Screen incoming Gmail messages and score sender risk using email headers, IP reputation, and authentication checks. Ideal for IT teams and security owners who need fast triage, safer inboxes, and clear answers on sender trust.

New emails are captured by a Gmail trigger that runs every minute. The flow extracts and cleans headers, keeps the latest Received line, and pulls the public IP with a regex that ignores private ranges. It checks the IP with IPQualityScore for risk and with IP API for location and network data. It also reads Authentication Results, Received SPF, DKIM Signature, and DMARC to decide pass, fail, or not found. Results are merged into one JSON and returned to a webhook for easy use in other tools or reports.

Setup needs a Gmail OAuth credential and an IPQualityScore API key. You can also post headers from third party platforms to the webhook path when the workflow is active. Teams can cut manual header review from minutes to seconds, spot risky senders faster, and handle higher email volume with less effort. Great for abuse inbox triage, phishing review, and deliverability checks.

• Gmail trigger watches for new emails every minute and passes headers forward.
• Header parsing keeps the latest Received line and extracts the public sender IP while ignoring private ranges.
• IP reputation scoring with IPQualityScore flags risky or spam linked addresses.
• IP enrichment with IP API adds country, region, and network details.
• Authentication checks read SPF, DKIM, and DMARC from standard headers.
• Smart branching when no IP is found skips reputation calls but still returns auth results.
• Merge and aggregate nodes build a single, clean JSON record for each email.
• Webhook response returns structured results for easy use in other apps.

• Reduce manual header review from 30 minutes to 2 minutes per message
• Automate up to 90 percent of sender trust checks with consistent rules
• Improve decision accuracy by 80 percent with IP reputation and auth data
• Handle 5 times more email volume without adding staff
• Connect Gmail insights to any system through a live webhook

1. Import the template into n8n: Create a new workflow in n8n > Click the three dots menu > Select 'Import from File' > Choose the downloaded JSON file.
2. You'll need accounts with Gmail, IPQualityScore and IP-API. See the Tools Required section above for links to create accounts with these services.
3. In the n8n credentials manager, create a Gmail OAuth2 credential. Double click the Gmail Trigger node, choose Credential to connect with, click Create new credential, and follow the on screen steps to connect your Google account.
4. Open the Gmail Trigger node and confirm the polling interval is set to every minute or your preferred frequency. Save the node.
5. Get your IPQualityScore API key from the IPQualityScore dashboard. In the HTTP Request node for IPQualityScore, replace the sample key in the URL with your own key.
6. No key is needed for IP API. Leave the IP API HTTP Request node as configured, or change it to https if required by your network policy.
7. If you plan to send headers from another system, open the Webhook node and copy the endpoint path. Make sure Response mode is set to respond via the response node.
8. Map incoming header data: In the Set Gmail Webhook Headers Here node, ensure the headers field points to the headers array in the webhook body. Save your changes.
9. Activate the workflow so the webhook can accept requests and the Gmail trigger can run. Inactive workflows will not receive webhook calls.
10. Send a test email to the connected Gmail inbox and check the execution log. Confirm the Received header was parsed and a public IP was extracted.
11. Validate IP checks: Review the IPQualityScore and IP API node outputs to see risk, location, and network fields. Confirm SPF, DKIM, and DMARC values appear in the merged result.
12. Troubleshoot common issues: If no response is returned from the webhook, ensure the workflow is active. If SPF or DKIM shows not found, verify the original message headers include those lines. If the IP is missing, confirm the email has a public Received path.