Email Protection - Warning banners

Avanan provides a variety of automated actions that the security administrator can choose from - such as quarantine malicious emails.

In some cases, the Security Admin can choose not to block the email, and allow it to be delivered to the inbox - for example, suspicious (low confidence) email detections. For these scenarios, Avanan allows warning the end-users of the potential risks detected on these emails by embedding a banner that explains the nature of the risk.

Embedding warning banners are available in Protect (inline) and Detect and Prevent modes only.

Types of warning banners

The following warning banners are generated, based on the detection attributes:

  • Suspected phishing: This email contains elements that may indicate "Phishing" intent - aimed at tricking you to disclose private/financial information or even your credentials.

  • Suspected phishing - potentially trusted sender: This mail is suspected to be a phishing e-mail. Are you sure you trust the sender (<sender>)?

  • First time sender: We do not know this sender, do you trust <sender>?

  • Non-authentic internal email: The email is sent from the organization's domain (<domain>), but suspected as non-authentic.

  • Potential Impersonation: The sender <sender> seems to be using a different email address than in the previous correspondence (<previous email>), this often indicates an impersonation attempt.

Sample banners


Configure warning banner

To configure Avanan to embed warning banners:

  1. Go to Policy > Office 365 Emails Threat Detection.

  2. In the Suspicious Phishing workflow, select User receives the email with a warning.

  3. You can configure the banner layout by clicking the gear next to the workflow. Edit the HTML to match the desired layout.

  4. Save the policy.