How It Works

From email open to
verdict in 8 seconds.

Nine intelligence sources run in parallel the moment you click Analyze. Here's exactly what happens under the hood.

01

Install the Chrome Extension

Add GuardScope to Chrome from the Web Store. The extension injects a secure sidebar panel into Gmail using Shadow DOM isolation — no interference with your existing Gmail experience.

First-run consent screen explains exactly what data is accessed. No OAuth token, no Gmail API — pure DOM scraping of the visible email.
02

Open Any Email in Gmail

GuardScope automatically detects when you open an email in Gmail. The security panel slides in from the right side of your inbox, ready to analyse — it does nothing until you ask it to.

The extension extracts email headers, body text, URLs, attachment signals, Gmail warnings, and return-path data from the DOM.
03

Click "Analyze This Email"

One click triggers all six parallel scans simultaneously. No waiting for one to finish before the next starts — they all run at once.

Mercury-2 AI, DNS lookups, VirusTotal, Google Safe Browsing, PhishTank, URLhaus, SpamHaus, RDAP, header analysis, and domain similarity — all in one Promise.allSettled().
04

Read Your Verdict in 8 Seconds

A structured security report appears: a 0–100 risk score, a plain-English verdict, specific threat flags with evidence, and a recommended action. No jargon, no security expertise needed.

Scores: 0–25 SAFE · 26–49 LOW · 50–69 MEDIUM · 70–84 HIGH · 85–100 CRITICAL
The Engine

9 sources. All parallel.

All nine intelligence sources fire simultaneously via Promise.allSettled — if one is slow or down, the others still deliver.

Promise.allSettled() — all 9 run simultaneously
Mercury-2 AI
Chain-of-thought reasoning
DNS: SPF/DKIM/DMARC
Cloudflare DoH · 20-selector probe
VirusTotal v3
90+ antivirus engines
Google Safe Browsing
Real-time URL check
PhishTank + URLhaus
Confirmed phishing URLs
SpamHaus DBL
Sender domain blocklist
RDAP Domain Intel
Registration date + registrar
Header Analysis
200+ brands + BEC patterns
Domain Similarity
Typosquatting + homograph
Risk Scoring

What the score means

Hybrid scoring: rule_score × 0.35 + mercury_score × 0.65, then hard overrides applied for known-bad signals.

0 – 25
SAFE

Safe to proceed

26 – 49
LOW

Proceed with awareness

50 – 69
MEDIUM

Verify sender before acting

70 – 84
HIGH

Do not click links or reply

85 – 100
CRITICAL

PHISHING DETECTED — Do not engage

See it in action on your inbox

Free — 5 analyses per day, no credit card needed.

Get Early Access