CheckThis

Know before you click.

Most phishing emails look real. The sender's name checks out. The logo is right. The urgency feels legitimate. But the evidence is always there — in the headers, the DNS records, the routing path. CheckThis finds it.

macOS 13 Ventura or later · Apple Mail · One-time purchase

Coming Soon to the Mac App Store

Not yet available — join the waitlist for 10% off at launch.

🛡️

Your inbox, already checked.

CheckThis installs a silent extension inside Apple Mail. Every message that arrives is automatically screened against dozens of phishing signals — header mismatches, lookalike domains, suspicious routing, brand impersonation, and more.

Safe emails get a green row. Suspicious ones get orange. High-risk ones get red. You see the verdict before you even open the email.

The extension runs entirely locally — no network calls, no servers, nothing sent anywhere. Just your Mac, making a judgement call on every message that arrives.

🔍

Your second opinion, in seconds.

Got an email that doesn't feel right? Select it in Apple Mail, switch to CheckThis, and click "Get Selected from Mail." In two to five seconds, you have a verdict.

Safe Headers, DNS, and routing all check out

Likely OK Minor differences — probably fine (common for newsletters)

Suspicious Real concerns — verify before you act

High Risk Strong phishing indicators — do not engage

Every verdict includes a plain-English explanation of what triggered it and specific guidance on what to do next.

📡

35+ signals. Every email.

CheckThis isn't a spam filter. It's a forensic tool that knows what phishing looks like at a technical level — running four layers of analysis on every email.

Header & Identity

Reply-To routes to a different organization than the sender
Display name impersonates Apple, PayPal, a bank
Lookalike domain (paypa1.com, amaz0n.com)
Punycode / Unicode homograph attack
Misleading link text (shows paypal.com, goes elsewhere)

DNS & Domain

Domain registered in the last 30 days
MX-only domain — exists only to send email
Missing SPF, DKIM, or DMARC records
Domain on known abuse blocklists

Content & Language

Financial fraud language (wire transfer, inheritance, lottery)
Urgency phrases in subject ("Act now", "Final notice")
Credential harvesting ("Enter your password")
Callback phishing (phone number + "call immediately")

Routing & Geo

Email routed through 3+ countries
Hop-by-hop routing map with country flags and ISP
IP address links in body
URL shorteners hiding the real destination

🧠

AI that reads between the lines.

On supported hardware, CheckThis adds an AI layer that catches what rules alone can miss: social engineering framing, narrative inconsistency, and pressure tactics that feel wrong even when every technical signal checks out.

Apple Intelligence — on-device, completely private. Requires Apple Silicon + macOS 26 + Apple Intelligence enabled.
OpenRouter — optional fallback for users without Apple Intelligence. You supply your own API key. Email content is sent to OpenRouter under their privacy policy.
Neither — CheckThis works fully without AI. The rule engine and DNS analysis stand alone.

🔒

Private by design.

Email content never leaves your Mac — unless you explicitly enable OpenRouter. In all other cases, CheckThis sends only domain names and IP addresses to DNS and WHOIS services to look up sender reputation. Nothing else crosses the network.

No account. No cloud. No subscription. Your emails are yours.

Simple, honest pricing.

Free Trial

10 days

Full forensic analysis
Mail extension with inbox color-coding
DNS, WHOIS, and routing analysis
AI layer (if supported)
Analysis history

CheckThis Pro

$29.99

one-time purchase · no subscription

Everything in the trial
Unlimited email analysis
Safe Senders and Block List
Full analysis history
One purchase · yours forever

Frequently asked questions

Does CheckThis work with Outlook, Spark, Gmail, or other email clients?

Yes — the forensic engine works with any email client. The Mail extension (automatic inbox color-coding and one-click analysis) is exclusive to Apple Mail. With any other client, you can still get a full verdict by copying the raw source or headers from the email and pasting them directly into CheckThis. You get the same analysis; you just bring the email to the app rather than the app reaching into your inbox automatically.

How do I get raw email headers from my email client?

Every major client exposes them differently. In Apple Mail: View → Message → All Headers (or ⌥⌘H). In Gmail: the three-dot menu → Show original. In Outlook: File → Properties → Internet headers. In Spark: tap the three-dot menu → View source. Copy the full text and paste it into CheckThis — it will extract everything it needs.

What's the difference between the Mail extension and the standalone app?

The extension lives inside Apple Mail and works silently — every arriving message is automatically screened and color-coded before you open it. The standalone app does the same forensic analysis on demand: select an email in Mail and click 'Get Selected from Mail', or paste raw headers from any client. Both use the same detection engine and give the same verdict.

Does CheckThis require an internet connection?

Partially. Header analysis and content rules run entirely on-device with no network access. DNS and WHOIS lookups — which verify sender domains and check IP reputation against blocklists — do require an internet connection. The AI layer requires internet if you use OpenRouter; Apple Intelligence runs fully on-device.

Will CheckThis flag legitimate newsletters and marketing emails?

It may rate some newsletters as 'Likely OK' rather than 'Safe'. Large email service providers like Mailchimp or Sendgrid send on behalf of another domain, which can trigger a header mismatch signal. CheckThis always explains exactly what it found, so you can see whether it's a structural quirk of newsletter delivery or a genuine concern. You can add trusted senders to your Safe Senders list to skip future analysis.

Does the AI layer send my emails anywhere?

Only if you choose OpenRouter. Apple Intelligence runs completely on-device — email content never leaves your Mac. If you enable OpenRouter, content is sent to OpenRouter under their privacy policy, and CheckThis will warn you clearly before you enable it. The rule engine and DNS analysis are fully capable on their own — AI is an optional extra layer, not a requirement.

Can CheckThis tell me if a link is actually malicious?

CheckThis analyzes link characteristics — URL shorteners, IP address links, domain mismatches, lookalike domains, and redirect chains — but it does not visit or render linked pages. Fetching the page would expose you to the threat before you know it exists. Instead, CheckThis flags the structural patterns that are strongly predictive of phishing, and tells you plainly when a link should not be clicked.

Is there a subscription?

No. CheckThis is a one-time purchase of $29.99, yours to keep including all future updates to the current major version. A 10-day free trial gives you complete access to every feature before you decide.

Early Access

Get 10% off at launch

Join the waitlist and we'll send you a discount code when the app is available. No spam, unsubscribe anytime.

One email when the app launches. That's it.

By joining you agree to our Terms of Use. Read the CheckThis Privacy Policy.