How to Check If an Email Is Legitimate (Real vs Fake Guide)

The Anatomy of a Legitimate Email

Legitimate emails from real organizations share common characteristics:

**Authentic sender domain**: A real bank email comes from @bankname.com, not @bankname-security.net or @bankname.support.com.

**Personalization**: Real companies use your name, account number, or other specific data in their emails.

**SPF/DKIM authentication**: Legitimate emails pass email authentication checks. You can verify this in email headers.

**Consistent branding**: Official emails match the company's website branding exactly.

**No urgent requests for credentials**: Real companies never ask for passwords, social security numbers, or payment info via email.

**Verifiable links**: Links go to the actual company domain, not a redirect or lookalike URL.

When any of these elements are off, the email warrants deeper scrutiny.

How to Check Email Headers for Authenticity

Email headers contain metadata about how the email traveled from sender to your inbox. Here's how to check them:

**In Gmail**: Open the email → More (three dots) → Show original. You'll see the full headers.

**In Outlook**: File → Properties → Internet Headers.

What to look for in headers:

**SPF (Sender Policy Framework)**: Should show 'pass'. If it shows 'fail' or 'softfail', the email may be spoofed.

**DKIM (DomainKeys Identified Mail)**: Should show 'pass'. DKIM cryptographically confirms the email wasn't tampered with.

**DMARC**: A policy that tells receiving servers what to do with SPF/DKIM failures. 'pass' means the email is authenticated.

If an email claims to be from Amazon but shows SPF fail and DKIM fail, it's almost certainly fraudulent.

Verifying the Sender's Email Address

The email **display name** can be set to anything — it doesn't have to match the actual sending address. Scammers exploit this constantly.

Always check the **actual email address**, not just the name:

- **Gmail**: Hover over the sender's name to see the address, or click the arrow to expand it - **Outlook**: Click the sender's name to see the full address in the popup - **Mobile**: Tap the sender's name to expand it

For business emails, search the sender's email address and company on Signal Plug or LinkedIn to confirm they're a real person at a real company. This is especially important for financial requests, wire transfers, or any email asking you to take action.

Domain and Website Verification

After identifying the sender's domain, verify it independently:

1. **Don't click links in the email** — type the company's website directly into your browser 2. **Check WHOIS** (whois.domaintools.com) — when was the domain registered? Scam domains are often brand new (days or weeks old) 3. **Google the domain** — legitimate businesses appear in Google search results; scam domains often have no presence 4. **Check for SSL certificate** — real business websites have a padlock icon in the browser; scam sites may have expired or missing certificates 5. **Call the company directly** — use the phone number from their official website, not from the suspicious email

A domain registered 2 days ago claiming to be from your bank is an immediate red flag.

Using Free Tools to Verify Email Legitimacy

Several free tools help you verify whether an email or link is legitimate:

**Signal Plug**: Search the sender's email address to see if it belongs to a real professional at a real company. Useful for business emails that might be legitimate outreach.

**Google Safe Browsing Transparency Report**: Check any URL from an email for malware or phishing classification.

**VirusTotal**: Scan email attachments and links against 70+ antivirus engines.

**MXToolbox**: Verify the sending domain's SPF, DKIM, and DMARC records to confirm email authentication.

**Whois lookup**: Check when a domain was registered — very new domains are a scam signal.

For business emails that seem potentially legitimate (like a vendor or prospect), Signal Plug is particularly helpful because it can confirm whether the sender is a real professional and what company they actually work for.