Block Type |
Who does this affect? |
Notes and Detail |
How and where is it done? |
Spam blocking to Junk Email folder |
IT only |
Otherwise, for all other users Spam goes to Mimecast spam queue or Mimecast for Outlook. Abnormal Security leverages Microsoft’s Anti-Spam Threat Protection Policy. Spam is unwanted email, and the verdict of Junk is performed by Abnormal Security based on established patterns of things you don't read and delete that also have a high spam score in the email header. |
|
Graymail to Promotions folder |
IT Only |
Otherwise, all other users, gray mail goes to the Admin held queue or Mimecast for Outlook. |
|
Malicious content in attachment |
All users |
Email is sent to the Windows Defender Quarantine (Email or Files tabs). Abnormal Security processes and opens the attachment in a sandbox to see what it does, and if malicious, directs the Microsoft tools to send it from the Inbox to the Defender Quarantine.
|
|
Phishing blocks to the Defender Quarantine |
IT Only |
Otherwise, blocked or held by Mimecast impersonation protection, and tagged by Area 1 to the Defender Quarantine. Abnormal Security leverages Microsoft’s Anti-Phishing Threat Protection policy. Phishing is determined by scoring based on keywords in the email, combined with the domain age, the reputation of the sending IP, the reputation of the geography for malicious activity, SPF/DKIM validation and whether those two combined yield a PASS score on DMARC. If SPF or DKIM fail, but DMARC passes, it's an indication of an email gateway error during transit where the original sending IP has been replaced by a gateway IP along the way, or it means a malicious actor has interfered with the email chain of custody, and inspected and/or modified the contents of the email or attachments. |
|
|
|
|
|