing email. Your reports look exactly like this.
We have detected unusual activity on your account and have temporarily limited access. To restore full access, you must verify your identity within 24 hours or your account will be permanently suspended.
→ Click here to verify your account immediately
PayPal Security Team
What You Should Do
Do not click any links, call any numbers, or provide any information. This email shows multiple risk indicators and should be treated as suspicious. If it appears to be from a company you know, go to their official website directly by typing the address yourself — not using anything from this email.
| 0–19 — Low Risk | No significant indicators. Verify via known channels if unexpected. |
| 20–49 — Moderate Risk | Verify the sender independently. Don't use links from this email. |
| ◀ 50–79 — High Risk | Treat as suspicious. Do not interact. Contact sender via a method you already have. |
| 80–100 — Critical Risk | Highly likely malicious. Delete immediately. Change passwords if you engaged. |
Original Email Details
Analyzed for: sarah@acmeplumbing.com
Sender: security-alert@paypa1-accounts.net
Subject: ⚠️ Urgent: Your PayPal account has been limited
Date: Mon, 23 Feb 2026 14:32:11 -0600
AI Investigator 1 — 82/100
Summary: High-confidence phishing attempt impersonating PayPal. Domain substitution detected.
The sender domain paypa1-accounts.net is a classic lookalike — the letter "l" replaced with the number "1". This domain was registered 11 days ago. Combined with artificial urgency ("24 hours or permanently suspended"), an embedded redirect link, and no personalization, this matches known PayPal phishing templates with high confidence. Do not click the link or provide any credentials.
AI Investigator 2 — 74/100
Summary: Phishing indicators present. Spoofed brand identity and pressure tactics detected.
Multiple phishing signals: (1) sender domain does not match paypal.com, (2) urgency framing designed to bypass rational evaluation, (3) generic salutation "Dear PayPal Customer" rather than your name, (4) embedded link likely redirects to credential harvesting page. PayPal will never ask you to verify your account via an unsolicited email link. This email should be deleted.
Link & Domain Summary
1 link detected. Destination domain: paypa1-accounts.net — registered 11 days ago, no prior web presence, flagged as lookalike domain. Do not visit.
Attachment Status
None
Ready to check a real email? Your first scan is free.
Get Started Free →Why Two AI Systems?
Good detectives always get a second opinion.
The Problem with One AI
Every AI model can occasionally fixate on something harmless or miss a subtle red flag. It's a real limitation of any single system working alone.
How Mail P.I. Solves It
Mail P.I. runs every email through two independent AI models. Their findings are cross-referenced before your report is generated. If one goes off track, the other corrects it.
What Gets Analyzed
Mail P.I. looks at everything — not just whether a domain is on a blocklist.
Sender Domain Age
A domain registered last month sending a "business proposal" today? That's a major warning sign — and Mail P.I. catches it.
Email Headers
The technical routing information hidden inside every email reveals whether the sender is who they claim to be.
Links & Redirects
Embedded URLs are checked for suspicious redirects, lookalike domains, and known malicious destinations.
Attachments
Attachment types and names are assessed for indicators of malware delivery or credential harvesting attempts.
Writing Patterns & Intent
Urgency, pressure tactics, unusual requests, and emotional manipulation — the psychological tricks scammers rely on.
Sender Behavior
Free email services, hacked accounts, and impersonation tactics are all evaluated as part of the overall risk picture.
What Mail P.I. Is — and Isn't
We'd rather be upfront about this than have you find out the hard way.
Mail P.I. is good at:
- ✓ Catching phishing emails that look legitimate
- ✓ Spotting lookalike domains and spoofed senders
- ✓ Identifying pressure tactics and social engineering
- ✓ Giving you a fast, plain-English second opinion
- ✓ Being available 24/7 with no IT ticket required
Mail P.I. is not:
- ✗ A replacement for your existing spam filter
- ✗ Capable of executing or sandboxing attachments
- ✗ Guaranteed to catch every sophisticated attack
- ✗ A substitute for employee security training
- ✗ An enterprise SIEM or SOC replacement
AI analysis is powerful, but no system is perfect. If you're ever unsure, trust your instincts — don't click, call the sender directly using a number you already have, and don't provide credentials to any unsolicited request.
Your Email Is Analyzed — Not Stored
When you forward an email to Mail P.I., it's analyzed and gone. We never store your email content — not temporarily, not in logs, not anywhere. Only anonymized, hashed metadata is retained to manage usage limits.
You're getting a second opinion, not handing over your inbox.
Read the Full Privacy Policy →Ready to Check an Email?
Forward any suspicious email to check@mailpi.app and get your first report free — no signup, no app, no hassle.