About Rubiscout
Email security intelligence
for everyone — not just experts.
Rubiscout analyzes raw email headers with AI to tell you clearly whether an email is a phishing attack, spoofed, or safe — in plain English, in seconds, for free.
The problem with existing tools
Email header analyzers have existed for years. Tools like MXToolbox, Google's Admin Toolbox, and Mail Header Analyzer all parse headers and surface raw technical data. They are built for IT administrators who already know what SPF alignment failures and DMARC policy cascades mean.
The vast majority of phishing victims are not IT administrators. They receive a suspicious email, want to know if it's dangerous, and are confronted with a wall of green and red table cells they cannot interpret. They close the tab and either delete the email or — worse — trust it anyway.
What makes Rubiscout different
A verdict in plain English
Every analysis leads with a single sentence written for a non-technical reader. "This email is a phishing attack pretending to be PayPal — do not click any links." Not a table. Not a score. A sentence you can act on.
AI-powered forensics, not just parsing
Rubiscout uses Claude (Anthropic's frontier AI model) to reason across all header fields together — routing anomalies, authentication failures, Reply-To mismatches, and spoofed display names — the way a security analyst would, not a regex engine.
Live DNS validation
Most tools only show what the headers claim. Rubiscout performs live DNS lookups at analysis time to show you what the domain's SPF and DMARC records actually say — and flags any mismatch between the two.
IP blacklist check
The sending IP is checked in real time against five major DNSBL reputation databases (Spamhaus ZEN, SpamCop, Barracuda, SORBS, SpamRATS). No API key, no third-party dependency — pure DNS.
Actionable recommendations
Instead of stopping at 'DMARC: fail', Rubiscout gives you 3–5 specific steps tailored to this exact email's threat profile: what to do right now, who to report it to, and how to protect yourself.
Phishing incident reports
For Critical and High risk emails, Rubiscout generates a professional printable incident report — suitable for forwarding to IT, HR, or law enforcement — as a downloaded PDF or browser print in one click.
Shareable analysis links
Every analysis gets a permanent URL you can share with a colleague, an IT team, or a security researcher — no account required.
Investigative Bench
After every analysis, an AI-powered chat interface opens below the results. Ask follow-up questions, request a draft IT alert, dig into specific red flags, or ask Claude to explain a technical term — all with full context of the email baked in.
Hop timing visualization
The email's routing path is shown as a visual timeline with per-hop delay bars — color-coded green to red. Delays over 30 minutes between hops are automatically flagged as suspicious, a common sign of botnet relays or held-mail attacks.
Who it's for
Individuals
Received a suspicious email and want a straight answer before clicking anything.
IT & security teams
Need a fast triage tool that produces shareable, printable reports for incident response.
Finance & HR teams
Common BEC targets who need to spot wire-fraud and impersonation attacks without reading RFCs.
Security researchers
Want live DNS validation and full forensic detail alongside AI-generated reasoning.
Built on
Rubiscout is built with Next.js 16, Tailwind CSS 4, and TypeScript. Analysis is powered by Claude (claude-sonnet-4-6). DNS lookups run server-side in Node.js — no third-party APIs, no data sold, no account required. Analysis history is stored in Supabase and accessible via shareable link for 30 days.