Support

Get help with MailMapr

Need help? Contact us at

Getting Started

Create a Project — Open MailMapr and create a new project to organize your investigation.
Import Evidence — Drag and drop EML, MSG, EMLX, or MBOX files into the Ingest module.
Analyze — Use the Dashboard, Timeline, and Correlation modules to investigate email patterns.
Classify Contacts — Use the Trusted module to mark emails, domains, and IPs as whitelisted, suspicious, or blacklisted.
Generate Reports — Create Technical Forensic or Executive Summary reports from the Reports module.

Quick View mode: You can open and inspect individual email files directly from Finder without creating a project. Just double-click an EML/MSG file or use File > Open.

Frequently Asked Questions

What file formats does MailMapr support?

MailMapr supports .eml, .emlx (Apple Mail), .msg (Microsoft Outlook), and .mbox (mailbox archive) files. You can export analysis results as PDF or HTML reports.

Where is my data stored?

All data is stored locally on your Mac in the Application Support directory, protected by the macOS App Sandbox. No data is sent to external servers. You can delete projects and their data at any time from within the app.

Can I analyze emails from different email clients?

Yes. MailMapr works with standard email formats exported from any email client including Outlook, Thunderbird, Apple Mail, Gmail (via Google Takeout), and others.

What are Trust Lists?

Trust Lists classify email addresses, domains, and IPs into three categories: Whitelist (trusted, green), Suspicious (under investigation, orange), and Blacklist (confirmed threat, red). Lists can be applied globally across all projects or per individual project.

What are Indicators of Compromise (IoC)?

IoCs are forensic artifacts that indicate a potential security breach: malicious email addresses, suspicious domains, or flagged IP addresses found during analysis. MailMapr lets you track, annotate, and export them.

How do I export reports?

Go to the Reports module, select the report type (Technical Forensic or Executive Summary), choose your emails, and click Generate Report. Reports can be exported as HTML or PDF.

What does the phishing risk score mean?

Each email receives an automatic risk score from 0 (safe) to 100 (high risk). The score is based on header analysis, authentication checks (SPF, DKIM, DMARC), domain mismatches, suspicious patterns, and other forensic indicators.

Is MailMapr available in other languages?

Yes. MailMapr supports English and Spanish. You can change the language in Settings.

Troubleshooting

Email file won't open

Ensure the file has a supported extension (.eml, .emlx, .msg, .mbox). If the file is corrupted or uses a non-standard encoding, MailMapr will display a parsing error with details.

MSG file shows partial content

Some MSG files use non-standard OLE structures. MailMapr parses the standard Outlook format. If a file was exported from a third-party tool, try re-exporting it directly from Outlook.

Trust colors not updating

After modifying trust lists, the changes apply immediately to the current view. If colors don't update, try switching to another email and back, or reopen the project.

System Requirements

macOS 14.0 (Sonoma) or later
Apple Silicon or Intel Mac
Minimum 4 GB RAM recommended
Storage space varies by evidence volume

← Back to MailMapr