Gmail blocks millions of spam emails every day — but a growing wave of targeted phishing, AI-written scams, and business email compromise passes straight through its filter and lands in your inbox.
🔒 No email content stored · Instant results · Works in Gmail
Gmail's spam filter is one of the most sophisticated bulk-email filters ever built. It analyses hundreds of signals before you ever see a message: sender reputation, domain age, sending volume patterns, SPF and DKIM authentication records, links compared against known malicious URL databases, and content patterns matching previously identified spam campaigns.
For mass-blast spam — generic phishing templates, unsolicited marketing, and known fraud campaigns — Gmail's filter performs extremely well. It was designed specifically for this threat: high-volume, low-personalisation email that shares identifiable patterns across thousands of instances.
The problem is that the most dangerous email threats today are no longer mass-blast campaigns. Targeted phishing, AI-written scams, and business email compromise attacks are individually crafted, delivered once, and arrive from addresses Gmail has never flagged before. The same signals that make Gmail excellent at catching bulk spam are entirely irrelevant against a targeted attack — and attackers know it.
Gmail's filter is optimised for known, high-volume attacks. These four threat types are specifically structured to defeat it.
Spear phishing emails address you by name, reference your employer, recent purchases, or colleagues. They are sent once from a fresh domain with no prior sending history — so Gmail has no reputation data to act on. Gmail's filter passes the email; the recipient reads a convincing, personalised impersonation.
Emails drafted by ChatGPT, Claude, or Gemini have no known signature. They are grammatically perfect, contextually coherent, and stylistically convincing. Spam filters work by recognising patterns — AI writing produces entirely novel text that doesn't match any pattern on file.
BEC attacks impersonate executives, vendors, or IT departments to request urgent wire transfers or credential resets. These emails often contain no links at all — just text — and arrive from convincingly named domains. Gmail has no mechanism to detect the social manipulation written into the message body.
Attackers send phishing via Google Docs share notifications, DocuSign links, and SharePoint invitations. The sending domain is legitimate — Google or Microsoft — so Gmail's reputation checks pass the email. The phishing is inside the linked document, not the email itself.
Gmail's filter and TrustScan protect against different threats. Together, they cover everything.
| Threat type | Gmail spam filter | TrustScan |
|---|---|---|
| Mass-blast spam campaigns | ✓ Catches | ✓ Catches |
| Known phishing domains | ✓ Catches | ✓ Catches |
| Targeted / spear phishing | ✗ Misses | ✓ Catches |
| AI-written scam emails | ✗ Misses | ✓ Catches |
| Business email compromise (BEC) | ✗ Misses | ✓ Catches |
| Social engineering language | ✗ Misses | ✓ Catches |
| Phishing via Google Docs / SharePoint | ✗ Misses | ✓ Catches |
| Trust score per email (0–100) | ✗ Not available | ✓ Every email |
TrustScan doesn't replace Gmail's spam filter — it runs after it, scanning every email that makes it to your inbox.
Gmail checks sender authentication and link reputation. TrustScan reads the actual message — detecting manipulation tactics, urgency framing, credential requests, and social engineering patterns that reveal intent regardless of whether the sender's domain has any prior reputation.
TrustScan checks whether the email was drafted by a language model such as ChatGPT or Claude. AI-written phishing is becoming the dominant attack vector precisely because spam filters cannot detect it by pattern matching. Learn how AI detects AI phishing →
Gmail's verdict is binary: spam folder or inbox. TrustScan produces a numeric trust score from 0 to 100, with a colour-coded badge and a plain-English explanation of exactly what it found — so you can make an informed decision, not just accept a binary label.
Unlike copy-paste phishing checkers, TrustScan scans every email the moment you open it. Install the Chrome extension once and it runs silently on every message — every time — with no manual action required.
The attacks that bypass Gmail's filter are targeted by design. These groups face the highest exposure.
Business email compromise attacks specifically target employees with authority to approve payments. A convincing fake email from "the CEO" or "a vendor" requesting an urgent wire transfer will pass Gmail's filter without issue.
AI-generated fake parcel delivery notifications, bank account alerts, tax refund notices, and subscription renewal scams look identical to legitimate messages — and bypass Gmail's bulk-spam detection entirely because they are sent as individual messages.
Fake invoices, impersonated client emails, and payment-redirect scams cost small businesses billions annually. Without enterprise security tooling, these businesses rely entirely on Gmail's spam filter — which is exactly what attackers count on.
Gmail's spam filter works by recognising bulk sending patterns, known malicious domains, and previously flagged URL signatures. Targeted phishing emails have none of these signals — they arrive from fresh or legitimate-looking domains, are sent just once, and contain no links that appear in Gmail's threat databases. Gmail's filter sees a normal email. TrustScan reads the language, intent, and manipulation tactics inside the message itself.
Yes. Gmail checks sender authentication records (SPF, DKIM, DMARC), compares links against known malicious URL databases, and flags emails from domains impersonating popular brands. These protections work well against known, mass-scale phishing campaigns. They do not catch novel phishing domains, AI-crafted spear phishing messages, or business email compromise attacks that use clean infrastructure.
Spam filtering is volume-based: it identifies bulk unsolicited email by sender reputation, sending volume, and keyword pattern matching. Phishing detection is intent-based: it analyses the language and goal of a message to determine whether it is trying to manipulate the recipient into surrendering credentials, money, or personal information. Spam filters catch noise. Phishing detectors catch targeted deception.
Yes. TrustScan is a free Chrome extension that adds a real-time phishing scanner inside Gmail. It automatically scans every email you open and displays a trust score from 0 to 100 next to the subject line — green (safe), amber (caution), or red (high risk). No copy-pasting, no extra tabs, no configuration needed. See the pricing page for plan details.
AI-generated phishing emails are written by large language models like ChatGPT and have no prior signature. They arrive from fresh domains, contain no previously flagged links, and are grammatically perfect and contextually plausible. Gmail's filter has no pattern to match against. The only reliable way to identify them is by analysing the intent and language of the message itself — which requires AI-powered content analysis, not pattern matching. Read more about how AI detects AI-written phishing emails →
Yes. TrustScan works with both personal Gmail accounts and Google Workspace (formerly G Suite) accounts accessed through a web browser. It is compatible with Google Chrome, Microsoft Edge, and Brave on Windows, macOS, and ChromeOS.
TrustScan adds a real-time phishing scanner inside Gmail that catches exactly what the spam filter misses. Install once — protected forever.
Install TrustScan for ChromeRequires Google Chrome, Edge, or Brave. No account needed · Uninstall anytime.