An EML file is a standard email message format (RFC 822) used by most email clients. It contains the full email including headers, body (text and HTML), attachments, and metadata. EML files are commonly exported from Outlook, Thunderbird, Gmail, and other clients for archival or forensic analysis.

What does the EML Parser extract?

The parser extracts: full email headers (From, To, Subject, Date, Message-ID, X-headers), sender authentication results (SPF, DKIM, DMARC), all URLs found in the email body, file attachments with hashes, IP addresses from Received headers, and potential indicators of compromise (IOCs).

Is the EML Parser free?

Yes, the EML Parser is completely free. You just need a free mlab.sh account to use it. Creating an account takes less than 30 seconds and gives you access to the parser plus other platform features like scan history, bookmarks, and higher daily quotas.

Is my email data safe?

Yes. Uploaded EML files are processed securely and are not shared with third parties. The analysis is performed on mlab's infrastructure and results are only visible to you in your account.

Free Tool · Account Required

Email Parser

Upload suspicious .eml files and get a full breakdown — headers, attachments,
URLs, sender authentication, and IOCs. Built for phishing analysis.

Create a free account to use the EML Parser

It takes less than 30 seconds. No credit card, no trial period.
You also get scan history, bookmarks, and higher daily quotas.

Create free account Sign in

Already have an account? Sign in to access the parser directly.

What the EML Parser extracts

Everything you need to triage a suspicious email in one view.

Headers & Metadata

From, To, Subject, Date, Message-ID, Return-Path, X-headers, and the full Received chain to trace the email's path.

Sender Authentication

SPF, DKIM, and DMARC verification results. Instantly see if the sender is authenticated or if the email is spoofed.

URLs & IOCs

All URLs extracted from the email body, plus IP addresses and domains from headers. Each IOC can be searched on mlab for enrichment.

Attachments

File names, MIME types, sizes, and SHA-256 hashes of all attachments. Hashes can be looked up on mlab for known malware matches.

IP Trace

IP addresses extracted from the Received header chain, showing the full route the email took to reach you.

HTML Preview

Safe, sandboxed preview of the email body. View the HTML content without executing scripts or loading external resources.

Why do I need an account?

The EML Parser processes uploaded files on our infrastructure. An account lets us securely store your results, keep your analysis history, and ensure your data is private. It's completely free — no credit card, no trial, no catch.

Related tools

Frequently Asked Questions

An EML file is a standard email message format (RFC 822) used by most email clients including Outlook, Thunderbird, and Gmail. It contains the complete email: headers, body (text and HTML), attachments, and all metadata. Security analysts export suspicious emails as .eml files for forensic analysis.

Yes, completely free. You just need to create a free account (takes 30 seconds, no credit card). The free account also gives you access to scan history, bookmarks, domain scans, file uploads, and all the other client-side tools on mlab.sh.

Yes. Uploaded files are processed securely on mlab's infrastructure and are not shared with third parties. Your analysis results are only visible to you in your account. We take data privacy seriously.

In Gmail: open the email, click the three dots menu, select "Download message". In Outlook: drag the email to your desktop, or File > Save As > .eml. In Thunderbird: right-click the email, "Save As" > "File". The resulting .eml file can be uploaded directly to the parser.

Navigation