When a user reports a suspicious email it is sent to their Deleted Items (in Outlook anyway). When it is determined the message is malicious, we have no way to 'force' the message to be permanently deleted from the users' deleted items. If Phish Alert injected a keyword into the header (or perhaps elsewhere) we could search for it and delete those messages programmatically. It is understood this would also delete any non-threat messages as well.
Our email retention policy prohibits us from forcing the user to empty their deleted items when Outlook closes. Our only option is to call the person and ask them to delete it. This could be risky as we'd be asking our user to interact with a potentially dangerous email.
I know this is pie-in-the-sky, but it would be fantastic if PhishER could remove the message in the mail system when it's tagged as a Threat. (it doesn't hurt to ask, right?)
Please sign in to leave a comment.