PhishGuard Docs
A clear guide to what PhishGuard checks, how the score is calculated, what data is handled, and what the current Version 1 build can and cannot do.
Update Log
V1.1.4 warmup
Added Render cold-start awareness, longer backend wake checks, clearer System Status states, and production-safe API startup logging.
V1.1.3 polish
Fixed Command Center section highlighting, strengthened proxy rate-limit handling, improved modal scrolling, and added report cleanup.
V1.1.2 production
Added in-app bug reporting, personal branding, favicon assets, and concise public status labels.
V1.1 production
Added randomized scanner samples, expanded signal coverage, improved report score details, and Resend email delivery for bug reports.
What PhishGuard Does
PhishGuard scans suspicious emails, texts, and links for common phishing indicators. It is meant to help someone slow down, see the evidence, and decide what to do next.
Paste the message
Add the sender, subject, message body, and any URL that appeared in the email or text.
Run the scan
PhishGuard checks the content against a local rule-based scoring model.
Read the evidence
The result shows the score, matched indicators, confidence, and recommended next steps.
Export if useful
The report view can copy or export a clean summary for notes, classwork, or reporting.
Score Ranking
Low
0-24
Few or no warning signs. Still verify unexpected requests before acting.
Medium
25-49
Some suspicious context exists. Slow down and verify through an official channel.
High
50-74
Multiple warning signs are present. Avoid links and attachments until verified.
Critical
75-100
Strong phishing indicators. Do not interact and report the message if it came through school or work.
Scoring Signals
The score comes from matched rules. Strong indicators add more points, while weak context signals are kept lower so normal messages do not become scary by accident.
Urgency
Pressure words, deadlines, account locks, and immediate action language.
Credentials
Requests for passwords, logins, verification codes, or identity confirmation.
Links
Shorteners, IP addresses, HTTP links, lookalike domains, and mixed destination domains.
Mismatch
Sender names or visible link text that do not match the real destination.
Money
Billing, invoice, refund, transaction, or payment pressure.
Writing quality
Misspellings, odd spacing, all-caps pressure, and repeated punctuation as supporting evidence.
Privacy
Messages are sent to the backend for analysis, but the backend does not store submissions.
The report page uses browser session storage so a result can be viewed without placing message content in the URL.
Optional scan history is off by default and stays in the user's browser when enabled.
Bug reports are sent through the backend by email and should not include passwords, codes, or sensitive message content.
Users should not paste passwords, verification codes, Social Security numbers, financial details, or private personal data.
Limitations
Rule-based detection can miss new attacks, image-only phishing, and highly targeted impersonation.
A trusted domain is not automatically safe; real services can be abused in phishing messages.
PhishGuard is built for awareness and learning, not as a replacement for enterprise email security tools.
The trusted-domain and brand lists should be expanded carefully so the model does not become too permissive.
Developer Notes
Frontend
Next.js app with same-origin routes for scanner and health checks.
Backend
Express TypeScript service that runs the scoring engine and exposes GET /health.
Analyze route
POST /api/analyze proxies to the backend through INTERNAL_API_URL.
Rate limiting
Backend limits can be tuned with RATE_LIMIT_MAX_REQUESTS, RATE_LIMIT_WINDOW_MS, and TRUST_PROXY_HOPS.
Deployment path
Recommended public URL: phishguard.shivpatel.net with frontend and backend hosted separately.
Repository
The source code, setup notes, and project history are available in the public GitHub repository.