General
When protection is applied to a mailbox, Inbound Shield™ will scan every incoming email that arrives in that mailbox.
The incoming email will be put in a sandbox environment where all of the email’s components will be scanned: sender, email headers, links, content and attachments.
Inbound Shield™ engines work as multilayer detectors where every email has to successfully pass all the tests in order to be considered as safe.
If any type of threat is found, the corresponding action will be taken according to what the admin has configured .
The process of scanning the email can take some time, depending on how long it is and how many links and attachments are in the email, usually the scanning process will be no more than a few seconds.
Additionally, emails arriving from domains in the “Domain Spoofing Control” list will require some additional time for scanning to allow for more strict security checks.
Reviewer and recipient notifications
According to the selected action, the reviewer and/or recipient of the email will receive an email notification from Inbound Shield™ whenever a threat is found.
The reviewer’s email report will contain the following (see figure 14):
-
- The recipient of the threat
- Status of the email (removed/quarantined/released)
- A link to allow the reviewer to take actions
- A link to the admin dashboard
- Analysis of the threats in the email
- General information about the email (subject, sender’s email address, etc.)
Figure 14: An example of an email report by Inbound Shield™ which was sent to a reviewer following an incoming threat to one of the protected mailboxes.
The email report sent to the recipient will be very similar except it will not contain the action link, unless the admin has selected “Allow recipient control”.
Taking actions
The Trustifi admin and additional reviewers can take different actions for emails which were identified as threats.
These actions can be performed by either ( 1 ) the Trustifi Secure Access Web App , which can be accessed via the action button in the email notification or ( 2 ) the “Quarantined Emails” tab in the Trustifi web app.
Trustifi secure access portal
When an admin/reviewer clicks on the action link in the email report, a new browser window will open in the secure access portal.
In this window, the admin/reviewer can see a more detailed analysis of the threat, read the email’s content and apply actions for the email and the sender (see figure 15).
Figure 15: The secure access portal showing a detailed report of the quarantined email. In the bottom part you can see the actions which can be taken for the email.
Trustifi web app
The Trustifi admin can also perform these actions at any time by logging into the Trustifi web app and navigating to the “Quarantined Emails” tab under “Inbound Management”.
Here the admin can see a detailed report of all the emails that went into quarantine and were found to be potential threats, including those which have been released or removed.
To perform an action for a specific email, click on the “Actions” menu and select the preferred action from the drop-down menu (see figure 16).
Figure 16: Performing an action on a quarantined email via the Trustifi web app.
A full list of the actions that can be taken on a quarantined email is available in this article – https://trustifi.com/docs/inbound-shield/quarantined-emails/actions-on-quarantined-emails/ .