nicodAImus iris - Phishing Detector автор nicodAImus

What is iris?

nicodAImus iris scans your emails for phishing risks and scores them 0-10, entirely in your browser. No data ever leaves your machine.

How it works

Open an email in Gmail or Proton Mail, then click Scan. iris analyzes the email and shows a threat score with detailed signals explaining why an email may be suspicious.

What iris checks

• Email authentication - DKIM, SPF, DMARC verification
• Domain impersonation - homoglyph detection (e.g. "paypa1.com" mimicking "paypal.com")
• URL shorteners - links that hide the real destination (bit.ly, tinyurl, etc.)
• Pressure language - urgency tactics ("Act now", "account suspended")
• Credential requests - emails asking for your password
• Generic greetings - "Dear Customer" instead of your name
• Display name spoofing - sender name doesn't match the actual email address
• Suspicious attachments - potentially dangerous file types

Privacy

All analysis is performed locally in your browser. Zero network requests. Zero data collection. Zero tracking.

Permissions explained

• mail.google.com - Read email content for local phishing analysis in Gmail
• mail.proton.me - Read email content for local phishing analysis in Proton Mail
• activeTab - Communicate between the extension panel and the email tab

Open source

Review the code: github.com/Paxtiny/iris

Disclaimer

iris is a best-effort analysis tool. It does not guarantee detection of all phishing attempts.