TIP - Quarantining and releasing emails are only possible when Email Security is running in Active Mode. For more information, see Change protection mode of Email Security in Nebula.
Users receive a daily Quarantine Digest email around 15:00 UTC when they have emails that have been quarantined. These emails show which emails were removed from their inbox due to suspicious content. If a legitimate email is mistakenly removed, users must click the Ask to Release button in the digest email to ask admins to restore it to their mailbox.
How to release an email
- Once a user requests the release of an email, a notification is sent to the email addresses configured in the Notifications section of Email Security. For more information on how to receive those emails, see Set up notifications with Email Security in Nebula.
- A Nebula admin navigates to Manage > Email Security, then Email Incidents > Needs attention.
- Locate the incident and click on the Incident ID. Reference the requester and incident ID in the notification email.
- Review the confidence score, email metadata, and categorization confidence of the incident. For more information on the details available for each incident, see Email Security Needs Attention page in Nebula.
- Determine if the email is safe or not, then click Categorize as and select the appropriate option:
- Categorize as Phishing: The email remains quarantined and is logged as Phishing.
- Categorize as Spam: The email remains quarantined and is logged as Spam.
- Categorize as Safe: Marks the incident as safe and releases the email to the mailbox. The adaptive AI learns from this incorrect categorization and makes improvements to prevent these types of emails from being flagged again.
Return to Email Security guide.