Phishing messages are fraudulent messages specifically designed to trick a user into providing sensitive information or to deploy malicious software on to the computer network. Mail detected as phish can have been spoofed or faked, so the use of protocols and frameworks such as SPF, DMARC and DKIM can help stop these.
Messages with a Main Class of Phish can have any of the following Sub Classes:
Sub Class:
dmarc-quarantine
The sender's domain has a strict DMARC policy in place which indicates that the message should be quarantined.
dmarc-reject
The sender's domain has a strict DMARC policy in place which indicates that the message should be rejected.
spf
The envelope sender's domain indicated that the message was a phish.
If this is legitimate mail, this could be due to a forwarding construction. Please see the Set up SPF page for more information.
Release and training large amounts failed SPF messages can result in the sending domain being skipped from further SPF checks and is not recommended.
dkim
The message has an invalid DKIM signature.
pattern
The message layout, format or content matched a pattern known to be found in spam and phishing attempts.
Release and train the message from quarantine to report it as a classification mistake to correct our systems.
The rejection message received by the sender contains more information.
Extra Class
The Extra Class of messages with this Sub Class will show the source of the data which gave a content pattern match.
pattern-remote
The message contained a link to content that matched a pattern known to be found in spam and phishing attempts.
Release and train the message from quarantine to report it as a classification mistake to correct our systems.
The rejection message received by the sender contains more information.
Extra Class
The Extra Class of messages with this Sub Class will show the source of the data which gave a content pattern match.