Message Loupe

About Message Loupe

Message Loupe is a free second-opinion tool for email. Drop a saved email — or paste its raw headers — and within a couple of seconds you get a plain-English verdict: safe, caution, or likely fake, with a short explanation of how we got there.

Why this exists

Most phishing-detection tools are aimed at security teams and cost five or six figures a year. The rest of us — freelancers, small businesses, people who handle their parents' bills, anyone who's ever stared at an email and wondered "is this really my bank?" — get a spam folder and a hunch. Message Loupe is what happens when an analyst's triage engine is rebuilt for everyone else, with the jargon stripped out.

What Message Loupe answers (and what it doesn't)

Message Loupe answers one specific question: is the sender who they claim to be?It does not try to decide whether an email is wanted or relevant. Real cold outreach, real marketing, real newsletters — those can all be "authentic but unwelcome," and we'll correctly say they look legitimate, because they are. Whether you want them is your call. Spam filtering is a different problem, handled (imperfectly) by your email provider.

What we're honest about

The verdict is advisory, not a guarantee. We can read the technical evidence in an email's headers — who really sent it, what server relayed it, whether the sender's domain authorizes that server. That's enough to catch the overwhelming majority of impersonation scams: fake banks, fake delivery services, lookalike domains, hijacked login pages.

What we can'tcatch is when an attacker has already compromised a real account at a real vendor and is sending a real-looking request from that real address. Every technical signal passes — because from the email's perspective, nothing is wrong. That's why any time we see money or credentials in the message, we cap our verdict at "Caution — verify by phone." Use a phone number you already trust, not one from the email.

How it's built

The analysis runs entirely in your browser. There's no server, no upload, no logging — your email never leaves your device. The engine powering the verdict is an open-source port of an internal triage tool originally built for phishing analysts; you can read more in our methodology page. The full source is on GitHub.

Get in touch

Found a bug, have a question, or want to tell us about a phishing pattern we're missing? Email hello@messageloupe.com.