Frequently Asked Questions

DelPhish is a free AI-powered tool that analyzes emails to detect phishing attempts. It combines heuristic rules, machine learning models, and real-time URL intelligence to provide accurate threat detection.

Our engine uses a hybrid approach: 45+ heuristic rules analyze patterns in URLs, keywords, sender information, and email headers. Additionally, a machine learning model trained on phishing datasets provides a complementary risk score. Both scores are combined for maximum accuracy.

DelPhish supports multiple input methods:

• Manual entry: Paste the email content directly
• File upload: .eml and .msg email files (up to 25 MB)
• Screenshot OCR: PNG, JPG, or WebP images (up to 10 MB)

No, you can analyze emails as a guest. However, creating a free account gives you access to your analysis history, allowing you to review past results and track suspicious emails over time.

The risk score ranges from 0 to 100:

• 0-20: Safe - No significant threats detected
• 21-40: Low risk - Minor suspicious elements
• 41-60: Medium risk - Several warning signs present
• 61-80: High risk - Strong indicators of phishing
• 81-100: Critical - Almost certainly a phishing attempt

DelPhish uses four independent analysis layers:

• Heuristic engine (30%): 45+ rules across 6 categories (URLs, keywords, sender, content, headers, URL intelligence)
• Machine Learning (25%): A calibrated Random Forest model with 1,052 features, trained on 10,000+ real phishing/legitimate emails
• BERT (20%): A deep learning transformer fine-tuned for phishing detection that understands semantic meaning
• LLM (25%): A large language model that reasons about the email like a human expert and provides detailed analysis

Each layer independently produces a score. These are combined using asymmetric dampening, where low outlier scores are dampened to prevent a single fooled layer from masking a threat.

Beyond the risk score, DelPhish classifies each email:

• Phishing: The email attempts to steal credentials or personal information through deception
• Spam: Unsolicited marketing email that is not dangerous but unwanted (e.g., has List-Unsubscribe header, valid authentication, marketing infrastructure)
• Suspicious: The email has some warning signs but doesn't clearly fit phishing or spam patterns
• Legitimate: The email appears safe with no significant risk indicators

No detection system is perfect. DelPhish provides a risk assessment based on known phishing patterns and AI analysis, but sophisticated attacks may occasionally evade detection. Always use caution with suspicious emails, even if marked as low risk. Never click links or download attachments from unknown senders.

Yes! DelPhish can analyze SMS messages for smishing (SMS phishing) attempts. The SMS pipeline uses two layers: the heuristic engine (with SMS-specific rules for phone numbers, short codes, and delivery scam patterns) and the LLM. The ML and BERT layers are not used for SMS since they were trained on email data.

DelPhish detects the email language automatically. The heuristic engine has bilingual dictionaries for English and Spanish. For other languages, the email is translated to English for ML and BERT processing, while the LLM analyzes the original text natively. The interface is available in English and Spanish.

Yes. Your email data is processed securely and is not stored permanently on our servers. Analysis is performed in real-time, and we do not share your information with third parties. You can also use the tool without creating an account.

URL Intelligence performs real-time checks on every link found in the email. This includes DNS resolution, SSL certificate validation, WHOIS domain age lookup, and reputation checks against known malicious domains. This helps identify suspicious links even if they appear legitimate at first glance.

Yes! After analysis, if a suspicious URL is detected, you can report it as phishing. Community reports are verified through a voting system and admin review. Confirmed phishing URLs are added to our database to improve detection for all users.

Yes, after each analysis you can download a detailed PDF report. The report includes the risk score, classification, score breakdown from all analysis layers, risk factors with explanations, URL intelligence results, and recommendations. Available in both English and Spanish.

The Dashboard is available to registered users and provides visual statistics of your analysis history. It includes charts showing risk distribution, email classification breakdown, email vs SMS analysis counts, average scores, and a 30-day trend chart.