π Guardz Email Protection: Comprehensive Security & Best Practices
π Introduction
Email remains one of the most common attack vectors used by cybercriminals to infiltrate businesses. Relying solely on built-in email security from cloud providers like Google Workspace and Microsoft 365 can leave organizations vulnerable to sophisticated cyber threats.
β Guardz Email Protection secures your email environment against:
π£ Phishing Attacks β Prevents attackers from tricking users into giving away credentials.
π¦ Malware & Ransomware β Stops dangerous attachments & links before they cause damage.
π Spoofing & Impersonation β Detects when attackers disguise themselves as trusted contacts.
π¨ AI-Powered Threat Detection β Identifies and categorizes email threats with high accuracy.
π Available in: Starter, Pro, and Ultimate Plans
π How Guardz Email Protection Works
πΉ API-Based Email Security
Guardz integrates directly with Microsoft 365 & Google Workspace to scan incoming emails in real time.
πΉ How Guardz Scans Emails
π§ For Microsoft 365 Users
Journaling Rule: All received emails are routed through Guardz for scanning (outgoing emails are ignored).
Emails are analyzed using multiple security engines and then deleted from temporary storage.
π§ For Google Workspace Users
Event-Based Scanning: Guardz subscribes to email activity events and performs real-time scanning.
π Guardz Email Protection Features
πΉ AI-Enhanced Email Scanning
β Uses machine learning to distinguish between spam, phishing, and legitimate emails.
β Tags each threat with a category & reason for detection.
β Threat information is visible in:
Detection & Response page (for admins)
Caution Banners (for users)
Quarantine Notifications (for users)
User Portal (for self-managed security actions)
π Configuring Email Protection Settings
πΉ Security Controls > Email Protection
1οΈβ£ Enable or Disable Specific Scans:
β Email Authentication Scan (SPF, DKIM, DMARC)
Emails failing these checks will have warning banners & an INFO-level issue logged.
β Impersonation Detection (detects sender alias mismatches).
β Spam Detection Toggle (automatically moves spam emails).
2οΈβ£ Set Actions for Detected Emails:
High Risk: Quarantine recommended (required action).
Medium Risk: Caution banner or quarantine (configurable).
Low Risk: Caution banner or no action (configurable).
3οΈβ£ Customize Spam Handling:
π’ Banner & move to spam folder (Recommended).
π΄ Quarantine high-risk spam.
β Add caution banners only.
π¨ Note: Turning off spam detection prevents new spam issues but does not affect phishing or malware scans.
π Email Security Actions & Remediation
πΉ Caution Banners for Suspicious Emails
β Automatically added to low-to-medium risk emails.
β
Users can take action directly from the banner:
β
Mark as Safe β Resolves the issue.
β Report & Delete β Notifies Guardz & removes the email.
π For quarantined emails:
Moved to the "Quarantine Zone" and retained for the configured period.
Admins can adjust the retention period.
Users receive a Quarantine Notification Email with a link to review the email in the User Portal.
π Managing Email Security Policies in Guardz
1οΈβ£ Security Controls > Email Protection > Caution Banner & Quarantine Settings
2οΈβ£ Adjust Risk-Based Handling:
High Risk Emails β Quarantine or Caution Banner (β Required).
Medium Risk Emails β Caution Banner or Quarantine.
Low Risk Emails β Caution Banner or No Action.
3οΈβ£ Enable Admin-Only Quarantine:
Users will not be able to restore quarantined emails.
Only admins can release, delete, or review quarantined emails.
π Tip: For MSPs, global email security policies can be applied across all customers, with per-customer overrides available.
π User Portal: Self-Service Email Security
1οΈβ£ Users receive an alert email when an email is quarantined.
2οΈβ£ Clicking "Review" takes them to the User Portal.
3οΈβ£ Users can take action:
β Restore β Returns the email to the inbox.
β Trash β Deletes the email permanently.
π Quarantined emails are automatically deleted if no action is taken before the retention period expires.
π Block & Allow Lists
πΉ Sender Allow & Block List Management
π Admins can manually allow or block:
Specific email addresses π©
Entire domains π
π¨ Important:
Internal domains cannot be blocked to prevent business disruptions.
Avoid blocking major email providers (e.g.,
gmail.com
) unless necessary.
π Security Controls > Email Protection > Block List
π Email File Type Filtering
π Admins can block or allow specific file types in emails to reduce malware risks.
β Customizable per global MSP settings or individual customer settings.
β Use for executables, scripts, or high-risk file types.
π Security Controls > Email Protection > Block List > File Type Filtering
π Monitoring & Managing Email Issues in Guardz
πΉ Viewing Email Issues
π Detection & Response > Email Protection Issues
Filter by sender, recipient, or subject.
Search by threat type (e.g., phishing, virus, spam).
Sort by risk score range.
πΉ Bulk Email Remediation
π Admins can apply security actions across multiple emails at once.
Ensure emails are of the same issue type & not closed before bulk actions.
Users can override admin decisions via the User Portal.
π Admins receive alerts when a user overrides a quarantined email decision.
π Email Threat Management & Admin Notifications
β New Issue Type: "Spam Emails"
Recognizes unwanted spam that does not meet phishing or malware risk thresholds.
Logged as an INFO-level issue.
β Admin Notifications:
Turn off spam alerts under My Profile > Email Notification Settings.
Reporting Phishing Emails via Built-in Email Report Button
This feature allows end users to report suspicious emails easily, while giving admins the tools to investigate and remediate across the organization.
β
Note: This feature is disabled by default. To start using it, go to your Email Security settings in Guardz and turn on βEnd-User Phishing Reporting.β
β
How It Works
User Reports an Email
When a user clicks the built-in βReport Phishingβ button in their inbox (Google or Microsoft), a phishing report is sent and a new issue is created automatically in Guardz under βEnd-User Reported Emails.β
βIssue Created in Guardz
The issue includes:A list of other mailboxes that received the same or similar email
β
Admin Review & Remediation
Admins can:Take bulk actions across affected mailboxes (e.g., delete or release the email)
Close the issue after resolution
β
User Feedback (Optional)
End users will receive automatic status updates about their report (this feature can be disabled in settings).
π FAQ: Email Protection
πΉ Does Email Protection apply to all users or only activated ones?
β
It applies only to users with an active Guardz license.
β Ensure the sender is not already whitelisted.
πΉ Can Guardz protect personal email accounts?
β No, Guardz protects only business email accounts from the primary directory.
πΉ What happens if I disable Spam Detection?
β
New spam issues will not be generated, but phishing/malware scans remain active.
πΉ Can spam handling settings be customized per customer?
β
Yes, MSPs can set global defaults and override settings per customer.
πΉ Why can't I block a specific domain?
β
Guardz prevents blocking internal domains & major external domains (e.g., Gmail).
β
Recommended: Block specific email addresses instead.