Phishiphy

About

Phishiphy is a Chrome extension that analyzes your Gmail inbox and open emails in real time, scores each message for phishing risk, and shows you exactly why it scored that way in a side panel — without sending any of your mail to a server.

▸ WHAT IT DOES

• Scans Gmail inbox rows and opens emails the moment you view them
• Produces a risk score (0–100) with a clear high/medium/low verdict
• Explains itself: sender patterns, risky links, urgency language, attachment types, and cross-signal anomalies are each listed with evidence
• Remembers local Mark Safe and Mark Phishing decisions so senders and domains you have already judged do not keep alarming
• Caches recent inbox scans briefly so scrolling Gmail does not re-analyze everything

▸ WHY IT IS DIFFERENT

Phishiphy tries to feel fast and understandable. Instead of throwing a red banner and calling it a day, the side panel shows the score, the main reasons, your local actions, campaign history, and a detailed findings list. If something looks off, you mark it locally. If something is safe, you trust it locally. The extension adapts to your judgement.

Most of the logic is behavioral. It looks for things like suspicious sender display-name tricks, risky link targets, urgency and pressure language, dangerous attachment types, and relationships between those signals. An optional Domain Intelligence layer (off by default) adds blacklist checks, domain age, DNS and email-auth signals, and redirect-chain tracing.

▸ WHAT IT DOES NOT DO

• It does not send your email content to any server. Phishiphy has no backend. All scoring runs inside your browser.
• It does not collect analytics, track you, or sell data. There is nothing to sell because nothing leaves your device.
• It does not replace good judgement. Treat the score as input, not gospel.
• It is Gmail-only right now.

▸ PRIVACY

Phishiphy runs entirely on your device. When Domain Intelligence is disabled (the default) the extension makes no outbound network requests at all. When it is enabled, it queries public DNS and RDAP endpoints for sender domains — those requests contain only the domain, never your email content or any identifier for you. Full privacy policy: https://github.com/Swacky1/Phishiphy/blob/main/PRIVACY.md

▸ OPEN SOURCE

Source code is public at https://github.com/Swacky1/Phishiphy — read it, fork it, file issues.

▸ KNOWN LIMITATIONS

• Can still flag newsletters and job alerts in rare cases; tuning continues
• Gmail only; Outlook and other providers are not supported yet
• Rescans on Gmail page transitions are handled gracefully but not instantaneous

Feedback and bug reports welcome on GitHub.