Security Engines - Anti-Phishing (Smart-Phish) - Spam Protection

Avanan offers Spam protection that can block Spam and Junk email from filling up the user's inbox. The Anti-Spam protection includes a detection engine powered by Avanan's Smart-Phish, and set of automated actions, including Mark as Spam and Quarantine (inline mode only).


  • Spam detection using state of the art machine learning engine, using similar techniques to detect phishing emails.

  • Keep the user inbox clean by blocking the spam or moving it to the Spam/Junk folder.

Spam Detection

Spam detection is powered by Smart-Phish, Avanan's Phishing detection engine. Spam detection is enabled by default for email platforms.


You can set the desired Smart-Phish engine confidence level. The higher the confidence level, the fewer detections and fewer false-positive. To set the spam confidence level:

  1. Go to Security Settings > Security Engines > Smart-Phish
  2. Click Configure for Smart-Phish.
  3. On the configuration window, scroll down to the Spam confidence level and set the desired confidence level.
  4. Click Save.

Policies configurations

Spam behavior is configured in Office 365 Mail and Gmail Office Threat Detection policies.

  1. Go to Policy screen. Select Office 365 Mail or Gmail Threat Detection policy.

  2. Make sure the policy is in Protect (Inline) mode.

  3. Scroll down to the Spam workflow, and select one of the workflows:

    • Email is allowed. Deliver to the Junk Folder (Only for Office 365 Mail): The Anti-Phishing engine marks the email as Spam by updating the Spam Confidence Level (SCL) to 9 (by setting the value of header X-CLOUD-SEC-AVSCL to True). The email will be moved to the Spam folder by Office 365 (with the proper Mail Flow rules), based on the configured action for SCL=9 (by default set to deliver the message to the recipient's Junk Email folder).
      For more information on SCL levels, see here.

    • Email is allowed. Move to Spam (Only for Gmail): The Anti-Phishing engine delivers the email to the user's Spam folder.

    • Add [Spam] to subject: The email is delivered to the inbox and the subject is modified to start with ' [Spam]' (for example, the email subject 'Are you interested' will be delivered with new subject: '[Spam] Are you interested').

    • Quarantine. User is alerted and allowed to restore the email: The email is quarantined and the user is allowed to restore the email.

    • Quarantine. User is not alerted (admin can restore): The email is quarantined and the admin can restore the email.

    • Email is allowed. Header is added to the email: The detected email is delivered to the recipient with an additional header that can be configured in the policy.

    • Do nothing:  email is delivered to the inbox.

  4. Save the policy.

Trusted Senders - End-User Spam Allow-List

See Trusted Senders - End-User Spam Allow-List.