Inspect
Autonomous email autopsy · OffSeq Cybersecurity

Forward a suspicious email.
Get a forensic verdict.

Forward a suspicious email to Inspect. In about a minute, get a forensic report back: safe or not, and exactly why.

Forward it to inspect@offseq.email

No sign-up. The report comes straight back to your inbox.

  • ~60stypical report time
  • 6analysis layers / email
  • EU onlydata never leaves the EU
Prefer to upload?

Drop a .eml file

Exported a message as a file? Scan it right here — same forensic analysis, same EU residency, auto-deleted.

Drag & drop a .eml here, or

Max 25 MB · 3 scans per hour · analysed in the EU, then deleted

How it works

Four steps. No software to install.

  1. 1

    You forward it

    Send the questionable email to inspect@offseq.email from the inbox that received it.

  2. 2

    We take it apart

    Headers, sender identity, every link and every attachment — pulled apart and checked.

  3. 3

    We open the dangerous parts safely

    Links open in a throwaway browser and files in a sealed sandbox — isolated, then destroyed after the check.

  4. 4

    You get a verdict

    A plain-language report lands in your inbox with a 0–100 risk score and the evidence behind it.

What you get back

A report that shows its work.

Every claim is backed by evidence you can read, with suspicious links defanged and never clickable. English or Latvian.

Authentication, decoded

SPF, DKIM, DMARC and ARC results in plain words — did this mail really come from where it claims?

Impersonation & deception

Display-name spoofing, look-alike domains, and reply-to / return-path mismatches that try to fool you.

Links, unwrapped

Shorteners and redirect chains followed to the real destination, with a browser screenshot of the page — captured in isolation, up to 3 links per email.

Domain & infrastructure

Domain age, MX / DNS records and TLS posture of the sender and any destination — the boring details attackers get wrong.

Attachments, detonated

Static analysis in a sealed sandbox: real file type vs. claimed, macros, embedded URLs, malware and YARA matches.

A verdict you can act on

A deterministic 0–100 score, the top reasons, and a clear recommended action — not a vague “be careful”.

Security & EU data residency

The dangerous email never reaches you.

Your data never leaves the EU

The email, screenshots and report are stored only in EU-jurisdiction Cloudflare R2 and D1 (region EEUR). No transfer outside the EU.

Detonation in isolation

Links open in a throwaway Cloudflare Browser Run and files in a one-shot Sandbox, both destroyed after each check. Nothing dangerous ever runs on your device.

The verdict is explainable

The risk score is computed deterministically from concrete signals. AI only writes the plain-language summary — it never decides whether something is malicious.

Everything auto-deletes

We keep the minimum, for the shortest time. There are no accounts and nothing to delete.

WhatKept for
Original email & attachments72 hours
Browser screenshots7 days
The forensic report30 days
Part of the OffSeq Cybersecurity ecosystem

Inspect is one piece. Here is the rest.

Inspect judges one email at a time. The wider OffSeq Cybersecurity ecosystem watches your whole attack surface, continuously.

Web security Continuously monitor your domain’s SPF, DKIM, DMARC and web exposure — the same sender authentication Inspect checks on every message, watched around the clock. Open Guard Dark web Know the moment your credentials surface in a leak or on the dark web — the accounts phishing emails like these are trying to reach. Open Breach Threat intel Vulnerability intelligence ranked by what actually hits your stack, so you patch what matters first. Open Threat Radar

Full security services All OffSeq tools offseq.com

Live telemetry · last 90 days

What Inspect is seeing.

Live figures from real inspections, updated continuously.

9emails inspected
44%flagged risky
~78savg time to verdict
18links opened in isolation
2attachments sandboxed

Verdict distribution

  • No strong threat indicators 22%
  • Low suspicion 33%
  • Suspicious 11%
  • High risk 33%
  • Likely malicious 0%

Top attack vectors seen

  1. From domain not aligned with envelope sender5
  2. Email contains invisible / hidden text5
  3. Email contains remote tracking pixels5
  4. Shared / secured-document lure5
  5. Urgent / time-pressure language5
  6. Sender domain's DMARC policy is monitoring-only (p=none)4
Fair use

3 inspections per hour, per address

Enough for anyone checking the occasional suspicious message. Need higher volume, integrations, or team access? Get in touch — OffSeq’s security services go far beyond a single inbox.

Talk to us → support@offseq.com

Not sure about an email?

Don’t click it. Forward it.

Forward to inspect@offseq.email