Email Warning Tags

Email Warning Tags are an optional feature that helps reduce the risks posed by malicious email.

With Email Warning Tags enabled, Spambrella determines, based on those tags, whether an inbound email may pose a risk. If so, it inserts a brief explanation and warning into the body of the email. When this feature is enabled for an organization, inbound emails in plain text are converted to HTML before being tagged.

An optional “Learn More” link can be added to the tag. When users click this link, they are directed to a web page that offers detailed information about why the email was tagged. The user can also take additional actions, such as adding the email sender to their blocked sender list.

The “Learn More” link remains active for 30 days following the original delivery of the tagged email.

Tag Types

There are two types of email warning tags, informational and warning. Informational tags normally indicate a lower risk and convey general information about the email and/or its sender (i.e., the email sender is external). Warning tags may indicate a higher risk because the message may have a problem such as an inability to verify the sender’s identity or the message came from a recently-created sending domain.

Warning tags are treated as a higher priority than information tags. If an email matches the criteria for more than one warning tag (e.g. the email is both from an external sender and determined to be from a newly registered domain) the priority for insertion is:

  • If the email matches both a warning and an informational tag, the warning tag is applied.
  • If the email matches more than one warning tag, the one that is highest in priority is applied; the priority order is:
    1. DMARC
    2. Newly-registered domain
    3. High-risk Geo IP (Geographic sender location)

Additional reading:

What are AI Phishing Attacks?

Sandboxing URLs and Attachments