Configuring Risk Levels

Risk Levels provide some control over the behavior Shield takes on a message that matches a specific risk. The Risk Levels can be applied to an Organization, individual user, or to a specific sender of a user within Shield Control.

Risk Levels

  • High - A high-risk places the email into the Jail regardless of whether the sender is a trusted contact.
  • Moderate - A moderate-risk places the email in the Junk Email folder unless the sender is a trusted contact. An email in the Junk email folder will retain its original contents but will be subject to the folder's native protections.
  • Low - A low-risk email will only include insights in X-ray and go to the Review folder if the sender is an unknown contact.

Risk Categories

Screenshot 2024-11-22 at 14.36.15.png

Choose the appropriate risk level for the category to alter Shield's default behavior.

  • Unauthorized: SPF failure of the envelope sender address or a DMARC quarantine or reject policy.
  • Forged: DKIM signature failure.
  • Bulk: The email's source and/or contents are from a mass mailing.
  • Possible dangerous file: The email may contain a macro, encrypted file, or potentially unwanted application (PUA). 
  • Possible dangerous extension: File extensions that typically indicate a virus payload is included.
  • Bad reputation: The sender or sending IP may be on one or more bad reputation databases.
  • Obvious spam: Messages that have many obvious signs that indicate they are spam.
  • Spam: The email contains content that is consistent with unwanted email behaviors.
  • Possible spam: Messages that look like they could possibly be spam but might not be. 
  • Possible impersonation: The email appears to be coming from someone you know but not from a source consistent with their known identity.
  • Unwanted: Shield has learned that messages like these are unwanted by users.
  • Possible unwanted: Shield believes messages like these are unwanted but might be wanted.

Dangerous Results

Screenshot 2024-11-22 at 14.36.38.png

  • Virus: Emails that contain signs attributed to confirmed viruses.
  • Impersonation: Messages that have signs that they are from a sender other than the sender visible to the recipient.
  • Dangerous extension: The email may contain a macro, encrypted file, or potentially unwanted application (PUA). 

    NOTE: Virus or malware detection is always considered a high risk.

  • Dangerous file: The email contains a macro, encrypted file, or potentially unwanted application (PUA).
  • Phishing: Messages that have signs that they are fraudulent attempts to gain sensitive information from the recipient.
  • Possible phishing: Messages that look like they could possibly be phishing but might not be.

NOTE: Dangerous Results risk levels are only changeable at the user level by Administrators and Superusers, not by end users of any level.

 

Updated

Was this article helpful?

0 out of 0 found this helpful