Outlook

PhishLens

"Is this email legit?" — answered in one glance. PhishLens inspects any message for the classic phishing tells and shows you a traffic-light report, without sending a byte anywhere.

€29 one-time · free tier, free forever · 30-day money-back

Buy PhishLens Pro — €29 Try free — install in 2 minutes
The problem

It says "Microsoft Support". It isn't.

The signs are usually right there: the display name says one thing, the actual address says another; the link text shows your bank's domain but points somewhere else; the authentication checks your mail server already ran say "fail" — buried in headers nobody reads. Spotting all that by hand takes know-how and minutes you don't have.

PhishLens reads the evidence for you. Open any suspicious message, open the pane, and get a plain-language report: sender mismatch, reply-to tricks, SPF/DKIM/DMARC verdicts, every link's real destination (including lookalike and punycode domains), risky attachment types. Plain heuristics, fully local — your mail is never uploaded to anyone, including us. It's an inspector, not an oracle: it shows you the evidence and flags what looks wrong, so the final call stays yours.

A suspicious email next to a PhishLens traffic-light report with red, amber and green findings The message M Microsoft Support <billing@m1crosoft-helpdesk.ru> Your account will be suspended. microsoft.com/verify real target: login-verify.xyz 📎 invoice.html PhishLens report Sender mismatch name says Microsoft, address doesn't Link goes elsewhere text: microsoft.com → href: login-verify.xyz DMARC: fail SPF fail · DKIM none (from headers) Risky attachment .html attachments often carry fake logins Reply-To matches From 4 red flags — treat as phishing
Display-name tricks, lookalike links, failed authentication — the evidence, decoded into plain language.

Free vs Pro

The full inspection is free. Pro adds memory — your own lists and sender history. One payment, no subscription.

FeatureFreePro €29
Display-name vs real-address mismatch check
Reply-To differs from From check
SPF / DKIM / DMARC verdicts from headers
Link audit: text vs real target, lookalikes, punycode
Risky attachment extension list
Personal allow / block domain lists
First-time-sender indicator
Export report

How it works

Install the free add-in

Two minutes, no account, no card. Add it via Outlook's Get add-ins dialog — see the install guide.

Inspect any message

Open a suspicious email, open the PhishLens pane, read the verdict. Free forever — not a trial.

Unlock Pro when you need it

Buy once on Gumroad, paste your license key into the pane. Allow/block lists and sender history unlock instantly.

Installing PhishLens

In Outlook: Get add-ins › My add-ins › Add a custom add-in, then add the PhishLens manifest from URL or file. A PhishLens button appears when you're reading a message.

Coming to AppSource: PhishLens is being submitted to Microsoft's add-in marketplace, after which it installs in one click from inside Outlook. Sideloading works today.

Full install guide

FAQ

Does it send my email to a scanning service?

No — and that's the core promise. Every check runs locally in your Outlook session: header parsing, link analysis, lookalike detection, all of it. No cloud reputation lookups, no third-party APIs, no analytics. See the privacy policy.

Will it catch every phishing email?

No tool can, and we won't pretend otherwise. PhishLens surfaces the classic technical tells — mismatches, failed authentication, deceptive links — which catch a large share of real-world phish. A well-crafted email with clean headers can still be a scam; PhishLens makes the evidence visible, it doesn't replace judgement.

Where do the SPF/DKIM/DMARC verdicts come from?

Your own mail server records the results of those checks in the message headers when the mail arrives. PhishLens parses those headers and translates them into plain language — it reads existing evidence rather than re-running the checks.

Refunds?

30-day money-back guarantee, no questions asked — reply to your Gumroad receipt or email [email protected].