I have added explainable SPF, DKIM, and DMARC signals to PhishGuard AI, my open-source Python phishing-detection project.
The implementation parses a trusted receiver's Authentication-Resultsheader and treats authentication failures as supporting evidence rather thanproof of phishing.
Measured regression examples:
- A legitimate forwarded message with SPF failure remained
SAFE, moving from0.3149to0.3595. - A synthetic credential lure with SPF, DKIM, and DMARC failures moved from
0.6525 SUSPICIOUSto0.8220 PHISHING.
Pass results do not reduce the risk score because authenticated infrastructure can still send malicious messages. Missing, malformed, and unsupported values remain unknown.
The change includes case-insensitive parsing, forwarding false-positive coverage, CLI support, documentation, packaging verification, repository policy checks, CodeQL, and tests across Python 3.10 through 3.13.
Pull request and engineering evidence:
https://github.com/omobolajiadeyan/phishguard-ai/pull/21
The project now also has a one-minute safe demo and a guide for first-time contributors:
https://github.com/omobolajiadeyan/phishguard-ai
I welcome technically grounded feedback, testing, documentation improvements, and focused open-source contributions.
Cybersecurity #Python #EmailSecurity #OpenSource #DevSecOps
Suggested Featured Link
Title: Explainable SPF, DKIM and DMARC Signals in PhishGuard AI
URL: https://github.com/omobolajiadeyan/phishguard-ai/pull/21
Description: Conservative email-authentication scoring with false-positive regressions, documented trust boundaries, cross-version tests, CodeQL, and reproducible before-and-after results.
Top comments (0)