Configuring Risk Levels

Risk Levels provide some control over the behavior Shield takes on a message that matches a specific risk. The Risk Levels can be applied to an Organization or individual user from Shield Control.

Risk Levels

  • High - A high risk places the email into the Junk email folder and replaces the content with a placeholder regardless of whether the sender is a trusted contact.
  • Moderate - A moderate risk places the email into the Junk email folder unless the sender is a trusted contact. An email in the Junk email folder will retain its original contents but will be subject to the folder's native protections.
  • Low - A low risk email will only include insights in X-ray and go to the Review folder if the sender is an unknown contact.

Risk Categories

Choose the appropriate risk level for the category to alter Shield's default behavior.

  • Unauthorized - SPF failure of the envelope sender address or a DMARC quarantine or reject policy.
  • Forged - DKIM signature failure.
  • Bulk - The email's source and/or contents are from a mass mailing.
  • Possible dangerous file - The email contains a macro, encrypted file, or potentially unwanted application (PUA). NOTE: Virus or malware detection is always considered a high risk.
  • Bad reputation - The sender or sending IP may be on one or more bad reputation databases.
  • Spam - The email contains content that is consistent with unwanted email behaviors.
  • Possible impersonation - The email appears to be coming from someone you know but not from a source consistent with their known identity.


Have more questions? Submit a request