Home » Tutorial » Step 5

Checking an email in 5 steps

Summary of the results

For a definite rating of an email, in case Delphish didn't already identify it as Phishing, it is always necessary to consider all the results at large. A single alarm signal can be coincidence. The decision about whether an email is Phishing or whether it's rated as harmless, is actually made by you, on the basis of the information Delphish gave you.

Here is a summary of the most important alarm signals:

  • The domain is hosted in a country, that doesn't seem to fit to the alleged link destination or the actual content of the email.
  • The specified link text in the email doesn't match the actual domain.
  • The domain owner is not the person that you expect.
  • The domain has no or a very low popularity, i. e. almost no other sites link to this domain.

If you have no reason to doubt the authenticity of the email after the analysis, you should still always be cautious in the internet and look out for all alarm signals. Banks e.g. never request you to submit your credentials through email, just like an online auction house would never do that.

Status report: Country, that is hosting the domain

1. signal: Country, where the domain is hosted

Status report: Destination, that the link points to

2. signal: wrong link specified

Status report: Owner of the domain

3. signal: unexpected domain owner

Status report: Age and popularity of the domain

4. signal: The domain popularity is low or very low