Verifeye is a Chrome extension that catches phishing emails in Gmail before you click. It runs entirely in your browser — no inbox uploads, no server, no ads — and tells you why a message is suspicious, not just that it is.
Modern phishing emails clear DKIM, pass DMARC, and look pixel-perfect. They land in your inbox, not your spam folder — and that's where the damage happens.
Phishing accounts for roughly 1 in every 4,200 emails sent — and the most dangerous ones never trigger a spam flag.
The vast majority of corporate compromises begin with a single user clicking a single link in a single message.
That's how long a person spends judging an email. Verifeye gives you that judgment instantly, with reasons.
Verifeye watches Gmail in real time. Every email you open is analyzed, and a verdict banner appears at the top — green, amber, or red — with a reasoning chain you can read in seconds.
One-click install from the Chrome Web Store. Verifeye runs locally and asks for the minimum permissions needed to scan Gmail.
No accounts to create. No setup. Verifeye watches your inbox in the background and analyzes the email you have open the moment it loads.
A clear verdict banner appears above the email — Safe, Warning, or Dangerous — with the exact reasons. One click to dismiss or trust the sender.
Verifeye doesn't lean on a single neural network you can't inspect. It runs every email through a stack of authoritative signals and tells you exactly which ones tripped.
Best-effort SPF, DKIM, and DMARC inspection from the message headers Gmail exposes. We catch broken auth and "via" sender mismatches.
Verifeye remembers every sender you've ever interacted with. New senders, sticky-flagged senders, and display-name swaps are all caught.
A curated registry of 130+ brands (banks, recruiters, ATS systems). Damerau-Levenshtein typo detection catches "g00gle", "micros0ft", "amaz0n" — and their lookalike domains.
Unsolicited business offers, broken-language tells, urgency baiting, and template-similar mass blasts get flagged the moment they appear.
The classic phish: anchor text says "amazon.com", the URL says something else. Verifeye compares every clickable link's visible text against its real destination.
Suspicious extensions (.zip-in-a-pdf, .exe, .iso, double extensions) are surfaced before you click. We don't open the file — we just read what Gmail tells us.
All signals combine into a single verdict: Safe, Warning, or Dangerous — with the full reasoning chain shown to you.
No new app to learn. The Verifeye banner appears right above the email — exactly where you already look first.
Dear Customer, we detected unusual activity on your account. Please verify your identity immediately by clicking the link below. Failure to do so will result in account suspension within 24 hours…
A toolbar, a popup, a real-time banner, and a full dashboard. Verifeye is what an enterprise security team would build — packaged for one person.
One click scans the visible inbox. Auto-scrolls through virtualized rows, shows live progress, cancellable any time.
Every detection lands on a VirusTotal-style dashboard with charts, timelines, and the full reasoning chain per verdict.
No telemetry. No analytics. Your email body, headers, and attachments are read locally and discarded after analysis.
False positive? Trust a sender once and Verifeye stops flagging that source — including its sticky-risk history.
Every flag shows the exact reasons in plain English. No mysterious confidence score — just the signals that tripped.
130+ commonly impersonated brands across banking, jobs, tech, and government. Updated with each release.
We built Verifeye because we wanted the protection without the trade-off. Every analysis happens in your browser. Nothing is sent to a server — because there is no server.
Email bodies, headers, and attachments are read by your browser and never transmitted anywhere.
Verifeye doesn't track you, send analytics, or phone home. We don't even know you're running it.
The detection logic is right there in the extension. Inspect every layer, every rule, every signal.
Gmail's filter focuses on bulk spam and known-bad senders. The phishing emails that hurt people are the ones that pass through it — well-crafted, single-recipient, brand-impersonating messages. Verifeye is built specifically for those. It checks brand impersonation, link-text mismatches, sender history, behavioral cues, and authentication signals together, then explains its reasoning.
No. Every analysis runs locally in your browser. Verifeye has no backend service, no analytics, and no telemetry. You can verify this in your browser's network panel — Verifeye makes no outbound requests during email analysis.
Gmail (web) is fully supported today. Outlook on the web is in active development for the v2 release. Native desktop email clients (Apple Mail, Outlook desktop) are not supported — Verifeye is a browser extension.
Verifeye uses authoritative signals rather than a single ML model trained on a dataset that ages out. Verdicts cite the exact reasons, so if it ever gets one wrong, you can see why and tell it to trust the sender. The dashboard tracks every detection so you can audit accuracy over time.
Yes — Verifeye is free during the research preview. We're building paid tiers with team features, OAuth-based deeper inspection, and Outlook support, but the on-device core will always be available for individuals.
No. Analysis runs in milliseconds, and the bulk inbox scanner explicitly yields control to Gmail's UI between every email — your tab stays responsive even during a 50-email scan.
Install Verifeye in under 30 seconds. Your inbox stays yours.
Add Verifeye to Chrome