Email security¶

Can Coro connect to a Microsoft G-level licensing product, for example, Office365 GovG1?¶

No, Coro cannot connect to a Microsoft G-level licensing product.

Does Coro's email phishing protection scan emails once received?¶

Yes, all incoming emails are scanned as soon as they are received.

I am utilizing Google Workspace Sync for Microsoft Outlook and am having difficulty downloading the Outlook plug-in since my admin account is setup with Google Workspace. Is there a downloadable file available for the Outlook Email Feedback plug-in?¶

Unfortunately, this is not possible. With add-in distribution, the add-in is linked to your organization's Microsoft 365 business account, which is needed for the add-in to work properly.

When an Admin User blocks a domain or email, does a retroactive scan delete the blocklisted emails from the inboxes of all protected users?¶

Previous emails are never deleted. Only the current emails from the sender/domain from which the administrator blocked the sender/domain, as well as all subsequent emails from this sender/domain, are deleted.

Does Coro store my incoming/outgoing emails and disclose sensitive information?¶

Coro does not store emails from its customers. Only emails associated with tickets are temporarily stored in a privacy-preserving manner.

Does Coro support Domain Keys Identified Mail (DKIM) and Sender Policy Framework (SPF)?¶

Currently DKIM and SPF are not supported by Coro.

Can emails flagged by Coro be redirected to folders other than Coro Suspected?¶

No, emails flagged by Coro cannot be redirected to folders other than Coro Suspected.

What happens when emails with attachments of specific file types are quarantined?¶

These are treated as phishing emails. On cloud drives, these emails are moved to the Suspected folder, except for Salesforce where they are archived. The quarantine procedure involves encapsulating the file in such a way that it cannot be executed by renaming, but can be restored to its original location.

What type of ticket is created for an email that is quarantined due to having an attachment with a specific file type?¶

An Email Phishing ticket is created and is auto remediated and closed.

Does Coro auto remediate (block and delete) emails that are confirmed to contain malware?¶

Coro does not delegate deletion actions to automated decision processes. Automation is only used to determine whether or not remediation is required.

Deletion is only performed when the sender or sender's domain is explicitly added to a blocklist by an administrator.

Does Coro's email security layer detect malware/phishing before it reaches the inbox¶

Currently, Coro detects malware/phishing as soon as an email reaches an inbox, not before. If any of these problems are discovered, the email is either moved to the Suspected folder or deleted.

When evaluating emails, does the Specific Keywords option search include email address domains or the sender/recipient address?¶

No, the Specific Keywords option only searches the content of emails and shared files (subject, body, attachments, and attachment filenames)

Does Coro detect outgoing phishing?¶

No, Coro does not detect outgoing phishing.

If I have a protected user that reports an email as junk, does Coro perform any action?¶

No, Coro does not perform any action on emails reported as 'Junk' by a protected user.

Can deleted emails be restored by Coro?¶

No, Coro cannot restore deleted emails. Emails can only be restored directly from your inbox. Coro can however restore emails Coro that were moved to the Suspected folder.

How are Malware in Email attachment tickets resolved in Coro?¶

Malware in Email attachment tickets are auto remediated and closed automatically. Coro uses the following logic to determine email ticket outcomes:

For instances of phishing/safe feedback provided through the Coro add-in, spoofing of important domains (including customer domains), and impersonation of specific users of the customer, corresponding tickets are suggested for review and are automatically closed after the review period of two weeks.

All other flagged incoming emails, including Malware in Email attachment are deleted or removed from the Inbox and moved to the Suspected folder (offsite from the client), with corresponding tickets immediately closed.

Can an email flagged for Malware in Email Attachment be restored by Coro?¶

Any email that Coro deletes can only be restored directly from the user's inbox. Coro cannot restore deleted emails, but can recover emails that have been moved to the Suspected folder.

If an O365 Admin approves/releases a suspected email within O365 will Coro still flag it?¶

Actions performed externally are not monitored by Coro, and therefore in this situation, Coro would flag it.