Email Warning Banner Messages

Last updated on 2024-11-06 16:02:40

This article refers to capabilities currently available as a beta release and will be gradually rolled out to customers.

Phishing scams are typically fraudulent email messages appearing to come from legitimate senders (for example, a university, an Internet service provider, a financial institution). These messages usually direct you to a spoofed website or otherwise get you to reveal private information such as logins, passwords, or other sensitive data. This information is then used to commit identity and/or monetary theft.

The Inbound Settings > Anti-Phishing > Email warning banners setting alerts users about the types of potential threats that may exist within a given email. Notification banners will display if there are any potential threats identified in the email.

Note that these settings apply to all domains you have verified in Email Gateway Defense for processing mail. You are unable to to change these settings for a specific domain.

Choose from the following options to set the notification banners:

On – Notification banners are turned on for all inbound email traffic.
Testing Mode – Notification banners are turned on only for a select set of users. Banners are applied to emails that contain the trial user email addresses in the To, Cc, or Bcc fields. Email addresses must be valid email users in the Email Gateway Defense user list. Enter the desired user email addresses separated by commas.

Note that users other than those in the trial user group may also see a notifications banner in the email. For example, a user jsmith@contoso.com is added as a trial user for email warning banners. jsmith is bcc'd on an external email to jdoe@contoso.com. The recipient of that email jdoe will also see the external sender warning banner, even though they are not part of the trial user group.

Off – Notification banners are turned off for all inbound email traffic.

Note: Email warning banners are not applied to any emails from the Message Log with the Delivery Status of UI Delivered. This can include messages that were previously blocked/quarantined or system generated emails such as user quarantine digests.

The following are the types of email warning banners used in Email Gateway Defense.

Unusual link

This email contains an external link to a domain you have not seen previously in communication from this sender. Confirm the message is safe before clicking on any links.

After you have interacted with a sender a few times, Email Gateway Defense will recognize the sender as a legitimate contact and will no longer display the warning banner because you have now established a history of communication and trust with the sender.

Unusual sender

This email was sent by a sender that has never sent an email to this recipient before. Confirm you trust this sender before taking any actions.

Unusual sender IP

This email sent from a sender IP that has never sent an email to this recipient before.

Newly registered sender domain

This email was sent from a domain registered within the last 30 days. Scammers commonly create new domains for attacks. Notification banner is removed when the domain is 30 days old.

External sender

This email was sent by an external sender. The banner includes the Header From address. Confirm you trust this sender before taking any actions.