Email Quarantine Management
Email quarantine isolates emails suspected of spam, phishing, malicious content, or policy-triggered behavior so users or administrators can review and take action.
Introduction
Quarantined emails can be managed through:
- Email Quarantine Portal.
- Cloud Portal Mail Gateway.
- Quarantine email notifications.
Depending on Policy Builder configuration, users can release emails flagged as Personal Quarantine. Admin Quarantine messages are not released by users for security purposes.
Quarantine Logs Viewer
Quarantine Logs show why an email was quarantined. They include filtering phases such as spam detection, antivirus scanning, and other security checks.
When opening a quarantined email, the log view shows:
- Each stage the message passed through.
- The reason the message was flagged or blocked.
- Details from spam engines, antivirus scans, and custom rules.
Access Quarantine Logs
- Open Mail Gateway from the Cloud Portal left menu.
- Select the relevant domain.
- Open the Quarantine tab.
- Find the email to inspect.
- Open the email to view log details in a modal.
Use quarantine logs to troubleshoot false positives, understand which rule or engine caused a quarantine, and verify security actions for compliance or audit purposes.
Managing Quarantine from Cloud Portal
Users with Cloud Portal access can manage quarantine emails from Mail Gateway.
- Open Mail Gateway.
- Select the mail domain instance.
- Open the Quarantine Emails tab.
- Select User Quarantine or Admin Quarantine.
- Enter the recipient email address handle.
- Click Show to fetch quarantined emails.
- Release false-positive emails where appropriate.
Email Quarantine Portal
The Email Quarantine Portal provides organization users with direct access to view and manage quarantined emails.
- Open quarantine.cloud.site.sa.
- Enter your work email.
- Receive a one-time passcode in your inbox.
- Enter the OTP to log in.
- Review and search quarantined emails.
- Release Personal Quarantine emails if your administrator enabled email release.
Note
Users can manage Personal Quarantine emails after the organization administrator enables Email Release in the Policies tab under the organization's Mail Gateway instance.
Quarantine Notifications
After an email is detected and flagged, the system can send a quarantine notification to the user's inbox.
Notifications are sent only after the organization administrator enables Send Quarantine Report in the Mail Gateway Policies tab.
Notifications usually include:
- Sender of the quarantined email.
- Subject of the email.
- Instructions or a link to review and release the email if safe.
Available actions:
| Action | Description |
|---|---|
| Release the Email | Deliver the email to the inbox when the sender is trusted and the message appears legitimate. |
| Delete | Delete spam, phishing, or harmful email from quarantine. |
Email Awareness
Use these signals to identify potentially malicious email.
| Signal | What to look for |
|---|---|
| The Push | Urgent language or pressure to take a specific action. |
| Tone and Grammar | Language that sounds wrong or includes spelling and grammar issues. |
| Mismatched Links | Links that point somewhere different from what the email claims. |
| Odd Attachment Type | Unexpected ZIP, executable, or unusual attachment types. |