Misdirected Emails Categories

Category and Name Description Enabled by Default?

Misdirected Recipients

Incorrect Recipient Address

Notifies users when emailing an external contact for the first time.

Yes

Lookalike Domain

Warns users when the recipient's domain closely resembles a trusted domain.

Yes

External Contact

Alerts users when an email address may contain typographical errors.

No

Incoming Email from External Sender

Displays alerts for incoming emails (label/description placeholder shown) from external senders.

No

Fundamentals

Sender Domain Created Recently

Detects emails whose sender domain was created recently.

No

Reply-to Domain Recently Created

Detects incoming emails with a reply-to domain that was created recently and differs from the sender domain.

No

Sender Name Differs from Address

Detects emails where the display name significantly differs from the actual email address.

No

Sender SPF Failed

Detects emails that fail Sender Policy Framework (SPF) authentication.

No

Impersonation

Sender Resembles Internal Employee

Detects emails from a first-time sender whose display name matches an employee within the organization.

No

First-time Sender

Detects emails from senders with whom the recipient has never communicated.

No

Business Email Compromise
Payroll Information Update Request

Detects emails requesting payroll information updates from external senders.

No

Invoice from a New Vendor

Detects invoices received from vendors with no prior communication history.

No

Sender Resembles Contact

Detects email senders that closely resemble, but are not identical to, known contacts.

No

Request to Update Payment Details

Detects vendor requests to change payment details.

No

Financial Transaction Requests

Emails with Invoices / POs

Detects emails that contain payment requests such as invoices or purchase orders.

No

Payment Request via Payment Service Detects payment requests via third-party services (for example, PayPal or Venmo). No

Avoiding Inspection

Emails with Links to Restricted Resources

Detects emails that contain links to restricted-access resources.

No

Emails Appearing to Be from an E-Sign Service

Detects emails that contain potentially malicious e-signature links.

No