Inbound Shield™
  2. Home
  4. Docs
  6. Inbound Shield™
  8. Quarantined Emails
  10. Email Threats and Actions

Email Threats and Actions

Trustifi allows admins and reviewers to view a detailed analysis of a quarantined email’s detected threats, content, and headers in addition to performing actions on the email itself and on the sender.

To access this information, click on “Threat Analysis” for the email.

This action will open a new window, that contains several sections:

    1. A summary of all threats that were found in the email, arranged according to: email body/sender, links, and files.
    2. A detailed analysis of the email components such as sender/reply-to, sender’s IP address, message ID and more.
    3. Actions that can be taken on the quarantined email itself and on the email sender.
    4. An overview of how the email scored on different AI metrics – spam, graymail, and BEC.
    5. Analysis of the links and files contained in the email.
    6. The content of the email itself. Click on “Show content” to display.
    7. A list of all the email’s headers (not seen in the screenshot, scroll down in this window to view this section).
    8. An activity log of all the actions performed by admins and reviewers on this email (not seen in the screenshot, scroll down in this window to view this section).
Email actions

From this window, you can take several actions on the email:

Release:

This option is available only for emails that are currently in the “Quarantined” status and will release the email back to the recipient’s mailbox. It is recommended to perform this action only if you know the email is safe.

Remove:

This action is only available for emails that are currently under the “Released” status and only if your Trustifi plan is integrated with the Microsoft API.
When this action is performed, the email will be fetched from the recipient’s mailbox and removed.

Note: to see more information about the “Release” and “Remove” actions, view our guide on quarantined email actions.

Trust Links:

This action will whitelist all links in the email. It is recommended to perform this action only if you know all links in the email are safe.

Set Handled:

This will mark this email as “Handled” for other reviewers to know they do not need to review this email again.

Set Not Handled:

This will mark this email as “Not Handled” for other reviewers to know they  need to review this email. This action can only be taken on emails that are marked as “Handled“.

Sign Source:

This action can only be performed on email that were flagged as suspicious/malicious due to an “Unverified Source” status. Performing this action will mark this email’s source as safe.
For more information on this, view our guide on the subject.

Sender Actions

Admins and reviewers can also take actions on the quarantined email’s sender:

Whitelist:

When this action is performed by an admin or a reviewer, it will add the sender to the global whitelist.
After clicking the “Whitelist” action button, a new window will open with additional options:

A reason can be specified (optional) to describe why the sender is being whitelisted.
You may also choose to whitelist any of the following for the email (multiple selection):

    • Sender’s email address
    • Sender’s domain
    • The email’s “Reply-To” email address
    • The email’s “Reply-To” domain
    • The email’s “Message-ID” domain
    • The email’s “Return-Path” domain

Note: when performing the “Whitelist” action, the email will automatically be released.

Blacklist:

When this action is performed by an admin or a reviewer, it will add the sender to the global blacklist.
After clicking the “Blacklist” action button, a new window will open with additional options which will be the same as described above for whitelisting.

Authenticate:

This action can be used in case of a suspected impersonation or spoofing attempt of a known contact. When selecting the “Authenticate” action, a new window will open with an option to select the preferred authentication method:

    • By phone – SMS (recommended)
    • By email

The sender will receive an SMS or email notification, prompting them to confirm if they indeed sent the email in question. Once the sender sends a reply confirming or denying having sent the email, their response will be displayed on this page.

After a sender authentication request is sent, a gray icon will be displayed next to the sender email:

Sender authentication request is pending

Once the sender has responded, the icon will change to green (confirmed) or red (denied):

Sender authentication request has been confirmed

 

How can we help?