AI-Powered · 59 Checks · Real-time

Stop phishing
before you click

PhishGuard analyses every email you open — instantly. Heuristics, header forensics, domain intelligence and Claude AI work together to give you a verdict you can trust.

⬇ Add to Chrome — free See how it works →
Works on Gmail & Outlook Belgian ISPs supported No email content sent
74 HIGH RISK
🤖 PHISHING — click to view full analysis
▼ Findings 6
CRIT🎣 PHISHING — Brand impersonation detected
CRITSPF FAIL — server not authorised
HIGHDomain registered 11 days ago
HIGHAll links go to single external domain
MEDReply-To differs from sender
LOWTracking pixel detected
▶ Domain Intelligence 3
▶ Link VT Scan 4
📨 Open Full Headers
📋 View PhishGuard Report
Works on Gmail Outlook Yahoo Proton Zoho Fastmail Telenet ✦ Proximus ✦ VOO ✦ Orange BE ✦ + more

What you get

Every threat vector, covered

PhishGuard runs 59 checks across seven detection categories the moment you open an email — in milliseconds, entirely in your browser.

🤖

Claude AI Analysis

Every email gets a full forensic assessment — PHISHING / SCAM / SUSPICIOUS / LEGITIMATE verdict, summary of what the attacker wants, key indicators, and a clear recommendation. Fires automatically 800ms after opening.

🦠

VirusTotal Integration

Links and file attachments are checked against 70+ security engines. Attachment bytes are hashed locally — only the SHA-256 hash is ever sent, never the file itself. QR codes in images are also decoded and checked.

🔍

Domain Intelligence

Sender and link domains are looked up via RDAP and WHOIS. A domain registered 11 days ago, hosted on a Tor exit node, or registered through a high-risk registrar — all surfaced instantly with age and ASN shown.

📨

Two-Tab Header Analysis

"Open Full Headers" opens a 1200px popup: an Analysis tab with SPF/DKIM/DMARC badges and a hop table labelling every IP as PUBLIC or PRIVATE, plus a Raw Headers tab in RFC 2822 format ready for external tools.

🇧🇪

Belgian ISP Full Headers

Telenet, Proximus, VOO and Orange BE Zimbra webmail clients now get complete header retrieval — using the same appCtxt API as the Zimbra client itself, from the MAIN world. No CORS restrictions, no workarounds needed.

🔗

Link & Scam Detection

14 scam-specific patterns detect advance-fee fraud, fake lotteries, sextortion, investment scams and job scams — separate from phishing. Every link is checked for shorteners, IP addresses, credential harvesting paths and redirect chains.

Under the hood

Instant analysis,
every time you open an email

01

Email opens

A DOM mutation observer detects the new message. Sender, subject, headers, links and attachments are extracted immediately.

02

59 checks run locally

The scoring engine evaluates authentication results, domain signals, link quality, attachment risk and content patterns — in milliseconds, entirely on your machine.

03

Full headers are fetched

Outlook uses EWS intercept. Gmail uses the internal ?view=om endpoint. Belgian Zimbra clients use MAIN world appCtxt injection. You get complete RFC 2822 headers on every supported platform.

04

Domain intel runs in background

RDAP, WHOIS and DNS lookups run for every unique domain — sender, reply-to, return-path and all link domains. Results feed both the sidebar and the AI report.

05

Claude AI gives its verdict

A structured forensic report is sent to Claude via the PhishGuard proxy. Within seconds: PHISHING, SCAM, SUSPICIOUS or LEGITIMATE — with full explanation and confidence level.

06

Everything in your sidebar

Risk score, colour-coded findings sorted by severity, AI verdict, domain intel, link VT scan, header popup and full report — all collapsible, always available on the right edge of your inbox.

📨 Email Header Analysis
Copy raw Close
🔎 Analysis
Raw Headers
Authentication
SPF
FAIL
DKIM
PASS
mailer-daemon.ru
DMARC
FAIL
Received Hops (3)
# From By Timestamp
1 mail.paypal-secure-update.net
185.220.101.47 PUBLIC		 mx.google.com
10.1.0.4 PRIVATE		 27 Mar 09:33
2 mx.google.com 2002:a54:3146::1 27 Mar 09:33

Risk scoring

Transparent scoring,
not a black box

Every score is explainable. PhishGuard shows exactly which checks fired, their severity and how many points each contributed.

0
Clean
No indicators
1–14
Low Risk
Minor anomalies
15–29
Moderate
Treat with caution
30–59
High Risk
Strong signals
60–100
Critical
Almost certainly malicious
11 CHECKS

Sender Identity

Display name spoofing, brand impersonation, Unicode lookalikes, homograph attacks, Reply-To anomalies, DKIM domain mismatch.

15 CHECKS

Link Analysis

URL shorteners, anchor text mismatches, IP-based links, redirect chains, credential harvesting paths, suspicious TLDs, link bombing.

7 CHECKS

Email Authentication

SPF/DKIM/DMARC pass/fail/none, triple-none pattern, mismatched DKIM signing domain, DMARC policy enforcement.

9 CHECKS

Domain Analysis

Domain age via RDAP, registrar reputation, disposable domain patterns, Punycode/IDN detection, free hosting platforms.

3 CHECKS

Attachment Risk

Dangerous file extensions, double extensions, password-protected archives with credentials in email body.

14 CHECKS

Scam & Evasion

Advance-fee fraud, lottery scams, sextortion, investment scams, fake job offers, delivery fee scams, tracking pixels, HTML forms.

Your data

Privacy first.
Always.

PhishGuard analyses the metadata that matters for security — never the content of your messages. Your emails stay private.

✅ What we analyse

📧
Sender & subject metadata
Email address, display name, subject line
🔗
Links and URLs
Checked via domain lookups and VirusTotal
🔐
Email authentication headers
SPF, DKIM, DMARC results and full Received chain
📎
Attachment names + SHA-256 hash
Hashed locally — the file itself never leaves your browser
🧠
Optional: first 600 chars of body
Only if you enable the setting — improves scam/phishing detection

🚫 What we never touch

📝
Email body text
Never read or transmitted by default
📬
Your recipient address
Never extracted from the DOM or sent anywhere
📁
Attachment file contents
Bytes are hashed locally — never uploaded
🌐
Browsing history or cookies
The extension has no access to any other browser data
🔑
Your license key
Validated by our own proxy only — never forwarded to Anthropic or VT

Simple pricing

Start free.
Upgrade when you need AI.

The core heuristic engine is free forever. Pro adds Claude AI, VirusTotal scanning, domain intelligence and full header analysis — everything you need to be certain about an email.

Free
€0 / month
Forever free · no account needed
  • 59 heuristic detection checks
  • Risk score 0–100 with full findings
  • Two-tab header analysis popup
  • Hop table with PUBLIC/PRIVATE IP labels
  • Raw headers (RFC 2822)
  • Works on 11+ webmail platforms
  • Sender whitelist
  • Claude AI analysis
  • VirusTotal scanning
  • Domain intelligence (RDAP/WHOIS)
Add to Chrome
Pro
€8.99 / month
Billed monthly · cancel anytime · 7-day free trial
  • Everything in Free
  • Claude AI analysis — automatic on every email
  • PHISHING / SCAM / SUSPICIOUS / LEGITIMATE verdict
  • VirusTotal URL & file scanning
  • Domain intelligence (RDAP / WHOIS / ASN)
  • QR code URL extraction & scanning
  • Attachment drag & drop hash check
  • Full PhishGuard report with Header Analysis
  • Belgian ISP full header retrieval (Telenet, Proximus, VOO)
  • Priority support
Get Pro — €8.99/mo →
or start your 7-day free trial from the extension settings

💳 Secure payment via Stripe · 7-day refund policy · Cancel any time from your billing portal

Questions

Frequently asked

Everything you need to know before installing.

No. PhishGuard analyses only the metadata needed for security — sender, subject, headers, link URLs and attachment hashes. The body text of your emails is never read or transmitted by default. If you enable the optional "body excerpt" setting, the first 600 characters are included in the Claude analysis to improve scam detection — this is opt-in and clearly labelled in settings.
Yes — full support for Belgian ISP Zimbra webmail clients including Telenet (webmail.telenet.be), Proximus (webmail.proximus.be), VOO (webmail.voo.be) and Orange BE. These platforms get the same full header retrieval as Gmail and Outlook — SPF/DKIM/DMARC results, the full Received chain, and the two-tab header analysis popup.
Claude is an AI model by Anthropic, used here to provide a forensic assessment of each email. PhishGuard sends a structured report to Claude containing only metadata — sender details, authentication results, domain ages, link domains and PhishGuard's own findings. Claude never receives your email body, your recipient address, attachment contents, or any other personal data. The API call goes through the PhishGuard proxy server so your Anthropic account details are never needed.
Open the extension settings, scroll to the License section and click "Send verification email". Enter your email address and we'll send a verification link. Once you click it, your 7-day trial key is generated and shown — paste it into the License Key field in settings. One trial per email address. After 7 days you'll receive an email with a link to get a Pro license to continue.
Your license key is stored in Chrome's sync storage, so it persists across reinstalls on the same Chrome profile. If you switch browsers or profiles, just re-enter your key in the License Key field in settings and click Activate.
Yes, any time. Click the billing portal link you receive in your purchase confirmation email, or contact us at support@phishguardv2.com. Cancellations take effect at the end of your current billing period. We also offer a 7-day full refund policy — no questions asked.
PhishGuard is built for Chrome and Chromium-based browsers (Edge, Brave, Arc, Opera). A Firefox version is in development. Gmail and Outlook header enrichment rely on Chrome-specific APIs, but the core heuristic engine is browser-agnostic.

Get started

Your inbox deserves better
than hoping for the best

The free tier catches a lot. Pro catches everything — and tells you exactly why.

⬇ Add to Chrome — free Get Pro — €8.99/mo →