# 3.3 Mail

#### 📖 Overview

The **Mail** submodule under the Analyzed section provides a complete forensic record of all analyzed **email messages** processed by ShieldsGuard SEG.

Each email is dissected into its components — sender, recipient, content, attachments, URLs, and headers — and is scanned for spam, phishing, malware, and policy violations.

> 🛡️ This is your central point of investigation for every threat, anomaly, or suspicious message caught by the email security gateway.

***

#### 🧠 What You’ll See

| Column            | Description                                  |
| ----------------- | -------------------------------------------- |
| **Mail ID**       | Unique identifier for the email              |
| **Analysis Time** | Timestamp when the email was scanned         |
| **Sender**        | Email address of the sender                  |
| **Recipient**     | Email address of the recipient               |
| **Verdict**       | Final evaluation result                      |
| **Actions**       | Detailed analysis button + blacklist/restore |

***

#### 🧪 Verdict Types

| Verdict                      | Meaning                                                         |
| ---------------------------- | --------------------------------------------------------------- |
| **SPAM**                     | Unsolicited or bulk email flagged by filters                    |
| **PHISHING**                 | Attempt to steal credentials or impersonate legitimate services |
| **BLOCKED WORDS IN CONTENT** | Message contains restricted keywords or phrases                 |
| **SUSPICIOUS**               | Anomalous patterns but no confirmed malicious behavior          |
| **MAXIMUM FILE SIZE**        | Email contains attachment too large to analyze                  |

> 📌 Emails with confirmed threats are automatically **quarantined** or **blocked** depending on policy.

***

#### 📁 Email Detail Tabs

Clicking “View” opens a multi-tab analysis window, breaking down the message into:

**🧷 File Attachments**

Lists all files extracted, scanned, and their verdicts (linked to 3.1 Files).

**🌐 URL Analysis**

Displays all embedded links, redirect paths, and verdicts (linked to 3.2 URL).

**📭 Sender Domain**

Identifies the domain reputation, historical behavior, and filter actions (linked to 3.4 Domain).

**✉️ Mail Details**

Header data, SPF/DKIM/DMARC result, and message metadata.

***

#### 🔍 Use Cases

| Goal                           | How the Mail module helps                          |
| ------------------------------ | -------------------------------------------------- |
| Investigate a suspicious email | See full metadata, attachments, and URLs           |
| Trace phishing attempts        | Filter verdict by PHISHING and review target users |
| Identify high-risk senders     | Review senders that appear repeatedly              |
| Validate false positives       | Re-analyze mail verdict and override manually      |

***

#### ⚙️ Analyst Tools

* **Filter by Verdict** (PHISHING, SPAM, etc.)
* **Search by Mail ID**, Sender, or Recipient
* **Blacklist sender domain** directly from action panel
* **Restore messages** (if applicable) from quarantine

***

#### 🧠 Best Practices

| Action                                  | Benefit                                        |
| --------------------------------------- | ---------------------------------------------- |
| Investigate all PHISHING verdicts       | Prevent credential harvesting and fraud        |
| Monitor SUSPICIOUS verdicts daily       | Spot new or stealthy attack methods            |
| Cross-reference file and URL tabs       | Understand full attack chain                   |
| Use sender domain tab for blacklist ops | Block entire source infrastructure if repeated |

***

> 🎯 The Mail module is the forensic foundation of your SEG — giving you everything you need to investigate, trace, and respond to email-based threats in depth.