Graph API

Share

Is this article helpful?

Last updated:

Defend | Post-Delivery User Guide

Defend is an email security tool that evaluates the context, relationships, and message content of your inbound emails. This analysis occurs when emails reach your inbox, helping prevent inbound cyber threats and allowing your admins to identify and act on any future breaches.

Note:The information contained in this guide is the default configuration of the Defend features. Your experience may vary depending on your organization's configuration choices.

Tags

Based on Defend’s analysis, incoming emails from outside of your organization will have a colored tag applied. These colorful tags indicate how the email has been classified. The banner's color corresponds to its associated threat level.

These tags let you quickly identify an email's Defend classification before you even open it. Tags can also be selected to view all emails categorized under that tag.

The following color and category tags may be added to your emails:

  • Gray
    • Graymail
    • Spam
  • Blue
    • First-time sender
    • Impersonation
    • Financial
    • Sensitive
    • Threat Notification
  • Amber
    • Suspicious
  • Red
    • Dangerous*

*You may never see a dangerous tag if your admin configured the settings to send dangerous emails to quarantine or be replaced with a threat notification.

Threat Notification

If configured by your admin, Defend may send you threat notification emails to help you recognize phishing attempts. These emails arrive after Defend identifies an email as suspicious or dangerous and will be marked with a blue tag in your inbox. Threat notifications replace the original suspicious or dangerous email with information about what Defend detected.

Threat notification emails contain the following information and options:

  • Original email details
    • Subject
    • From address
    • Sent time
    • Sender location
    • Sender relationship history
  • Email Analysis Summary
    • Provides details for up to five reasons why Defend thought the email could be a phishing attack.
  • Report buttons
    • Report the original email as “Phish”. This option is only available for emails identified as suspicious.
    • Report the original email as “Not Phish”.

An example threat notification email is shown in the screenshot below.

Defend Post-Delivery Threat Notification

Productivity Management

Managing your inbox effectively requires distinguishing between different types of bulk communication. Defend categorizes unsolicited or non-essential emails into two main groups:

  • Graymail
    • Non-malicious bulk email, such as newsletters or marketing updates, that you may have opted into in the past. It is technically wanted at some point, but it can become distracting.
  • Spam
    • Unsolicited and potentially dangerous bulk email. These are often sent for commercial purposes and may contain malicious links or attachments.

Depending on your organization's configuration, emails flagged as graymail or spam will either:

  • Appear in your inbox with a Graymail or Spam tag.
  • Be sent to your Graymail or Junk folder with a Graymail or Spam tag.

Was this article helpful?

0 out of 0 found this helpful

Can't find what you're looking for?

Contact Support