Skip to main content
Email Protection
Updated this week

πŸš€ Guardz Email Protection: Comprehensive Security & Best Practices

πŸ“Œ Introduction

Email remains one of the most common attack vectors used by cybercriminals to infiltrate businesses. Relying solely on built-in email security from cloud providers like Google Workspace and Microsoft 365 can leave organizations vulnerable to sophisticated cyber threats.

βœ… Guardz Email Protection secures your email environment against:

  • 🎣 Phishing Attacks – Prevents attackers from tricking users into giving away credentials.

  • 🦠 Malware & Ransomware – Stops dangerous attachments & links before they cause damage.

  • πŸ”„ Spoofing & Impersonation – Detects when attackers disguise themselves as trusted contacts.

  • 🚨 AI-Powered Threat Detection – Identifies and categorizes email threats with high accuracy.

πŸ“Œ Available in: Starter, Pro, and Ultimate Plans


πŸ“Œ How Guardz Email Protection Works

πŸ”Ή API-Based Email Security
Guardz integrates directly with Microsoft 365 & Google Workspace to scan incoming emails in real time.

πŸ”Ή How Guardz Scans Emails

πŸ“§ For Microsoft 365 Users

  • Journaling Rule: All received emails are routed through Guardz for scanning (outgoing emails are ignored).

  • Emails are analyzed using multiple security engines and then deleted from temporary storage.

πŸ“§ For Google Workspace Users

  • Event-Based Scanning: Guardz subscribes to email activity events and performs real-time scanning.


πŸ“Œ Guardz Email Protection Features

πŸ”Ή AI-Enhanced Email Scanning

βœ” Uses machine learning to distinguish between spam, phishing, and legitimate emails.
βœ” Tags each threat with a category & reason for detection.
βœ” Threat information is visible in:

  • Detection & Response page (for admins)

  • Caution Banners (for users)

  • Quarantine Notifications (for users)

  • User Portal (for self-managed security actions)


πŸ“Œ Configuring Email Protection Settings

πŸ”Ή Security Controls > Email Protection

1️⃣ Enable or Disable Specific Scans:

  • βœ… Email Authentication Scan (SPF, DKIM, DMARC)

    • Emails failing these checks will have warning banners & an INFO-level issue logged.

  • βœ… Impersonation Detection (detects sender alias mismatches).

  • βœ… Spam Detection Toggle (automatically moves spam emails).

2️⃣ Set Actions for Detected Emails:

  • High Risk: Quarantine recommended (required action).

  • Medium Risk: Caution banner or quarantine (configurable).

  • Low Risk: Caution banner or no action (configurable).

3️⃣ Customize Spam Handling:

  • 🟒 Banner & move to spam folder (Recommended).

  • πŸ”΄ Quarantine high-risk spam.

  • ⚠ Add caution banners only.

🚨 Note: Turning off spam detection prevents new spam issues but does not affect phishing or malware scans.


πŸ“Œ Email Security Actions & Remediation

πŸ”Ή Caution Banners for Suspicious Emails

⚠ Automatically added to low-to-medium risk emails.
​

Users can take action directly from the banner:
βœ… Mark as Safe – Resolves the issue.
❌ Report & Delete – Notifies Guardz & removes the email.

πŸ“Œ For quarantined emails:

  • Moved to the "Quarantine Zone" and retained for the configured period.

  • Admins can adjust the retention period.

  • Users receive a Quarantine Notification Email with a link to review the email in the User Portal.


πŸ“Œ Managing Email Security Policies in Guardz

1️⃣ Security Controls > Email Protection > Caution Banner & Quarantine Settings
2️⃣ Adjust Risk-Based Handling:

  • High Risk Emails β†’ Quarantine or Caution Banner (⚠ Required).

  • Medium Risk Emails β†’ Caution Banner or Quarantine.

  • Low Risk Emails β†’ Caution Banner or No Action.

3️⃣ Enable Admin-Only Quarantine:

  • Users will not be able to restore quarantined emails.

  • Only admins can release, delete, or review quarantined emails.

πŸ’Ž Tip: For MSPs, global email security policies can be applied across all customers, with per-customer overrides available.


πŸ“Œ User Portal: Self-Service Email Security

1️⃣ Users receive an alert email when an email is quarantined.
2️⃣ Clicking "Review" takes them to the User Portal.
3️⃣ Users can take action:

  • βœ… Restore – Returns the email to the inbox.

  • ❌ Trash – Deletes the email permanently.

πŸ“Œ Quarantined emails are automatically deleted if no action is taken before the retention period expires.


πŸ“Œ Block & Allow Lists

πŸ”Ή Sender Allow & Block List Management

πŸ“Œ Admins can manually allow or block:

  • Specific email addresses πŸ“©

  • Entire domains 🌍

🚨 Important:

  • Internal domains cannot be blocked to prevent business disruptions.

  • Avoid blocking major email providers (e.g., gmail.com) unless necessary.

πŸ“Œ Security Controls > Email Protection > Block List


πŸ“Œ Email File Type Filtering

πŸ“Œ Admins can block or allow specific file types in emails to reduce malware risks.
βœ” Customizable per global MSP settings or individual customer settings.
βœ” Use for executables, scripts, or high-risk file types.

πŸ“Œ Security Controls > Email Protection > Block List > File Type Filtering


πŸ“Œ Monitoring & Managing Email Issues in Guardz

πŸ”Ή Viewing Email Issues

πŸ“Œ Detection & Response > Email Protection Issues

  • Filter by sender, recipient, or subject.

  • Search by threat type (e.g., phishing, virus, spam).

  • Sort by risk score range.

πŸ”Ή Bulk Email Remediation

πŸ“Œ Admins can apply security actions across multiple emails at once.

  • Ensure emails are of the same issue type & not closed before bulk actions.

  • Users can override admin decisions via the User Portal.

πŸ“Œ Admins receive alerts when a user overrides a quarantined email decision.


πŸ“Œ Email Threat Management & Admin Notifications

βœ” New Issue Type: "Spam Emails"

  • Recognizes unwanted spam that does not meet phishing or malware risk thresholds.

  • Logged as an INFO-level issue.

βœ” Admin Notifications:

  • Turn off spam alerts under My Profile > Email Notification Settings.


Reporting Phishing Emails via Built-in Email Report Button

This feature allows end users to report suspicious emails easily, while giving admins the tools to investigate and remediate across the organization.
​

Note: This feature is disabled by default. To start using it, go to your Email Security settings in Guardz and turn on β€œEnd-User Phishing Reporting.”
​

How It Works

  1. User Reports an Email
    When a user clicks the built-in β€œReport Phishing” button in their inbox (Google or Microsoft), a phishing report is sent and a new issue is created automatically in Guardz under β€œEnd-User Reported Emails.”
    ​

  2. Issue Created in Guardz
    The issue includes:

    • A list of other mailboxes that received the same or similar email
      ​

  3. Admin Review & Remediation
    Admins can:

    • Take bulk actions across affected mailboxes (e.g., delete or release the email)

    • Close the issue after resolution
      ​

  4. User Feedback (Optional)
    End users will receive automatic status updates about their report (this feature can be disabled in settings).


πŸ“Œ FAQ: Email Protection

πŸ”Ή Does Email Protection apply to all users or only activated ones?
βœ… It applies only to users with an active Guardz license.

βœ… Ensure the sender is not already whitelisted.

πŸ”Ή Can Guardz protect personal email accounts?
❌ No, Guardz protects only business email accounts from the primary directory.

πŸ”Ή What happens if I disable Spam Detection?
βœ… New spam issues will not be generated, but phishing/malware scans remain active.

πŸ”Ή Can spam handling settings be customized per customer?
βœ… Yes, MSPs can set global defaults and override settings per customer.

πŸ”Ή Why can't I block a specific domain?
βœ… Guardz prevents blocking internal domains & major external domains (e.g., Gmail).
βœ… Recommended: Block specific email addresses instead.


Did this answer your question?