Automate and Enhance Your Abuse Mailbox Visibility

Managing and monitoring an Abuse Mailbox can be a significant pain point for IT security teams, particularly large organizations with thousands of employees. It can result in thousands of hours spent manually reviewing, researching, and identifying which emails are malicious, and then attempting to manually remove all copies of the email threat before users potentially trigger them.

In contrast, the Abnormal Abuse Mailbox automatically remediates abuse campaigns for nearly all of the phishing reports it receives. Because of this, customers only see a small subset of the emails that appeared in their phishing mailbox.

The product enhancement, released in August 2021, expanded customer visibility into Abuse Mailbox and now provides a complete view of all the email submissions that Abnormal’s Abuse Mailbox did not process. An IT security analyst is provided the chance to reply to phishing reports, without the need to switch between their regular email client used to review phishing emails and the Abnormal portal, improving workflow and saving time. Note how cumbersome using a traditional email client is to review submissions without intelligent filtering, judgment, orchestration, or automatic email content analysis.

There are situations where the original email was not found in the user’s inbox, or crucial information was not parsable from the submission. An IT Security Administrator can now view the complete list of phishing campaigns via the new ‘Not Analyzed’ tab within the Abuse Mailbox part of the UI, which is especially useful for when a message originated from a phishing simulation.

Furthermore, an IT Security Analyst or any other assigned employee via our role-based access controls (RBAC) can obtain a detailed Abuse Mailbox submission report and optionally email the reporter, notifying them of the submission status.

An astonishing ~85% of submissions to an abuse mailbox are safe, which leads to noise for IT Security teams who have to manually review, taking them away from vital cybersecurity operations.

To help alleviate the submission and alert fatigue, Abnormal intentionally does not process non-phishing-report-like emails such as automated alerts, company announcements, marketing newsletters, or non-phishing service desk tickets. Messages within these categories will appear in the Abuse Mailbox Not Analyzed tab.

Phishing email campaigns need to originate from the organization's tenants for Abuse Mailbox to locate, extract, analyze, and remediate the email.

Abuse Mailbox extracts, analyzes, automatically remediates, and responds to employee-reported phishing campaigns. Abnormal’s Abuse Mailbox automation saves time and the cost of responding to reporters and encourages users to continue reporting phishing emails while educating them.

Over time, we aim to continually work with our customers to expand our capabilities so that they can focus on the highest priority security events, as opposed to manually investigating abuse mailbox submissions and remediating email-borne threats.

Not yet an Abnormal customer? Request a demo today to learn how Abnormal can enhance your email security capabilities and provide visibility into email threats that other solutions miss.