Skip to main content
ThreatBody content

Body inserts zero-width chars between letters of keywords — filter evasion

body-invisible-char-obfuscation

What this tier means

High-confidence threat indicator — phishing, impersonation, BEC, or scam pattern. Strong contributor to the trash decision.

How Gorganizer detects this

The email body contains a zero-width or word-joiner Unicode character (U+200B ZWSP, U+200C ZWNJ, U+200D ZWJ, U+2060 word joiner, U+FEFF BOM, etc.) sitting BETWEEN two ASCII letters — e.g. `p\u200Bassword reset`, `w\u200Dire transfer`, `ver\u2060ify your account`. This is a keyword-filter evasion technique: the rendered text looks normal to the user, but a naive keyword scanner never matches `password`, `wire transfer`, or `verify`. The detection is restricted to "invisible char between two ASCII letters" specifically to avoid false-firing on legitimate emoji ZWJ sequences (skin-tone modifiers, family emoji), Arabic/Indic ZWJ/ZWNJ rendering hints, or stray BOMs at message start. No legitimate English/Latin word contains a zero-width character mid-word — this shape is uniquely diagnostic of evasion intent. Weighted at +3, parallel to `body-html-entity-obfuscation` and `hidden-text-in-body`: strong evasion indicator that combines with whatever body-level text signals the attacker was trying to hide.

False-positive guard

Every signal in Gorganizer feeds a multi-module score — never a sole verdict. This is a threat-tier signal — it adds a strong contribution to the trash score. The full pipeline still requires convergence across multiple modules + a margin over the safety floor before deletion happens, and Gmail's trash (30-day recovery) is always used — never permanent delete.

About the scoring engine

Gorganizer's scoring engine emits over 1,800 signals across six modules — headers, sender, subject, body, attachments, and structural metadata. Every email is scored by every module independently; the final verdict requires multiple modules to agree and the trash score to beat the safety floor by a margin.

Sacred safety guards — never delete starred emails, replies, calendar invites, receipts/invoices, or attachments — apply unconditionally regardless of any signal.

Browse all signalsSafety guaranteesJSON

Ready to clean your inbox?

Gorganizer scans your Gmail with this signal and 1,800+ others, then cleans everything in one click. $4.99 one-time, no subscription.

Get started