dmarcula
Log in Sign up

Why the .eml analyzer runs in your browser.

Our .eml analyzer reads and inspects your message entirely on your own device. The file is never uploaded to us, or to anyone. Here's why we built it that way, and how you can prove it to yourself in about ten seconds.

Two reasons, one design

Privacy. A raw email is one of the most sensitive files you own: it has addresses, subject lines, full message content, and routing metadata. There's no good reason for any of that to leave your machine just to check who really sent it.

Safety. The messages you most want to inspect are the suspicious ones, the possible phish, the unexpected attachment. If we accepted uploads, those hostile files would land on our servers. Because the analyzer runs in your browser, a dangerous message is parsed as inert text on your device and never touches our systems at all. There is no upload endpoint to attack.

How it works

When you drop a file, the browser's built-in FileReader hands its text to a small script that runs on the page. That script splits the headers, reads the Authentication-Results, DKIM-Signature and address headers, works out SPF/DKIM/DMARC alignment, and draws the result. No part of that round-trips to a server.

Prove it yourself

  • Watch the network. Open your browser's developer tools (F12), select the Network tab, then drop in a file. Zero requests fire, because nothing is sent.
  • Pull the plug. Turn off Wi-Fi or go offline, then use the tool. It works exactly the same, which it couldn't if it relied on us.
  • Read the source. The page loads a single static script. View source and you'll find a file reader and a parser, and no upload.

What it does, and doesn't, do

The analyzer reports the authentication results recorded in the message by the receiving mail server, which is the verdict that actually counted. It does not re-run DKIM's cryptography, because that would need a DNS lookup for the public key, and a lookup is a network request. Keeping the promise of "nothing leaves your browser" is worth more than re-deriving a result the message already carries.

Alignment is matched on the organizational domain (for example, mail.example.com aligns with example.com). For the full picture across every message hitting your domain, that's what the dashboard and your DMARC aggregate reports are for.