v1.0.6 - False Positive Reduction Update
Changes Made
1. Added "Suspicious" Verdict Category
- New verdict: suspicious - for borderline emails that aren't clearly malicious
- Three-tier system: legitimate → suspicious → malicious
- UI shows orange badge with "⚡ SUSPICIOUS" for this category
2. Enhanced System Prompt with Legitimate Email Patterns
Added guidance for the LLM to recognize legitimate emails:
- Mailing list headers (newsletters)
- No credential requests
- Links matching sender domain
- Transactional emails (receipts, confirmations)
- Personalized greetings
3. Mailing List Recognition
- Emphasized is_mailing_list: true as a strong legitimate indicator
- Prompt explicitly states "newsletters are typically legitimate"
4. Confidence Threshold Logic
- Low-confidence "malicious" verdicts (< 70%) automatically downgraded to "suspicious"
- Adds explanatory reason when adjustment occurs
5. Reply-To/Return-Path Context
- Clarified these mismatches are common in legitimate newsletters
- "Only suspicious when combined with phishing content"
6. Updated UI
- New orange "warning" badge style for suspicious emails
- Pulsing animation to draw attention without alarming
Files Modified
| File | Changes |
|------|---------|
| src/shared/state.js | Added 'suspicious' to VERDICTS array |
| src/shared/api.js | New prompt, confidence threshold logic |
| src/messageDisplay/inject.js | 3-tier verdict display logic |
| src/messageDisplay/inject.css | Orange warning badge styling |
| manifest.json | Version 1.0.6 |
| package.json | Version 1.0.6 |
Expected Impact
- Fewer legitimate emails marked as "malicious"
- Borderline cases now show "suspicious" instead of binary verdict
- Newsletters and mailing lists less likely to trigger false positives
- Low-confidence detections handled more gracefully

Thank you for reviewing version 1.0.3. I updated the submission to fix the highlighted issues with other bug fixes. Please find details in `Notes to Reviewer` section