Email Verdicts
This article explains email verdicts shown in the Live Email Tracker and Policy pages.
Threat verdicts
Verdict | What the verdict means | How to bypass |
---|---|---|
IMPERSONATION | Email contains Business Email Compromise indicators and sender information matches or is similar to an internal user. For more information on registering users and impersonation detection, please see this article. | Allow rule |
MALWARE | The email contains malicious content such as a URL or attachment. | Custom rule |
PHISHING | The email contains content such as a URL or attachment that is considered phishing. | Custom rule |
Spam verdicts
Verdict | What the verdict means | How to bypass |
---|---|---|
SPAM-LIKELY | The email has received a spam score of 6.25-9.00 | Allow rule |
SPAM-HIGH | The email has received a spam score of 9.00-18.00 | Allow rule |
SPAM-DEFINITE | The email has received a spam score of 18.00+ | Allow rule |
Policy based verdicts
Verdict | What the verdict means | How to bypass |
---|---|---|
INFOMAIL | The email contains an unsubscribe link and/or advertising, marketing, newsletter type content. Tip: Many transactional emails contain unsubscribe links and will be quarantined if your policy is configured to quarantine Infomail. | Remove from policy / Allow rule |
POLICY - ATTACHMENT/ BANNED | Email contains an attachment which is banned by policy. For trusted senders, a custom rule can be created to bypass this policy check. Tip: Allow rules DO NOT bypass this verdict. To bypass the banned verdict, you must create a custom rule or remove the attachment type from the policy option. | Remove from policy / Custom rule |
POLICY-GEO | Email originates from a country OR envelope-from top-level-domain (TLD) that has been blocked by policy. Tip: Allow rules DO NOT bypass this verdict. To bypass the policy-geo verdict, you must create a custom rule or remove country from the policy option. | Remove from policy / Custom rule |
Additional verdicts
Verdict | What the verdict means | How to bypass |
---|---|---|
CLEAN | Email has been scanned and given a clean verdict. | n/a |
THREAT-SCANNING | This is a temporary verdict indicating the emails is currently undergoing sandbox analysis. Once complete, the verdict will be automatically updated. | n/a |