Skip to main content
PhishEye

PhishEye Tools

Free phishing & email-security tools

Spot a phishing email, dissect a suspicious link, trace a message's real path, and check the DMARC / SPF / DKIM records that stop spoofing — all free, no signup, running right in your browser.

Awareness

Phishing Quiz

Realistic email, SMS, QR-code, voice and social scenarios. Guess phishing or legitimate, then see which red flags gave each one away.

Take the quizBreach & exposure

Data Breach Checker

Enter a company domain to see if it's appeared in known data breaches and dark-web leaks — which breaches, when, and exactly what data was exposed.

Check a domainURL & link analysis

Phishing URL Checker

Paste a suspicious link and see its phishing red flags — homoglyphs, lookalike domains, IP hosts, sneaky TLDs — scored and explained.

Check a URLEmail investigation

Email Header Analyzer

Paste raw headers to reveal the real sender path, hop delays, and SPF / DKIM / DMARC results — straight in your browser.

Analyze headers

Email authentication

DMARC Record Checker

Look up a domain's published DMARC record and grade the policy that decides whether spoofed mail gets rejected.

Check DMARC

SPF Record Checker

Look up and validate a domain's SPF record, including the 10-lookup limit and the all-qualifier that controls enforcement.

Check SPF

DKIM Record Checker

Enter a domain and selector to fetch and validate the DKIM public key that proves your mail wasn't tampered with.

Check DKIM

Record generators

DMARC Record Generator

Answer a few questions and copy a valid DMARC TXT record — policy, alignment, and reporting addresses included.

Generate DMARC

SPF Record Generator

List the services that send your mail and copy a correct SPF record, with the enforcement qualifier set for you.

Generate SPF

Why free phishing tools?

Most phishing defeats people, not technology. A lookalike domain, a spoofed sender, a link that reads support-icloud.com instead of icloud.com — the trick is almost always a small detail the eye skips under pressure. These tools exist to make those details obvious: paste a link and see its red flags, drop in raw email headers and watch the real delivery path appear, or take the quiz and learn the patterns attackers reuse.

They run entirely in your browser where possible — no signup, no data stored. The DMARC, SPF, and DKIM checkers perform live DNS lookups so you can confirm whether your own domain is configured to stop spoofing before an attacker tests it for you.

From spotting one phish to stopping the whole campaign

Checking a single URL or email is the manual version of what a brand-protection program does continuously. When the same actor registers fifty lookalike domains and sends them through bulk SMS, one-at-a-time checking doesn't scale. That's where phishing & scam protection and automated takedowns take over — detection, evidence, and enforcement across every channel at once.