Post-delivery Email Recheck
Sometimes emails are rechecked after delivering to the end user mailbox, which may result in emails being removed from the user mailbox.
Post-delivery email recheck can be initiated in these cases:
-
Recheck initiated by the inputs from the end users (reported phishing, malicious url clicks) and other sources.
-
Emails are processed by the Anti-Phishing security engine and when needed by the Avanan security analysts.
-
When a global block action is issued. The block action includes all emails that match the relevant match criteria, across all protected mailboxes.
-
Emails processed by the relevant policy workflows.
When a policy is configured to block emails, the emails are removed from the mailbox and placed in quarantine. Avanan generates the relevant security events and sends the email notifications.
Post-delivery Reclassification
Avanan can identify security threats that happened after the fact (post-delivery).
For example, during the initial pre-delivery scanning, an email is classified as clean, but later it can be reclassified as malicious.
When such a post-delivery reclassification occurs, the security event includes the detection reason Post-delivery reclassification. The detection reason is also included in SIEM integrations in the ap_detection_reasons field.