Spam Protection

Spam Workflows

The administrators can select any of these workflows when spam is detected in emails.

Note:

Spam protection workflow is configurable only for Office 365 email and Gmail.

Workflow

Description

Email is allowed. Deliver to Junk folder

(Available only for Office 365 Mail)

The Anti-Phishing engine marks the email as Spam by updating the Spam Confidence Level (SCL) to 9 (by setting the value of header X-CLOUD-SEC-AV-SCL to True). The email will be moved to the Spam folder by Office 365 (with the proper Mail Flow rules), based on the configured action for SCL=9 (by default set to deliver the message to the recipients' Junk Email folder).

For more information on SCL levels, see SCL.

Email is allowed. Move to Spam

(Available only for Gmail)

The Anti-Phishing engine delivers the email to the user's Spam folder.

Add [Spam] to subject

The email is delivered to the inbox, and the subject is modified to start with '[Spam]' (for example, the email subject 'Are you interested' will be delivered with a new subject: '[Spam] Are you interested').

Quarantine. User is alerted and allowed to restore the email

The email is quarantined, and the user is allowed to restore the email.

Quarantine. User is not alerted (admin can restore)

The email is quarantined, and the admin can restore the email.

Email is allowed. Header is added to the email

The detected email is delivered to the recipient with an additional header that can be configured in the policy.

Do nothing

The email is delivered to the end user mailbox.

For more information on who receives the restored emails, see Who Receives the Emails Restored from Quarantine.