Email phishing and spam detection library with built-in REST API
Project description
phishdetect
Email phishing and spam detection library — drop it into any Python project or run it as a standalone REST API on your mail server.
Install
pip install phishdetect
Use as a Python library
from phishdetect import PhishingDetector
detector = PhishingDetector()
result = detector.analyze({
"sender": "support@paypa1.com",
"subject": "Urgent: verify your account NOW!!",
"content": "Click here to reset your password immediately.",
"reply_to": "", # optional
})
print(result["risk_score"]) # "HIGH", "MEDIUM", or "LOW"
print(result["risk_level"]) # 0–100 numeric score
print(result["warnings"]) # detailed list of every signal found
Integrate with your mail server
from phishdetect import PhishingDetector
detector = PhishingDetector()
def on_email_received(email):
result = detector.analyze({
"sender": email.from_address,
"subject": email.subject,
"content": email.body,
})
if result["risk_score"] == "HIGH":
quarantine(email)
elif result["risk_score"] == "MEDIUM":
add_warning_banner(email)
else:
deliver(email)
Run as a REST API server
phishdetect-server
# Server starts at http://0.0.0.0:5000
API endpoints
| Method | Endpoint | Description |
|---|---|---|
| POST | /analyze | Analyze an email for phishing |
| GET | /health | Health check |
| GET | /status | Domain intelligence database info |
| POST | /update | Refresh the Tranco domain list |
Example API call
curl -X POST http://localhost:5000/analyze \
-H "Content-Type: application/json" \
-d '{
"sender": "support@paypa1.com",
"subject": "Urgent: verify your account",
"content": "Click here to reset your password."
}'
What it detects
- Lookalike domains —
paypa1.comvspaypal.com(Levenshtein distance) - Homoglyph attacks — Unicode characters that look like Latin letters (е, о, а)
- Subdomain abuse —
paypal.attacker.compretending to be PayPal - Suspicious keywords — urgency, financial fraud, prize/lottery patterns
- Deceptive links — visible URL differs from actual href destination
- Reply-To mismatch — replies routed to a different domain
- New domains — recently registered domains flagged via WHOIS
- Spam signals — ALL CAPS subjects, excessive exclamation marks, bulk patterns
How the domain database works
On first run, phishdetect automatically downloads the Tranco top-1M domain list and stores the top 50,000 domains in a local SQLite database at ~/.phishdetect/phishing.db. This refreshes weekly. No API key required.
License
MIT
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file phishguard-1.0.0.tar.gz.
File metadata
- Download URL: phishguard-1.0.0.tar.gz
- Upload date:
- Size: 13.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.10.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
0de53b40b1237f5a5ee396c529658c6c248eb85353d8a098943517b6436408cf
|
|
| MD5 |
66d2efbb0227d56433545e16b0f607ae
|
|
| BLAKE2b-256 |
80012bf359cbb627dfef686d0dfbfda1f0caef53302e0d0c9795293a1d2084d9
|
File details
Details for the file phishguard-1.0.0-py3-none-any.whl.
File metadata
- Download URL: phishguard-1.0.0-py3-none-any.whl
- Upload date:
- Size: 13.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.10.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
cee53f5bfe521d2564487176fbec5af018e55773c810d10272dc2165dcde5080
|
|
| MD5 |
46ae89a59c7a96674cff8522b3c5350b
|
|
| BLAKE2b-256 |
5d3b770f00a9d0a197a7eb8b12b693505b49a2d126b9ce6885f396804e9eff90
|
