DGuardAPI Docs

Email Phishing Protection

Email phishing protection using Machine Learning models and rule analysis. Includes SPF/DKIM/DMARC verification, URL analysis, and identity spoofing detection.

Features

ML Detection

PhishBERT with 95%+ accuracy

Authentication Analysis

SPF/DKIM/DMARC verification

URL Scanning

Embedded URL analysis

Brand Spoofing

Brand impersonation detection

Integration & Compliance

Obtaining read_only access to user emails via Gmail requires a Tier 2 CASA (Cloud Application Security Assessment) Compliance certificate.

CASA Tier 2 Certified

DGuard is fully CASA Tier 2 certified, allowing us to securely handle sensitive email data. To simplify your integration and avoid the complex compliance process, we recommend using DGuard's OAuth directly for Gmail, Outlook, and other major providers.

Analyze Email

bash
POST /email/analyze

Request Example

json
{
  "sender_email": "security@paypa1.com",
  "sender_name": "PayPal Security",
  "recipient_emails": ["cliente@banco.com"],
  "subject": "URGENT: Verify your account immediately",
  "text_content": "Your account has been suspended. Click here to verify...",
  "authentication_results": {
    "spf": "fail",
    "dkim": "fail",
    "dmarc": "fail"
  },
  "extracted_urls": ["https://paypa1-security.com/verify"]
}

Response Example

json
{
  "analysis_id": "email_xyz789",
  "is_phishing": true,
  "risk_level": "critical",
  "risk_score": 0.92,
  "confidence_score": 0.96,
  "threat_indicators": [
    {
      "type": "sender_spoofing",
      "severity": "critical",
      "description": "Domain 'paypa1.com' mimics 'paypal.com'"
    },
    {
      "type": "urgent_language",
      "severity": "high",
      "description": "Uses urgent language to pressure user"
    },
    {
      "type": "authentication_failure",
      "severity": "high",
      "description": "Failed SPF, DKIM and DMARC authentication"
    }
  ],
  "content_analysis": {
    "urgency_detected": true,
    "requests_credentials": true,
    "brand_impersonation": "PayPal"
  }
}

Risk Levels

safe0.0 - 0.19Authentication OK, known sender
low0.2 - 0.39Some minor anomalies
medium0.4 - 0.59Suspicious content, doubtful URLs
high0.6 - 0.79Multiple phishing indicators
critical0.8 - 1.0Confirmed phishing

Rate Limiting

Rate limits for the Email Protection module are enforced per application. All endpoints share the same quota based on your plan. For detailed specifications, see the Security & Compliance page.

Sandbox: 60 req/min
Production: 1,000 req/min