Zero-width char inside link anchor text (mismatch-check evasion)
href-anchor-invisible-chars
What this tier means
High-confidence threat indicator — phishing, impersonation, BEC, or scam pattern. Strong contributor to the trash decision.
How Gorganizer detects this
An `<a>` anchor text contains a zero-width or word-joiner char (U+200B ZWSP, U+200C ZWNJ, U+200D ZWJ, U+2060 word joiner, U+FEFF BOM) positioned between two ASCII letters. Canonical evasion shape: `<a href="https://attacker.com">https://paypal.com/login</a>`. The user sees `https://paypal.com/login` because the ZWSP renders as nothing, but the iter 223 `href-text-domain-mismatch` check doesn't fire because its URL-extraction regex doesn't include zero-width chars in its character class — the text-host extraction fails silently. This signal catches the obfuscated anchor text directly: the mere presence of an invisible char between two ASCII letters inside a link label is exclusively an evasion shape. Weighted at +4.
False-positive guard
Every signal in Gorganizer feeds a multi-module score — never a sole verdict. This is a threat-tier signal — it adds a strong contribution to the trash score. The full pipeline still requires convergence across multiple modules + a margin over the safety floor before deletion happens, and Gmail's trash (30-day recovery) is always used — never permanent delete.
About the scoring engine
Gorganizer's scoring engine emits over 1,800 signals across six modules — headers, sender, subject, body, attachments, and structural metadata. Every email is scored by every module independently; the final verdict requires multiple modules to agree and the trash score to beat the safety floor by a margin.
Sacred safety guards — never delete starred emails, replies, calendar invites, receipts/invoices, or attachments — apply unconditionally regardless of any signal.
Ready to clean your inbox?
Gorganizer scans your Gmail with this signal and 1,800+ others, then cleans everything in one click. $4.99 one-time, no subscription.
Get started