Risk Level Defaults

Risk level affects on email delivery

  • High: emails are held in Shield's Jail, outside the mailbox, even if a sender is trusted.
  • Moderate: emails are sent to the Junk folder even if a sender is trusted.
  • Low: emails are sent to the Junk folder if the sender is not trusted.
  • None: emails are delivered or silenced. If the sender does not have a trust or silence clearance, the email is put in Review for first-time sender review.

IMPORTANT REMINDER: Setting a trust does not guarantee delivery from a sender. Trust does not equate to allow or whitelist. Shield has a zero-trust model, and a trusted sender can be compromised, impersonated, or subjected to other suspicious behavior that will cause Shield to hold a message from a trusted sender. There are no whitelisting or allow rules with Shield.

Risk definitions

Not all risks are easily defined and, therefore, should not be treated as an "on or off" switch. Risks have objective and subjective elements whose severity may be different from organization to organization. The definitions are intended to be a guide to determine the appropriate risk level based on an organization or user's needs.

  • Unauthorized: Emails that fail an SPF check or show other signs of coming from an unauthorized source. DMARC policies may also dictate unauthorized messages.
  • Forged: Emails that fail a DKIM check or show other signals of tampering.
  • Bulk: Emails coming from known bulk email sources or show signals of being a mass communication. Newsletter providers, CRM applications, and advertising emails are the most common forms of bulk email.
  • Possible dangerous file: An attachment in an email is possibly dangerous. The file is likely password-protected, encrypted, or obfuscated in some way, preventing a complete scan of the attachment. Password-protected PDF files and encrypted, compressed files are common risks.
  • Bad reputation: An email from a source or domain with reputation problems. IP blacklist and domain reputation databases contribute to reputation monitoring and results.
  • Obvious spam: High confidence signs that an email is spam.
  • Spam: Strong signals determine an email to be spam. Subject matter in the content, the source of the email, and poor language "tells" contribute to identification.
  • Possible spam: Emails that contain signs attributed to spam behavior but may be acceptable to an organization or user based on industry, business vertical, or communication style.
  • Possible impersonation: Emails displaying conflicting information about the sender. Some impersonation or spoofing, such as CRM applications and newsletters, may be legitimate. However, caution is still advised.
  • Unwanted: Shield's adaptive learning is confident an email is unwanted based on a user's email usage pattern.
  • Possible unwanted: Shield's adaptive learning has signals that suggest a message is unwanted based on a user's email usage pattern.

Risk awareness

Risks are presented to users in every email through the HUD (heads-up display), which uses icons matching the associated risks. For more information about the risk icons, please see the HUD Icon Glossary.

Have more questions? Submit a request