SphereMail SphereMail by SecureSphereLabs
Open Analyzer
Powered by SphereAI™  ·  Investigation Platform

AI-Assisted Email Threat Investigation.

SphereMail is SecureSphereLabs' integrated threat investigation platform. Upload an EML file or forward any suspicious email directly — SphereAI™ delivers authentication verdicts, attachment forensics, URL risk scoring, and a complete SOC-ready narrative in seconds.

Open Investigation Platform Forward-to-Scan
Zero data retentionUploaded email content is never stored.
Real threat intelVirusTotal + AbuseIPDB — live verdicts, not mocks.
Forward-to-ScanForward any suspicious email — no EML download needed.
SphereAI™ NarrativeAI explains attacker intent and SOC response actions.
Live analysis preview
87
High Risk
DMARCFAIL
AttachmentXLSM
URL Risk74%
AI Intent91%
SPF
Fail
Authentication
Hashes
2
SHA256 / MD5
Intel
4
Observables
message/rfc822 └── multipart/mixed ├── text/plain ├── text/html └── invoice_2026.xlsm [macro]
SphereAI Signals
Phishing intentHigh
Brand spoofingLikely
SOC summaryReady
Built for SOC Analysts DFIR Investigators Phishing Triage Threat Hunters MSSPs Security Teams
Forward-to-Scan

No downloads. Just forward.

Not a threat analyst? No problem. Forward any suspicious email directly to SphereMail — SphereAI™ investigates it and emails you a full threat report within seconds.

01
Forward the email
In Gmail, Outlook, or any mail client — forward the suspicious email to your personal scan address.
02
SphereAI™ investigates
Authentication checks, URL reputation, attachment forensics, and AI intent analysis — automatically.
03
Receive your threat report
Full verdict with risk score, IOCs, and recommended actions — delivered to your inbox in under 30 seconds.
Your scan address
****@****.*** Sign in to reveal

Free plan includes 2 scans/day · Analyst Pro unlocks 500/month + history dashboard

Capabilities

Security signals that analysts can act on.

Every signal extracted from a suspicious email is a data point an analyst can act on. SphereMail surfaces the full picture — authentication chain, attachments, URLs, sender infrastructure, and AI intent — in a single workspace.

Authentication Chain
SPF, DKIM, DMARC, ARC, and Received-SPF verdicts extracted from real header fields.
SPFDKIMDMARC
Attachment Forensics
Macro-enabled attachments, hashes, MIME mismatch, magic bytes, and entropy scoring.
SHA256MD5XLSM
URL & Domain Risk
Homoglyph detection, punycode, suspicious TLDs, entropy, and phishing keyword scoring.
PunycodeEntropyBrand spoof
SphereAI Narrative
Phishing intent, social engineering analysis, IOC correlation, and SOC-ready summaries.
NarrativeBECSOC
Workflow

From raw EML to investigation package.

A compact analyst flow designed for repeated phishing triage, not a decorative marketing funnel.

1
Parse
Read headers, body, MIME parts, URLs, and attachment metadata.
2
Score
Correlate authentication, spoofing, content, URL, and attachment risk.
3
Enrich
Query configured reputation providers for IPs and domains.
4
Explain
Generate SphereAI narrative, social engineering, and analyst notes.
5
Hunt
Export SOC report and KQL queries for follow-up investigation.
Pricing

Start free. Upgrade when you need more.

Individual analysts to enterprise security teams — SphereMail scales with your investigation volume.

Community
Free
For individuals and occasional investigations.
  • EML/MSG file upload
  • 2 scans per day
  • Authentication + URL analysis
  • SphereAI™ basic narrative
  • Scan history dashboard
  • SOC report export
Get started free
Most Popular
Analyst Pro
₹850 /month
For security analysts doing daily phishing triage.
  • Everything in Community
  • 500 scans per month
  • Full scan history dashboard
  • SOC report + KQL export
  • Full SphereAI™ narrative
  • Priority analysis queue

Billed monthly · Cancel anytime

Enterprise
Custom
For MSSPs, SOC teams, and security organisations.
  • Everything in Analyst Pro
  • Unlimited scans
  • Team accounts + roles
  • API access + SIEM integration
  • On-premise deployment option
  • Dedicated support SLA
Contact us
Zero data retention — by design

SphereMail never stores the emails you upload or forward. Raw message content is processed in-memory and discarded immediately after analysis. Only extracted observables (IPs, domains, hashes) are sent to VirusTotal and AbuseIPDB for enrichment — never the email body.

Start Investigation
Built by SecureSphereLabs

SphereMail is a product of SecureSphereLabs — a cybersecurity engineering team building practitioner-grade security tooling. Developed by Godson Chittilapilly, SOC specialist and founder, SphereMail is driven by real-world phishing triage needs: fast signal extraction, unambiguous risk scoring, and investigation artifacts that analysts can actually act on.

SOC Operations DFIR Threat Hunting Security Automation SphereAI™
SecureSphereLabs Portfolio