3.3 Mail

📖 Overview

The Mail submodule under the Analyzed section provides a complete forensic record of all analyzed email messages processed by ShieldsGuard SEG.

Each email is dissected into its components — sender, recipient, content, attachments, URLs, and headers — and is scanned for spam, phishing, malware, and policy violations.

🛡️ This is your central point of investigation for every threat, anomaly, or suspicious message caught by the email security gateway.

🧠 What You’ll See

Column

Description

Mail ID

Unique identifier for the email

Analysis Time

Timestamp when the email was scanned

Sender

Email address of the sender

Recipient

Email address of the recipient

Verdict

Final evaluation result

Actions

Detailed analysis button + blacklist/restore

🧪 Verdict Types

Verdict

Meaning

SPAM

Unsolicited or bulk email flagged by filters

PHISHING

Attempt to steal credentials or impersonate legitimate services

BLOCKED WORDS IN CONTENT

Message contains restricted keywords or phrases

SUSPICIOUS

Anomalous patterns but no confirmed malicious behavior

MAXIMUM FILE SIZE

Email contains attachment too large to analyze

📌 Emails with confirmed threats are automatically quarantined or blocked depending on policy.

📁 Email Detail Tabs

Clicking “View” opens a multi-tab analysis window, breaking down the message into:

🧷 File Attachments

Lists all files extracted, scanned, and their verdicts (linked to 3.1 Files).

🌐 URL Analysis

Displays all embedded links, redirect paths, and verdicts (linked to 3.2 URL).

📭 Sender Domain

Identifies the domain reputation, historical behavior, and filter actions (linked to 3.4 Domain).

✉️ Mail Details

Header data, SPF/DKIM/DMARC result, and message metadata.

🔍 Use Cases

Goal

How the Mail module helps

Investigate a suspicious email

See full metadata, attachments, and URLs

Trace phishing attempts

Filter verdict by PHISHING and review target users

Identify high-risk senders

Review senders that appear repeatedly

Validate false positives

Re-analyze mail verdict and override manually

⚙️ Analyst Tools

Filter by Verdict (PHISHING, SPAM, etc.)
Search by Mail ID, Sender, or Recipient
Blacklist sender domain directly from action panel
Restore messages (if applicable) from quarantine

🧠 Best Practices

Action

Benefit

Investigate all PHISHING verdicts

Prevent credential harvesting and fraud

Monitor SUSPICIOUS verdicts daily

Spot new or stealthy attack methods

Cross-reference file and URL tabs

Understand full attack chain

Use sender domain tab for blacklist ops

Block entire source infrastructure if repeated

🎯 The Mail module is the forensic foundation of your SEG — giving you everything you need to investigate, trace, and respond to email-based threats in depth.

Previous3.2 URL Next3.4 Domain

Last updated 9 days ago

3.3 Mail

📖 Overview

The Mail submodule under the Analyzed section provides a complete forensic record of all analyzed email messages processed by ShieldsGuard SEG.

Each email is dissected into its components — sender, recipient, content, attachments, URLs, and headers — and is scanned for spam, phishing, malware, and policy violations.

🛡️ This is your central point of investigation for every threat, anomaly, or suspicious message caught by the email security gateway.

🧠 What You’ll See

Column

Description

Mail ID

Unique identifier for the email

Analysis Time

Timestamp when the email was scanned

Sender

Email address of the sender

Recipient

Email address of the recipient

Verdict

Final evaluation result

Actions

Detailed analysis button + blacklist/restore

🧪 Verdict Types

Verdict

Meaning

SPAM

Unsolicited or bulk email flagged by filters

PHISHING

Attempt to steal credentials or impersonate legitimate services

BLOCKED WORDS IN CONTENT

Message contains restricted keywords or phrases

SUSPICIOUS

Anomalous patterns but no confirmed malicious behavior

MAXIMUM FILE SIZE

Email contains attachment too large to analyze

📌 Emails with confirmed threats are automatically quarantined or blocked depending on policy.

📁 Email Detail Tabs

Clicking “View” opens a multi-tab analysis window, breaking down the message into:

🧷 File Attachments

Lists all files extracted, scanned, and their verdicts (linked to 3.1 Files).

🌐 URL Analysis

Displays all embedded links, redirect paths, and verdicts (linked to 3.2 URL).

📭 Sender Domain

Identifies the domain reputation, historical behavior, and filter actions (linked to 3.4 Domain).

✉️ Mail Details

Header data, SPF/DKIM/DMARC result, and message metadata.

🔍 Use Cases

Goal

How the Mail module helps

Investigate a suspicious email

See full metadata, attachments, and URLs

Trace phishing attempts

Filter verdict by PHISHING and review target users

Identify high-risk senders

Review senders that appear repeatedly

Validate false positives

Re-analyze mail verdict and override manually

⚙️ Analyst Tools

Filter by Verdict (PHISHING, SPAM, etc.)
Search by Mail ID, Sender, or Recipient
Blacklist sender domain directly from action panel
Restore messages (if applicable) from quarantine

🧠 Best Practices

Action

Benefit

Investigate all PHISHING verdicts

Prevent credential harvesting and fraud

Monitor SUSPICIOUS verdicts daily

Spot new or stealthy attack methods

Cross-reference file and URL tabs

Understand full attack chain

Use sender domain tab for blacklist ops

Block entire source infrastructure if repeated

🎯 The Mail module is the forensic foundation of your SEG — giving you everything you need to investigate, trace, and respond to email-based threats in depth.

Previous3.2 URL Next3.4 Domain

Last updated 9 days ago