Quick answer
Save the email from your email app and upload it using the Email File tab for the most thorough check — Summarly reads technical signals inside the email as well as the content. If you can't save it as a file, paste the text using the Paste Text tab instead. Either way, Summarly will explain what the email appears to say and flag any warning signs.
The most thorough way: uploading a saved email
When you paste an email, Summarly can only read what's visible — the text you copied. When you save the email and upload it, Summarly also reads the hidden technical information the email carries: who sent it, where replies would actually go, and whether the sending address passed the email system's own checks.
This extra layer — called the email pre-check — often surfaces warning signs that aren't visible in the email body at all. It runs automatically as soon as you upload the file, before the AI analysis starts.
Most email apps let you save an email in one or two steps. The thoroughness of the check depends on which app you use:
| Saved from | Check available |
|---|---|
| Gmail, Outlook on the Web, Apple Mail | Full check — technical pre-check runs alongside AI analysis |
| Outlook desktop (Windows app) | Limited check — technical pre-check may not be available; AI analysis still runs on the content |
If you save an email by dragging it from the Outlook desktop app to your desktop, the saved copy may not include the technical header information needed for a full pre-check. Summarly will flag this and still run the AI analysis on the content. Where possible, save or download the original email directly from your email provider — for example by logging in through your browser — for a more complete result.
How to save an email as a file
The steps depend on your email app. Follow the instructions for whichever one you use:
Gmail (in a web browser)
- Open the email you want to check.
- Click the three-dot menu (⋮) in the top-right corner of the email.
- Select Download message. The file saves to your Downloads folder.
- Go to summarly.co.uk/check, choose the Email File tab, and upload the file.
Outlook on the Web (outlook.com or a work account in a browser)
- Open the email you want to check.
- Click the three-dot menu (⋯) at the top of the email.
- Select Download. The file saves to your Downloads folder.
- Upload to Summarly's Email File tab.
Apple Mail
- Open the email and go to File → Save As.
- Choose Raw Message Source as the format and save.
- Upload to Summarly's Email File tab.
Outlook desktop app (Windows)
- Drag the email from your inbox to your desktop. It saves automatically.
- Upload to Summarly's Email File tab. You may receive a limited check — see the note above.
- For a more complete check, log in to your email provider in a web browser and download the original email from there instead.
What the pre-check results show
As soon as you upload a saved email, Summarly runs a set of technical checks before the AI analysis starts. These happen instantly and look for warning signs that are invisible in the email body itself.
Here's what Summarly looks for — in plain English:
- Does the sender's address match who they claim to be? Scammers often use a display name like "HMRC" or "Barclays" while the actual sending address is something completely unrelated.
- Where would replies actually go? The reply address is sometimes different from the sender — a common trick in phishing emails designed to capture your response.
- Did the email pass the sending domain's own verification checks? Email systems have a standard way of confirming whether a message passed checks for the domain it was sent from. If it didn't pass, that's a warning sign.
- Are there deceptive characters in the address? Some scams use letters from other alphabets that look identical to familiar ones — to make a fake domain look like a real one.
- Does the email claim to be from a known brand but use the wrong domain? Summarly checks a list of known organisations and flags if the sending domain doesn't match what you'd expect.
- Are there link-shortening services in the links? Services that shorten web addresses hide where a link actually leads.
These checks appear as coloured indicators above the AI analysis. Red findings are significant. Amber findings are worth noting, especially if there are several together.
What the verification checks mean
You may see references to technical checks — sometimes labelled SPF, DKIM, or DMARC — in the pre-check results. These are standards used by email systems to confirm whether a message passed the sending checks associated with the domain shown in its headers.
Think of it like a postmark. When the checks pass, it is a positive technical signal that the message was handled consistently with the domain it claims to come from. When they fail, it is a warning sign that something may not be as it appears.
| What you see | What it means |
|---|---|
| Verification passed | A positive technical signal — the email passed the sending checks for the domain shown in the headers. This does not mean the email is safe or genuine. |
| Verification failed | The email didn't pass the expected checks for that domain. A warning sign, though not always conclusive on its own. |
| Verification unavailable | The saved copy didn't include the information needed to run these checks — common with emails saved from the Outlook desktop app. The AI analysis still runs on the content. |
Why passing verification isn't proof of safety
This is the most important thing to understand about email checking.
Passing verification is a positive technical signal — it means the email passed the sending checks for the domain shown in the headers. But it does not mean the message is safe, honest, expected, or genuinely from the organisation you think it is.
A scammer can register a domain — something like natwest-security-alerts.com — set it up correctly, pass every technical check, and still send a completely fraudulent email. The checks confirm how the email was sent, not whether the content is honest or who is really behind it.
This is why Summarly shows a note alongside passing results when the email content still contains warning signs — the technical check passed, but the content concern is separate and still matters.
The faster option: pasting the email text
If you can't save the email as a file, paste the text instead. Use the Paste Text tab on the check page.
For the best result when pasting:
- Include the sender's email address at the top — this helps Summarly spot suspicious sending domains
- Include the subject line
- Paste the full email body, including any links or reference numbers
- Leave out personal details you don't need to include — things like your full name, date of birth, or account number
Pasting won't give you the technical pre-check layer — Summarly won't be able to check sender verification, reply address, or other header signals — but the AI analysis will still read the content, flag warning signs, and suggest next steps.
How to read your result
Summarly returns a risk label and a plain-English explanation. The labels mean:
| Label | What it means |
|---|---|
| High risk | Strong warning signs found. Do not click links, call numbers, or use contact details from within the email. Verify independently. |
| Caution | Some concerns, but the evidence isn't conclusive. Treat with care and verify before acting. |
| Follow-up recommended | Something needs your attention — a payment, deadline, or action — but no obvious scam signs were found. Worth verifying through official channels. |
| Routine | Nothing suspicious was identified in the visible content. Still verify independently for anything involving payment or personal data. |
If Summarly flags High risk or Caution:
- Do not click any links in the email
- Do not call any phone numbers listed in the email
- Do not scan any QR codes in the email
- Do not use bank details, email addresses, or contact information from within the email
- Find the organisation's official website by searching for it independently — do not use any link in the email
- If you've already clicked something or entered details, act quickly — see the related guide below
If Summarly returns a Routine result but something still doesn't feel right, trust that instinct. Summarly can only assess what it can see. Verify directly through the organisation's official website or app before taking any action involving payment or personal data.
Ready to check an email?
Upload a saved copy of the email for the most thorough check, or paste the text. Free during public beta — no account needed.
Check an email nowNo content stored after the check · No account needed · Free during public beta
Frequently asked questions
What does "save the email as a file" mean?
Most email apps let you save or download a copy of an email to your computer. This saved copy contains not just the visible text but also the hidden technical information the email carries — who sent it, where replies would go, and whether it passed the email system's own checks. Summarly reads all of this for a more thorough result. The steps for each app are in the guide above.
Why does the check vary depending on which app I used to save it?
Emails saved from Gmail, Outlook on the Web, and Apple Mail include the full technical information Summarly needs for the pre-check. Emails saved from the Outlook desktop app may not include that information, which means the technical pre-check may be limited. The AI analysis still runs on the email content either way.
What does it mean if the verification check fails?
It means the email didn't pass the technical checks associated with the sending domain shown in the headers. This is a warning sign — particularly if the email claims to be from a bank, government body, or well-known brand. That said, some legitimate organisations have poorly configured email systems, which can cause genuine emails to fail these checks. Summarly flags the finding; always verify independently if you're unsure.
Why does Summarly say verification passed but still flag a concern?
Passing verification is a positive technical signal — it means the email passed the sending checks for the domain shown in the headers. But it does not mean the content is safe, honest, or that the email is genuinely from the organisation you think it is. A scammer can set up a domain, pass every technical check, and still send a fraudulent email. The technical result and the content result are separate — both matter.
Can I just paste the email text instead of uploading a saved copy?
Yes. Paste the email text — including the sender address and subject line — into the Paste Text tab. You won't get the technical pre-check layer, but the AI will still analyse the content and flag any warning signs it finds. For emails where you're particularly concerned, uploading a saved copy gives the most thorough result.
Does Summarly store my email?
Summarly does not intentionally store submitted email content after the check is complete. Content is sent to an AI service to generate the result. Anonymous metadata — such as document type, result label, and processing time — may be logged to improve the service. No personal content is retained. See the full privacy policy for details.
What personal details should I leave out before submitting?
Remove details that aren't needed for the check — things like your full name, home address, National Insurance number, account numbers, passwords, or bank card details. The sender address, subject line, email body, any links, and reference numbers within the email are usually enough for Summarly to give a useful result.