How Coro handles malicious email

Coro's Inbound Gateway handles and remediates malicious email based on your Email Security scan settings:

Threat type security modes

When threat scanning is enabled, outcomes are:

  • Quarantine : Emails are blocked from end recipients and remain in Coro's dedicated secure quarantine storage pending remediation.
    note

    The quarantine location you select in the Email Security Settings tab applies only to Coro's API-based Email Security module and is not applicable to email handled by the Inbound Gateway.

    Admin users can inspect associated tickets through the Coro console and, depending on the type of threat, choose to Allow release of the email to its recipients as safe or Block the email and its contents permanently.

  • Warn recipient : Emails are sent on to intended recipients as normal, with a warning label (Gmail) or banner (Microsoft 365/Outlook) added to the email subject line.

    For example:

    Email warning examples

    Admin users can inspect tickets raised to identify a suspicious email event; however, this is for information only and no further remediation actions are available as the email has already been forwarded. Ticket actions might be limited to retrospective operations such as adding the sender's email address, domain, or IP address to an allowlist or blocklist for future remediation decisions.

    Important

    Your email service provider can perform its own remediation on delivered emails and could, for example, quarantine emails itself that Coro has detected as potentially harmful, but delivered with a warning.

Reviewing email security tickets

Coro raises tickets to represent suspicious email events. These tickets contain findings concerning the nature of the threat observed, key details such as the sender and recipients, and a range of remediation actions.

To view your email security tickets:

  1. Sign into your Coro workspace.
  2. From the Actionboard , select the Email Security panel:

    Email Security dashboard

  3. Use the threat type links listed in the right-hand pane to view tickets of that specific type, or select All to view all email security tickets.
    note

    Alternatively, select the Ticket Log icon in the toolbar and set a module filter of "Email Security". To learn more, see Using the Ticket Log.

  4. Review a ticket instance and select Actions to view the available remediation actions. For example:

    Ticket actions for

To learn more about email security ticket types and available remediation actions, see Email Security ticket types.