Risk Levels provide some control over the behavior Shield takes on a message that matches a specific risk. The Risk Levels can be applied to an Organization, individual user, or to a specific sender of a user within Shield Control.
Risk Levels
- High - A high-risk places the email into the Jail regardless of whether the sender is a trusted contact.
- Moderate - A moderate-risk places the email in the Junk Email folder unless the sender is a trusted contact. An email in the Junk email folder will retain its original contents but will be subject to the folder's native protections.
- Low - A low-risk email will only include insights in X-ray and go to the Review folder if the sender is an unknown contact.
Risk Categories
Choose the appropriate risk level for the category to alter Shield's default behavior.
- Unauthorized: SPF failure of the envelope sender address or a DMARC quarantine or reject policy.
- Forged: DKIM signature failure.
- Bulk: The email's source and/or contents are from a mass mailing.
- Possible dangerous file: The email may contain a macro, encrypted file, or potentially unwanted application (PUA).
- Possible dangerous extension: File extensions that typically indicate a virus payload is included.
- Bad reputation: The sender or sending IP may be on one or more bad reputation databases.
- Obvious spam: Messages that have many obvious signs that indicate they are spam.
- Spam: The email contains content that is consistent with unwanted email behaviors.
- Possible spam: Messages that look like they could possibly be spam but might not be.
- Possible impersonation: The email appears to be coming from someone you know but not from a source consistent with their known identity.
- Unwanted: Shield has learned that messages like these are unwanted by users.
- Possible unwanted: Shield believes messages like these are unwanted but might be wanted.
Dangerous Results
- Virus: Emails that contain signs attributed to confirmed viruses.
- Impersonation: Messages that have signs that they are from a sender other than the sender visible to the recipient.
- Dangerous extension: The email may contain a macro, encrypted file, or potentially unwanted application (PUA).
NOTE: Virus or malware detection is always considered a high risk.
- Dangerous file: The email contains a macro, encrypted file, or potentially unwanted application (PUA).
- Phishing: Messages that have signs that they are fraudulent attempts to gain sensitive information from the recipient.
- Possible phishing: Messages that look like they could possibly be phishing but might not be.
NOTE: Dangerous Results risk levels are only changeable at the user level by Administrators and Superusers, not by end users of any level.
Updated