We present a multi-layer email threat detection system that integrates header authentication analysis, URL/attachment reputation checks via threat intelligence, and machine learning classification. The system parses incoming emails, verifies SPF/DKIM/DMARC results, extracts URLs and attachment hashes, and queries VirusTotal for each indicator. It then applies a trained ML model (TF-IDF + Logistic Regression) to classify the email as phishing or benign. Finally, a scoring engine correlates all signals into a composite risk score. In testing, the system successfully identified simulated phishing emails: for example, a malicious email with known bad links and spoofed headers was flagged as Phishing with high confidence, while benign messages were rated low-risk. The GUI (Figures 1–2) displays the analysis report, including header results, VirusTotal findings, ML verdict, and final threat score. Our multi-layer method leverages complementary techniques to improve detection accuracy and reduce false negatives compared to single- method approaches.