Email Verdicts

IMPERSONATION

Email contains Business Email Compromise indicators and sender information matches or is similar to an internal user.

For more information on registering users and impersonation detection, please see this article.

Allow rule

MALWARE

The email contains malicious content such as a URL or attachment.

Custom rule

PHISHING

The email contains content such as a URL or attachment that is considered phishing.

Custom rule

SPAM-LIKELY

The email has received a spam score of 6.25-9.00

Allow rule

SPAM-HIGH

The email has received a spam score of 9.00-18.00

Allow rule

SPAM-DEFINITE

The email has received a spam score of 18.00+

Allow rule

INFOMAIL

The email contains an unsubscribe link and/or advertising, marketing, newsletter type content.

Tip: Many transactional emails contain unsubscribe links and will be quarantined if your policy is configured to quarantine Infomail.

Remove from policy / Allow rule

POLICY - ATTACHMENT/ BANNED

Email contains an attachment which is banned by policy.

For trusted senders, a custom rule can be created to bypass this policy check.

Tip: Allow rules DO NOT bypass this verdict. To bypass the banned verdict, you must create a custom rule or remove the attachment type from the policy option.

Remove from policy / Custom rule

POLICY-GEO

Email originates from a country OR envelope-from top-level-domain (TLD) that has been blocked by policy.

Tip: Allow rules DO NOT bypass this verdict. To bypass the policy-geo verdict, you must create a custom rule or remove country from the policy option.

Remove from policy / Custom rule

CLEAN

Email has been scanned and given a clean verdict.

n/a

THREAT-SCANNING

This is a temporary verdict indicating the emails is currently undergoing sandbox analysis. Once complete, the verdict will be automatically updated.

n/a