Nicodaimus Iris

nicodAImus iris scans your emails for phishing risks and scores them 0-10, entirely in your browser. No data ever leaves your machine.

HOW IT WORKS
Open an email in Gmail or Proton Mail, then click Scan. iris analyzes the email and shows a threat score with detailed signals explaining why an email may be suspicious.

WHAT IRIS CHECKS
- Email authentication (DKIM, SPF, DMARC verification)
- Domain impersonation (homoglyph detection, e.g. "paypa1.com" mimicking "paypal.com")
- URL shorteners that hide the real destination (bit.ly, tinyurl, etc.)
- Pressure language and urgency tactics ("Act now", "Your account will be suspended")
- Credential requests ("Enter your password")
- Generic greetings ("Dear Customer" instead of your name)
- Display name spoofing (name says "paypal.com" but sender is someone else)
- Suspicious file attachments

PRIVACY FIRST
iris performs all analysis locally in your browser. Zero network requests. Zero data collection. Zero tracking. Your emails never leave your device.

The only network activity occurs if you voluntarily click the developer attribution link, which opens nicodaimus.com in a new tab like any normal website visit.

SUPPORTED MAIL PROVIDERS
- Gmail (mail.google.com)
- Proton Mail (mail.proton.me)

OPEN SOURCE
iris is open source. Review the code at github.com/Paxtiny/iris

DISCLAIMER
iris is a best-effort analysis tool based on heuristics. It does not guarantee detection of all phishing attempts. Use it as an additional layer of caution, not as your sole security measure.