Email security

When connected via cloud app API, does Coro scan Microsoft 365 and Gmail emails before they reach the recipient's inbox?

No, the Coro API scans emails after they have reached the recipient's inbox, and API rules are then applied.

Does Coro protect shared email addresses?

Yes, Coro protects shared email addresses in licensed Microsoft 365 shared mailboxes. Additionally, Coro’s Inbound Gateway email proxy service extends protection to both licensed and unlicensed shared email addresses.

Can Coro connect to a Microsoft G-level licensing product, for example, Office365 GovG1?

No, Coro cannot connect to a Microsoft G-level licensing product.

Does Coro's email phishing protection scan emails once received?

Yes, all incoming emails are scanned as soon as they are received.

I am utilizing Google Workspace Sync for Microsoft Outlook and am having difficulty downloading the Outlook plug-in since my admin account is setup with Google Workspace. Is there a downloadable file available for the Outlook Email Feedback plug-in?

Unfortunately, this is not possible. With add-in distribution, the add-in is linked to your organization's Microsoft 365 business account, which is needed for the add-in to work properly.

When an Admin User blocks a domain or email, does a retroactive scan delete the blocklisted emails from the inboxes of all protected users?

Previous emails are never deleted. Only the current emails from the sender/domain from which the administrator blocked the sender/domain, as well as all subsequent emails from this sender/domain, are deleted.

Does Coro store my incoming/outgoing emails and disclose sensitive information?

Coro does not store emails from its customers. Only emails associated with tickets are temporarily stored in a privacy-preserving manner.

Can emails flagged by Coro be redirected to folders other than the Coro Suspected folder?

Yes, you can specify the default folder where phishing emails are stored for Microsoft 365 and Gmail.

The options are:

• Dedicated Suspected folder : This is selected by default. All quarantined emails are stored in the dedicated Coro Suspected folder.
• System trash folder : All quarantined emails are stored in the system (Microsoft 365/Gmail) trash folder instead of the dedicated Coro Suspected folder.

For further information, see Specifying the default email quarantine folder.

What happens when emails with attachments of specific file types are quarantined?

These are treated as phishing emails. Incoming emails containing attachments of the file types defined are automatically quarantined, and Coro creates a Forbidden attachment type ticket to record the event.

For further information, see Quarantining email attachments by file type.

Does Coro auto remediate (block and delete) emails that are confirmed to contain malware?

Yes, Coro automatically remediates emails confirmed to contain malware. Coro's Email Security module scans incoming emails for malicious attachments, deletes the email and attachments for all recipients, and closes the ticket without requiring admin user intervention. In contrast, Coro's Inbound Gateway add-on blocks and quarantines emails for admin user review, enabling them to analyze threats and take appropriate action to safely remove malicious content, or identify false positives and release the email to its recipients.

Does Coro's email security layer detect malware/phishing before they reach the inbox?

Coro's Email Security module is API-based and detects malware and phishing after an email is delivered to a user's mailbox. Alternatively, Coro's Inbound Gateway add-on intercepts inbound emails before they enter an organization's network.

For further information, see Inbound Gateway.

If I have a protected user that reports an email as junk, does Coro perform any action?

No, Coro does not perform any action on emails reported as 'Junk' by a protected user.

How are Malware in Email attachment tickets resolved in Coro?

By default, Coro's Email Security module scans incoming emails for malicious attachments, deletes the email and attachments for all recipients, and closes the ticket without requiring admin user intervention. In contrast, Coro's Inbound Gateway add-on blocks and quarantines emails. Admin users can inspect tickets raised to identify a blocked email event and, depending on the type of threat, choose to allow the release of the email to its recipients as safe or block the email and its contents permanently.

In addition, Coro offers a Warn recipients mode which, when selected, does not delete, quarantine, or block incoming malicious emails. Instead, the email is delivered to recipients as normal but with an added warning label or banner in the message showing the detected threat. Malware in Email Attachment tickets continue to be raised for these events, but as the email has already been delivered, these tickets are closed and presented for information only (and to enable admin users to add senders to allowlists and blocklists for future remediation decisions).

If an O365 Admin approves/releases a suspected email within O365 will Coro still flag it?

Actions performed externally are not monitored by Coro, and therefore in this situation, Coro would flag it.

What happens when 'Quarantine emails with attachments of these specified file types' is enabled?

When ‘Quarantine emails with attachments of these specified file types’ is enabled, emails containing any of the file types specified are moved to your selected quarantine folder. A corresponding Forbidden Attachment Type ticket is created and automatically closed by Coro. The logic by which Coro scans the email for any suspicious behavior remains the same (e.g. Coro checks if the sender is on the Blocklist/Allowlist).

What type of ticket is created for an email quarantined due to having an attachment of a specific file type?

The ticket type created is dependent on the detectors which are triggered. Attachments of a specific file type are treated as a Forbidden Attachment Type ticket, and the email is moved to your selected quarantine folder. The Forbidden Attachment Type ticket is automatically closed by Coro.

Can the Secure Messages add-on encrypt and send large file attachments?

The maximum file size for a single message attachment is 40 MB, with a total file size of 100 MB for all attachments.

How can I purchase and enable Inbound Gateway?

For assistance with purchasing and setting up the Inbound Gateway, contact our sales team.

How much does it cost to purchase Inbound Gateway?

Inbound Gateway is an add-on for the Email Security module. For more information, contact our sales team, or visit Pricing.

How do I configure Inbound Gateway to work with my email service?

For information on configuring the Inbound Gateway, see Configure the Inbound Gateway

How do I manage quarantined emails?

For information on managing quarantined emails, see Manage quarantined emails

Is Inbound Gateway compatible with email services other than Microsoft or Google?

Yes, the Inbound Gateway is compatible with any email service, provided the customer owns the domain, allowing Coro to update the DNS records.

What is the difference between Warning-Only and Block modes? Which one should I select?

Warning-Only mode: Emails suspected of phishing or malware are marked with warnings without being blocked; it is suitable for testing or when business continuity is a priority.

Block mode: Emails suspected of phishing or malware are blocked, quarantining them securely until admin user review, offering higher security and control.

What does an email marked as 'SUSPECTED' mean?

The 'SUSPECTED' tag alerts you to exercise caution with the email. In Warning-Only mode, Coro Inbound Gateway flags suspicious emails without blocking, allowing recipients to review them.

Is it possible to send encrypted messages from a mobile device using Secure Messages?

The Secure Messages portal can be accessed on mobile devices through a web browser. For Google Workspace accounts, the Secure Messages Gmail add-in, which is supported on both web and mobile platforms of Gmail, secures outbound messages sent from Gmail. For Microsoft 365 accounts, the Secure Messages Outlook add-in is currently only supported on web platforms.

Does Coro detect and remediate spam emails?

Yes, Coro can identify spam content in email message bodies, headers, and any attachments. Coro includes a specific ticket type, Spam, used to categorize and remediate spam identified in protected users' emails. Coro's spam filter works with both the Email Security module and the Inbound Gateway add-on.

Can I create allowlists and blocklists based on IP addresses and IP address ranges?

Yes, Coro supports allowlisting and blocklisting for IP addresses and IP address ranges.

For further information, see Allow or block email senders.

Can I choose to not quarantine suspicious emails?

Yes, you can configure Coro to display warning banners in emails sent to your protected users. These banners alert recipients to potential threats and provide guidance to help them make informed decisions.

For further information, see Email Security settings .

Is it possible to customize the message in the email body of outbound messages in the Secure Messages add-on?

No, you can't customize the message body.

Is it possible to customize the warning banner message in the Email Security settings when the security mode is set to Warn recipient?

No, you can't customize the warning banner message.

With the Secure Messages add-on, can I set an expiration date for encrypted emails?

Yes. You can set encrypted emails received through the Secure Messages add-on to expire after a specified number of days. Expiration dates help prevent data leakage, protect sensitive information by limiting access, and ensure compliance with regulations.

With the Secure Messages add-on, can I restrict forwarding of encrypted emails?

Yes. You can disable message forwarding for encrypted emails in the Secure Messages portal. This feature gives users more control over sensitive information and helps prevent unauthorized or unintentional sharing.