HumationHuman + Automation
Back to Catalog

Analyze email headers for IP reputation and spoofing detection - Gmail

Angel MenendezAngel Menendez
16942 views
2/3/2026
PuppeteerWeb ScraperWebhookPlaywrightPDF
Official Page

Analyze Emails for Security Insights

Who is this for?

This workflow is ideal for IT professionals, security analysts, and organizations looking to enhance their email security practices. It is particularly useful for those who need to analyze Gmail email headers for IP tracking, spoofing detection, and sender reputation assessment.

What problem is this workflow solving?

Email spoofing and phishing attacks are significant cybersecurity threats. By analyzing email headers, this workflow provides detailed insights into the email's origin, authentication status, and the reputation of the sending IP address. It helps detect potential spoofing attempts and assess the trustworthiness of incoming emails.

What this workflow does

This n8n workflow automates the process of analyzing email headers received in Gmail. It performs the following key functions:

  1. Triggering and Email Header Extraction: It monitors Gmail inboxes for new emails and extracts their headers for analysis.
  2. Authentication Analysis: It validates SPF, DKIM, and DMARC authentication results to ensure the email adheres to industry-standard security protocols.
  3. IP Analysis: The workflow extracts the originating IP address and evaluates its reputation and geographic details using external APIs.
  4. Reputation Scoring: It integrates with IP Quality Score to detect spam activity and assess the sender's reputation.
  5. Consolidation and Webhook Response: All results are aggregated into a single JSON response, making it easy to integrate with third-party platforms or tools for further automation.

Setup

  1. Authenticate Gmail: Configure the Gmail Trigger node with your Gmail account credentials.
  2. API Keys (Optional):
    • Obtain an API key for IP Quality Score (https://ipqualityscore.com).
    • Ensure the IP-API endpoint is accessible.
    • This step is optional as ipqualityscore.com will provide a limited number of free lookups each month. See more details here.
  3. Activate the Workflow: Ensure the workflow is active to process incoming emails in real-time.

How to customize this workflow to your needs

  • Add Alerts: Use the Gmail - Respond to Webhook node to trigger notifications in Slack, email, or any other communication channel.
  • Integrate with SIEM: Forward the workflow output to SIEM tools like Splunk or ELK Stack for further analysis.
  • Modify Validation Rules: Update SPF, DKIM, or DMARC logic in the Set nodes to align with your organization’s security policies.
  • Expand IP Analysis: Add more APIs or services to enrich IP reputation data, such as VirusTotal or AbuseIPDB.

This workflow provides a robust foundation for email security monitoring and can be tailored to fit your organization's unique requirements. With its modular design and integration options, it’s a versatile tool to enhance your cybersecurity operations.

n8n Workflow: Analyze Email Headers for IP Reputation and Spoofing Detection

This n8n workflow provides a framework for analyzing email headers to assess IP reputation and detect potential spoofing. It's designed to be triggered by an incoming email via Gmail and then route the email content for further analysis based on predefined conditions.

What it does

This workflow outlines the following steps:

  1. Triggers on New Gmail Emails: Listens for new emails arriving in a specified Gmail account.
  2. Performs an HTTP Request: Initiates an HTTP request. (The target URL and method are not defined in the provided JSON, implying this is a placeholder for an external API call for email header analysis, IP reputation, or spoofing detection.)
  3. Conditional Logic (If): Evaluates a condition based on the results of the HTTP request.
    • True Path: If the condition is met (e.g., a potential threat is detected), it proceeds to a "No Operation" node, which acts as a placeholder for further actions (e.g., alerting, quarantining).
    • False Path: If the condition is not met, it proceeds to another "No Operation" node, also a placeholder for benign email handling.
  4. Responds to Webhook: (This node is present but not connected in the provided JSON, suggesting it might be part of an incomplete or alternative flow for responding to an initial webhook trigger, which is not the primary trigger here).
  5. Sets Fields (Edit Fields): A placeholder for manipulating or setting data fields.
  6. Aggregates Data: A placeholder for combining data from multiple items.
  7. Limits Data: A placeholder for restricting the number of items.

Prerequisites/Requirements

  • n8n Instance: A running n8n instance.
  • Gmail Account: A Gmail account configured as a credential in n8n to listen for new emails.
  • External API (Placeholder): An external API or service for email header analysis, IP reputation, or spoofing detection. The HTTP Request node will need to be configured with the appropriate URL, headers, and body for this service.

Setup/Usage

  1. Import the Workflow: Import the provided JSON into your n8n instance.
  2. Configure Gmail Trigger:
    • Open the "Gmail Trigger" node.
    • Select or create a new Gmail API credential that has access to the mailbox you wish to monitor.
    • Specify the Label ID (e.g., INBOX) or other filters to define which emails trigger the workflow.
  3. Configure HTTP Request:
    • Open the "HTTP Request" node.
    • Configure the URL, Method, Headers, and Body to send the email headers (or relevant parts of the email) to your chosen email analysis API. You will likely need to extract specific header fields from the Gmail Trigger output using expressions.
  4. Configure If Node:
    • Open the "If" node.
    • Define the conditions based on the expected output from your email analysis API (e.g., if($json["reputationScore"] < 50) or if($json["spoofingDetected"] === true)).
  5. Define Actions for True/False Paths:
    • Replace the "No Operation, do nothing" nodes on both the "True" and "False" branches of the "If" node with actual actions.
      • True (Threat Detected): Examples include sending a Slack notification, creating a ticket in a ticketing system, moving the email to a "Quarantine" folder, or sending an alert email.
      • False (No Threat): Examples include archiving the email, forwarding it, or simply ending the workflow.
  6. Activate the Workflow: Save and activate the workflow.

This workflow provides a solid starting point for building an automated email security analysis system. Remember to fill in the placeholder nodes with your specific API endpoints and desired actions.

Related Templates

Automate Dutch Public Procurement Data Collection with TenderNed

TenderNed Public Procurement What This Workflow Does This workflow automates the collection of public procurement data from TenderNed (the official Dutch tender platform). It: Fetches the latest tender publications from the TenderNed API Retrieves detailed information in both XML and JSON formats for each tender Parses and extracts key information like organization names, titles, descriptions, and reference numbers Filters results based on your custom criteria Stores the data in a database for easy querying and analysis Setup Instructions This template comes with sticky notes providing step-by-step instructions in Dutch and various query options you can customize. Prerequisites TenderNed API Access - Register at TenderNed for API credentials Configuration Steps Set up TenderNed credentials: Add HTTP Basic Auth credentials with your TenderNed API username and password Apply these credentials to the three HTTP Request nodes: "Tenderned Publicaties" "Haal XML Details" "Haal JSON Details" Customize filters: Modify the "Filter op ..." node to match your specific requirements Examples: specific organizations, contract values, regions, etc. How It Works Step 1: Trigger The workflow can be triggered either manually for testing or automatically on a daily schedule. Step 2: Fetch Publications Makes an API call to TenderNed to retrieve a list of recent publications (up to 100 per request). Step 3: Process & Split Extracts the tender array from the response and splits it into individual items for processing. Step 4: Fetch Details For each tender, the workflow makes two parallel API calls: XML endpoint - Retrieves the complete tender documentation in XML format JSON endpoint - Fetches metadata including reference numbers and keywords Step 5: Parse & Merge Parses the XML data and merges it with the JSON metadata and batch information into a single data structure. Step 6: Extract Fields Maps the raw API data to clean, structured fields including: Publication ID and date Organization name Tender title and description Reference numbers (kenmerk, TED number) Step 7: Filter Applies your custom filter criteria to focus on relevant tenders only. Step 8: Store Inserts the processed data into your database for storage and future analysis. Customization Tips Modify API Parameters In the "Tenderned Publicaties" node, you can adjust: offset: Starting position for pagination size: Number of results per request (max 100) Add query parameters for date ranges, status filters, etc. Add More Fields Extend the "Splits Alle Velden" node to extract additional fields from the XML/JSON data, such as: Contract value estimates Deadline dates CPV codes (procurement classification) Contact information Integrate Notifications Add a Slack, Email, or Discord node after the filter to get notified about new matching tenders. Incremental Updates Modify the workflow to only fetch new tenders by: Storing the last execution timestamp Adding date filters to the API query Only processing publications newer than the last run Troubleshooting No data returned? Verify your TenderNed API credentials are correct Check that you have setup youre filter proper Need help setting this up or interested in a complete tender analysis solution? Get in touch πŸ”— LinkedIn – Wessel Bulte

Wessel BulteBy Wessel Bulte
247

πŸŽ“ How to transform unstructured email data into structured format with AI agent

This workflow automates the process of extracting structured, usable information from unstructured email messages across multiple platforms. It connects directly to Gmail, Outlook, and IMAP accounts, retrieves incoming emails, and sends their content to an AI-powered parsing agent built on OpenAI GPT models. The AI agent analyzes each email, identifies relevant details, and returns a clean JSON structure containing key fields: From – sender’s email address To – recipient’s email address Subject – email subject line Summary – short AI-generated summary of the email body The extracted information is then automatically inserted into an n8n Data Table, creating a structured database of email metadata and summaries ready for indexing, reporting, or integration with other tools. --- Key Benefits βœ… Full Automation: Eliminates manual reading and data entry from incoming emails. βœ… Multi-Source Integration: Handles data from different email providers seamlessly. βœ… AI-Driven Accuracy: Uses advanced language models to interpret complex or unformatted content. βœ… Structured Storage: Creates a standardized, query-ready dataset from previously unstructured text. βœ… Time Efficiency: Processes emails in real time, improving productivity and response speed. *βœ… Scalability: Easily extendable to handle additional sources or extract more data fields. --- How it works This workflow automates the transformation of unstructured email data into a structured, queryable format. It operates through a series of connected steps: Email Triggering: The workflow is initiated by one of three different email triggers (Gmail, Microsoft Outlook, or a generic IMAP account), which constantly monitor for new incoming emails. AI-Powered Parsing & Structuring: When a new email is detected, its raw, unstructured content is passed to a central "Parsing Agent." This agent uses a specified OpenAI language model to intelligently analyze the email text. Data Extraction & Standardization: Following a predefined system prompt, the AI agent extracts key information from the email, such as the sender, recipient, subject, and a generated summary. It then forces the output into a strict JSON structure using a "Structured Output Parser" node, ensuring data consistency. Data Storage: Finally, the clean, structured data (the from, to, subject, and summarize fields) is inserted as a new row into a specified n8n Data Table, creating a searchable and reportable database of email information. --- Set up steps To implement this workflow, follow these configuration steps: Prepare the Data Table: Create a new Data Table within n8n. Define the columns with the following names and string type: From, To, Subject, and Summary. Configure Email Credentials: Set up the credential connections for the email services you wish to use (Gmail OAuth2, Microsoft Outlook OAuth2, and/or IMAP). Ensure the accounts have the necessary permissions to read emails. Configure AI Model Credentials: Set up the OpenAI API credential with a valid API key. The workflow is configured to use the model, but this can be changed in the respective nodes if needed. Connect the Nodes: The workflow canvas is already correctly wired. Visually confirm that the email triggers are connected to the "Parsing Agent," which is connected to the "Insert row" (Data Table) node. Also, ensure the "OpenAI Chat Model" and "Structured Output Parser" are connected to the "Parsing Agent" as its AI model and output parser, respectively. Activate the Workflow: Save the workflow and toggle the "Active" switch to ON. The triggers will begin polling for new emails according to their schedule (e.g., every minute), and the automation will start processing incoming messages. --- Need help customizing? Contact me for consulting and support or add me on Linkedin.

DavideBy Davide
1616

Tax deadline management & compliance alerts with GPT-4, Google Sheets & Slack

AI-Driven Tax Compliance & Deadline Management System Description Automate tax deadline monitoring with AI-powered insights. This workflow checks your tax calendar daily at 8 AM, uses GPT-4 to analyze upcoming deadlines across multiple jurisdictions, detects overdue and critical items, and sends intelligent alerts via email and Slack only when immediate action is required. Perfect for finance teams and accounting firms who need proactive compliance management without manual tracking. πŸ›οΈπŸ€–πŸ“Š Good to Know AI-Powered: GPT-4 provides risk assessment and strategic recommendations Multi-Jurisdiction: Handles Federal, State, and Local tax requirements automatically Smart Alerts: Only notifies executives when deadlines are overdue or critical (≀3 days) Priority Classification: Categorizes deadlines as Overdue, Critical, High, or Medium priority Dual Notifications: Critical alerts to leadership + daily summaries to team channel Complete Audit Trail: Logs all checks and deadlines to Google Sheets for compliance records How It Works Daily Trigger - Runs at 8:00 AM every morning Fetch Data - Pulls tax calendar and company configuration from Google Sheets Analyze Deadlines - Calculates days remaining, filters by jurisdiction/entity type, categorizes by priority AI Analysis - GPT-4 provides strategic insights and risk assessment on upcoming deadlines Smart Routing - Only sends alerts if overdue or critical deadlines exist Critical Alerts - HTML email to executives + Slack alert for urgent items Team Updates - Slack summary to finance channel with all upcoming deadlines Logging - Records compliance check results to Google Sheets for audit trail Requirements Google Sheets Structure Sheet 1: TaxCalendar DeadlineID | DeadlineName | DeadlineDate | Jurisdiction | Category | AssignedTo | IsActive FED-Q1 | Form 1120 Q1 | 2025-04-15 | Federal | Income | John Doe | TRUE Sheet 2: CompanyConfig (single row) Jurisdictions | EntityType | FiscalYearEnd Federal, California | Corporation | 12-31 Sheet 3: ComplianceLog (auto-populated) Date | AlertLevel | TotalUpcoming | CriticalCount | OverdueCount 2025-01-15 | HIGH | 12 | 3 | 1 Credentials Needed Google Sheets - Service Account OAuth2 OpenAI - API Key (GPT-4 access required) SMTP - Email account for sending alerts Slack - Bot Token with chat:write permission Setup Steps Import workflow JSON into n8n Add all 4 credentials Replace these placeholders: YOURTAXCALENDAR_ID - Tax calendar sheet ID YOURCONFIGID - Company config sheet ID YOURLOGID - Compliance log sheet ID C12345678 - Slack channel ID tax@company.com - Sender email cfo@company.com - Recipient email Share all sheets with Google service account email Invite Slack bot to channels Test workflow manually Activate the trigger Customizing This Workflow Change Alert Thresholds: Edit "Analyze Deadlines" node: Critical: Change &lt;= 3 to &lt;= 5 for 5-day warning High: Change &lt;= 7 to &lt;= 14 for 2-week notice Medium: Change &lt;= 30 to &lt;= 60 for 2-month lookout Adjust Schedule: Edit "Daily Tax Check" trigger: Change hour/minute for different run time Add multiple trigger times for tax season (8 AM, 2 PM, 6 PM) Add More Recipients: Edit "Send Email" node: To: cfo@company.com, director@company.com CC: accounting@company.com BCC: archive@company.com Customize Email Design: Edit "Format Email" node to change colors, add logo, or modify layout Add SMS Alerts: Insert Twilio node after "Is Critical" for emergency notifications Integrate Task Management: Add HTTP Request node to create tasks in Asana/Jira for critical deadlines Troubleshooting | Issue | Solution | |-------|----------| | No deadlines found | Check date format (YYYY-MM-DD) and IsActive = TRUE | | AI analysis failed | Verify OpenAI API key and account credits | | Email not sending | Test SMTP credentials and check if critical condition met | | Slack not posting | Invite bot to channel and verify channel ID format | | Permission denied | Share Google Sheets with service account email | πŸ“ž Professional Services Need help with implementation or customization? Our team offers: 🎯 Custom workflow development 🏒 Enterprise deployment support πŸŽ“ Team training sessions πŸ”§ Ongoing maintenance πŸ“Š Custom reporting & dashboards πŸ”— Additional API integrations Discover more workflows – Get in touch with us

Oneclick AI SquadBy Oneclick AI Squad
93