5.11. Email classifications

To better reflect the risk level associated to a certain email and for easier understanding what potential risks an email carries, Email Gateway Security introduced classifications of emails.

One-to-many

A certain email may have multiple classifications.

Classifications assigned to a certain email can be reviewed in the Email details view under Audit > Email history or Quarantine. For further details see 5.2. Email History and 5.3. Quarantine.

Negative classifications

Classifications in this group are negative in terms of that they indicate risk or failure. They are marked with red color in the GUI.

images/download/attachments/8464815/image-20200918-103300.png

Emails with risks

The emails classified according to the classes below are blocked by default as they expose the organization to significant risk.

Classification

Description

Scan failure

Anti-malware scan of the Advanced Threat Detection capability failed.

Threat detected

Malware threat was detected in the email by the Advanced Threat Detection capability.

Possible threat detected

Possible malware threat was detected in the email by the Advanced Threat Detection capability.

Phishing

The email was detected as known phishing (probability level 9) by the Anti-phishing capability.

For details see the Anti-phishing and anti-spam section under 4.4. Policy.

Possible phishing

The email was detected as possible phishing (probability level 1-8 depending on the Probability level set for the rule’s anti-phishing) by the Anti-phishing capability.

For details see the Anti-phishing and anti-spam section under 4.4. Policy.

Password protected

The email contains one or more password protected attachments.

For details see 5.6. Password protected attachments.

DLP violation

The email contents violate the Data Loss Prevention policy defined by the Sensitive Data Loss Prevention capability.

For details see https://onlinehelp.opswat.com/corev4/6._Proactive_DLP.html.

Possible DLP violation

The email contains data that was detected as possibly violating the Data Loss Prevention policy defined by the Sensitive Data Loss Prevention capability.

For details see https://onlinehelp.opswat.com/corev4/6._Proactive_DLP.html.

Sanitization failure

Processing of the Zero-Day Malware Prevention capability failed.

For details see https://onlinehelp.opswat.com/cdr/.

Blocked other

Blocked for any other reason not mentioned above.

Unsolicited emails

The emails classified according to the classes below are blocked by default as they most probably are unsolicited emails.

Classification

Description

Spam

The email was detected as known spam (probability level 9) by the Anti-spam capability.

For details see the Anti-phishing and anti-spam section under 4.4. Policy.

Possible spam

The email was detected as possible spam (probability level 1-8 depending on the Probability level set for the rule’s anti-spam) by the Anti-spam capability.

For details see the Anti-phishing and anti-spam section under 4.4. Policy.

Marketing

The email was detected as marketing by the Anti-spam capability.

For details see the Anti-phishing and anti-spam section under 4.4. Policy.

Possible marketing

The email was detected as possible marketing by the Anti-spam capability.

For details see the Anti-phishing and anti-spam section under 4.4. Policy.

Anti-spam failure

Anti-spam scan of the Anti-spam capability failed.

Processing failures

Classifications in this group indicate problems in the email processing pipeline making the email undeliverable. The problems listed below do not, however, expose the system to risk.

Classification

Description

Send failure

The email was failed to be sent due to outage of the next hop in the email relay chain.

Positive classifications

Classifications in this group are positive in terms of that they indicate that the email

  1. was clean,

  2. its risk was mitigated or

  3. the system was configured to bypass it.

Classifications of this group are marked with green color in the GUI.

images/download/attachments/8464815/image-20200918-104502.png

Clean emails

Classification

Description

Sanitized

The contents of the email were successfully processed by the Zero-Day Malware Prevention capability: all potentially malicious components have been removed.

For details see: https://onlinehelp.opswat.com/cdr/.

No threat detected

The Advanced Threat Detection capability found all the contents of the email clean.

Not scanned

The Advanced Threat Detection capability was configured to not scan this email.

Notifications, alerts and reports

Emails with the classifications below originate from Email Gateway Security and are clean inherently. For furhter details see 4.8. Alert, notification and quarantine report emails.

Classification

Description

Notification

Notifications are sent when emails are blocked by Advanced Threat Prevention and Email Gateway Security is configured to block the email. images/download/attachments/8464815/image-20200918-112740.png

Alert

Email alerts can be configured so that certain users can instantly be notified about the occurrence of certain system events.

Report

Report emails sent by Email Gateway Security.

Not blocked emails

SANITIZED_ORIGINAL (ORG)
DLP_REDACTED (DLR)
BYPASSED (BPS)
NO_LICENSE (LIC)

Classification

Description

Sanitized original

When Email Gateway Security is configured accordingly, then it sends te original copy of a sanitized email to the Quarantine. Such emails will get this classification. images/download/attachments/8464815/image-20200918-113035.png images/download/attachments/8464815/image-20200918-113127.png

DLP redacted

The sensitive information found by the Sensitive Data Loss Prevention capability has been redacted.

Bypassed

Email Gateway Security was configured to bypass this email. images/download/attachments/8464815/image-20200918-113347.png

No license

Email Gateway Security was not licensed when scanning this email, so the email was let through with no processing.

No classification

Classification

Description

None

The email did not apply to any other classification. This very rare condition may appear when Email Gateway Security is licensed and works normally, but is configured to not process the email in any way (no malware and spam scanning, no data sanitization, DLP, etc.).