Email systems use multiple layers of filtering to protect your inbox from junk, phishing, and dangerous content. This guide explains the three most common destinations for suspicious emails, how they work, and what action (if any) you need to take.
1. Spam or Junk Folder (Client-Side Filter)
What It Is: Your email application (like Outlook or Gmail) has a built-in junk or spam folder. Messages that seem suspicious—but not dangerous—are routed here automatically.
Why Emails Go Here: These messages may contain marketing content, unusual formatting, or low sender reputation, but they are not harmful enough to be quarantined by the main email system.
What You Should Do: Review occasionally in case of false positives. Mark messages as “Not Spam” to train the filter. No admin action is needed.
2. Admin Quarantine (Severe Threats Only)
What It Is: This is a system-wide quarantine controlled by your email security administrator. It holds messages flagged as highly dangerous—usually phishing scams, malware attachments, or spoofed addresses.
Who Can See It: End users do not receive notification or access to these messages. Only admins can review or release them.
Why Emails Go Here: The message closely matches a known malicious pattern. It contains viruses, forged headers, or links to known malicious websites. The sending server is on a real-time block list (RBL).
What You Should Do: Nothing. These are typically blocked silently for your protection.
3. User Quarantine (Moderate Suspicion)
What It Is: This is a per-user quarantine area where emails are held for review when they seem suspicious—but not confirmed malicious.
How You’re Notified: You receive a quarantine report via email, usually once a day, listing the messages that were held.
Why Emails Go Here: The message is from an unknown sender. It contains spammy language or formatting. The sender’s domain has poor reputation or lacks authentication (e.g., no SPF/DKIM).
What You Should Do:
- Release the Message: If it’s legitimate, release it to your inbox.
- Block the Sender: To prevent future messages from that address.
- Block the Domain: To block all messages from that sender’s domain.
- Delete It: If you’re unsure or think it’s junk, just delete it. If they spoofed your domain name, then just delete it.
| Feature | Junk/Spam Folder | Admin Quarantine | User Quarantine |
|---|---|---|---|
| Who Controls It | Email app (e.g., Outlook) | Admin or system-wide rules | You (via quarantine report) |
| Notification | None | None | Yes – daily summary email |
| Message Severity | Low | High – malware or phishing | Medium – suspicious content |
| User Access | Yes | No | Yes |
| Action Needed | Optional | None | Review and decide |
FAQs
Q: Why didn’t I get an email that someone sent me?
A: It may have been caught in one of the filters. Check your Junk folder and quarantine report. Admin-quarantined emails are usually discarded after 30 days for safety.
Q: Can I get access to admin-quarantined messages?
A: Only as an email administrator. Contact your IT team or your manager if you believe something was incorrectly flagged.
Q: Can I whitelist a sender to avoid quarantine?
A: Yes, you can usually allow specific addresses or domains from your quarantine report. If unsure, contact support.
Comments
0 comments
Article is closed for comments.