Security Engines - Anti-Phishing (SmartPhish) - Spam Protection

Avanan offers Spam protection that can block Spam and Junk email from filling up the users inbox. The Anti-Spam protection includes a detection engine, powered by Avanan's SmartPhish, and set of automated actions including Mark as Spam and Quarantine (inline mode only).


  • Spam detection using state of the art machine learning engine, using similar techniques to detect phishing emails.

  • Keep the user inbox clean by blocking the spam or moving it to the Spam/Junk folder.


Spam Detection

Spam detection is powered by SmartPhish, Avanan's Phishing detection engine. Spam detection is enabled by default for email platforms.

You can set the desired SmartPhish engine confidence level. The higher the confidence level, the less detections and less false-positive.  To set the confidence level go to Configurations side menu > Security Engines > SmartPhish, and click on configure. On the configuration dialog search for the Spam confidence level.

Policies configurations

Spam behavior is configured in Office 365 and Gmail Office Threat Detection policies.

  1. Go to Policy screen. Select a Office 365 or Gmail Office Threat Detection policy.

  2. Make sure the policy is in protect (inline) mode.

  3. Locate the Spam workflow, and choose one of the following automated actions:

    • Email is allowed. Deliver to the Junk Folder (Office 365): the email is marked by Avanan as Spam by updating the Spam Confidence Level (SCL) to 9 (setting header X-CLOUD-SEC-AV-SCL: true). The email will be moved to the Spam folder by Office 365 (with the proper Mail Flow rules), based on the configured action for SCL=9 (by default set to deliver the message to the recipients' Junk Email folder).
      For more information on SCL levels see here.

    • Email is allowed. Move to Spam (Gmail): deliver the email to the user's Spam folder.

    • Quarantine. User is not alerted (admin can restore): the email is quarantined, the admin can restore the message manually from the event or the Quarantine Items screen.

    • Add [Spam] to subject: the email is delivered to the inbox, the subject is modified to start with '[Spam]' (for example, the email subject 'Are you interested' will be delivered with new subject: '[Spam] Are you interested'.

    • Do nothing:  email is delivered to the inbox.

  4. Save the policy.