Everything Rubiscout does

An AI-powered chat interface appears after every analysis. Ask follow-up questions with full email context already baked in — no need to re-paste anything.

The bench surfaces 4 suggested questions tailored to the risk level — Critical analyses get immediate response guidance, Low risk gets verification questions.

Ask Claude to draft IT security alerts, HR notices, phishing reports, or emails to your bank's fraud team — it produces complete copy-paste text, not generic templates.

Ask as many follow-up questions as you need. Claude remembers the full conversation context so you can dig progressively deeper without repeating yourself.

Every analysis opens with a single sentence written for a non-technical reader — clearly stating whether the email is dangerous, suspicious, or safe, and what to do.

Claude reads all header fields together — routing hops, authentication results, display-name vs. address mismatches, Reply-To anomalies — and explains what it found.

A four-level risk rating (Low / Medium / High / Critical) with a detailed explanation of exactly which signals drove the score.

SPF, DKIM, and DMARC results extracted from the header and displayed with color-coded pass/fail/softfail badges.

The originating IP address, geolocation country flag, and a step-by-step trace of every mail server the message passed through.

From, Return-Path, and Reply-To extracted and compared — mismatches between these fields are a primary indicator of spoofing and BEC attacks.

The routing path is shown as a color-coded visual timeline — green for normal delays, yellow/orange for slow hops, red for delays over 30 minutes. Suspicious delays are automatically flagged as potential botnet or relay indicators.

Real-time DNS lookups at analysis time retrieve the sending domain's actual SPF and DMARC records — then compare them to what the headers claim. Discrepancies are flagged immediately.

The sending IP is checked against five major DNSBL blacklists — Spamhaus ZEN, SpamCop, Barracuda, SORBS, and SpamRATS — using pure DNS. No API key, no external service dependency.

3–5 specific steps tailored to this exact email's threat profile. Not "check your spam settings" — concrete actions like "forward to your bank's fraud team at reportphishing@..." or "do not click — report via your company's incident response portal."

Built-in step-by-step instructions for finding raw email headers in Gmail, Outlook (desktop), Outlook Web, Apple Mail, and Yahoo Mail — with a modal that opens without leaving the page.

Every analysis gets a permanent URL (/analysis/[id]) you can share with colleagues, IT teams, or security researchers. No account required.

For Critical and High risk emails, a professional printable report is generated — covering verdict, risk score, authentication results, sender details, routing path, and recommended actions. Print or save as PDF in one click.

A live count of all email headers analyzed by the Rubiscout community — a persistent global tally that grows with every submission.

Your last 10 analyses from the past 30 days are shown below the input so you can quickly revisit a previous result.

Switch between Small, Medium, and Large text sizes — your preference is saved in the browser so it persists across sessions.

A live character count with a 50,000-character limit and an early warning at 40,000 — very large headers are flagged before submission.