Features

Email threat analysis before users click.

GuardScope combines AI-assisted review, URL intelligence, sender authentication, and domain context into a structured advisory report for Gmail.

Layer 01

AI-assisted message review

Reviews the message for urgency pressure, impersonation, social engineering, business-email-compromise signals, and suspicious instructions.

Structured reasoning summary
BEC and authority-pressure patterns
Stable low-temperature model settings

Layer 02

Sender authentication

Checks SPF, DKIM, DMARC, MX, and sender-alignment signals to help identify spoofing or misconfigured sender infrastructure.

SPF alignment
DKIM selector probing
DMARC policy checks

Layer 03

URL intelligence

Extracts visible and plain-text URLs from the email and checks them against threat-intelligence sources for phishing, malware, and reputation signals.

VirusTotal and Safe Browsing
PhishTank and URLhaus
SpamHaus DBL checks

Layer 04

Domain and registrar context

Uses DNS and RDAP context to flag newly registered domains, suspicious registrar patterns, and lookalike infrastructure.

Domain-age checks
Registrar context
New-domain risk flags

Layer 05

Impersonation detection

Compares sender, display name, domain, and message content against brand, executive, legal, government, and payment-pressure patterns.

Brand impersonation
Display-name spoofing
Free-provider authority mismatch

Layer 06

Regional threat context

Adds context for common Africa-focused threat patterns such as EFCC/CBN impersonation, BVN phishing, advance-fee pressure, and fintech lookalikes.

EFCC/CBN patterns
BVN and fintech phishing
FR and EN analysis support

Security architecture

Built for a cautious launch posture.

The product is structured around user-triggered scans, backend enforcement, and no GuardScope email-content storage.

No email storage

Email bodies, subjects, recipients, headers, and extracted URLs are not stored in GuardScope databases after analysis.

Server-side quotas

Anonymous and signed-in limits are enforced by the backend, not only by extension UI.

No secrets in extension

Provider keys and sensitive service credentials stay on the backend.

Prompt-injection hardening

Suspicious instruction patterns are filtered and email content is isolated before AI-assisted analysis.

JWT-protected account routes

Authenticated account endpoints validate user identity server-side.

Supabase RLS

Database access is scoped by row-level security policies where user-owned records are stored.

Read security documentation

Add GuardScope to Chrome.

Install the public Chrome Web Store release and keep launch-code access as an optional Pro upgrade.

Add to Chrome