Yes, Abuse Mailbox Automation can automatically remediate spam and malicious submissions, eliminating the entire campaign by locating and removing other similar emails resting in users' inboxes.
Reviewing Reported Emails is an Operational Burden
Time-Consuming Operations
Manually reviewing and triaging user-reported phishing emails can consume
hours of skilled analyst time weekly.
High False Positives
Approximately 90% of user-reported
phishing emails are deemed safe,
clogging up the queue.
Source: Abnormal Internal Data
End Users Discouraged
End users become demotivated from reporting phishing when they don’t
receive feedback.
PROBLEM:
Security Teams are Drowning in User-Reported Emails
Traditional approaches to managing user-reported phishing emails are highly manual, lack intelligence, and provide limited context about the campaign or additional recipients. As a result, IT help desks and security analysts waste time in a cumbersome and inefficient workflow, missing higher impact attacks.
THE SOLUTION:
Abnormal Inbound Email Security with Abuse Mailbox Automation
Abuse Mailbox Automation alleviates bottlenecks by using behavioral AI and automation to streamline your entire user-reported email workflow. It centralizes all user-reported messages and automatically analyzes, classifies, remediates, and responds to them, correlating them to campaigns. Additionally, Abnormal provides enhanced visibility into quantitative metrics, attack summaries, detailed email analyses, and more.
What Our Customers Say
Our customer-first approach is at the heart of everything we do.
“We’ve heard feedback from our users that report potential spam, and they appreciate the timely feedback that Abnormal delivers.”
Mike Freeman, Cybersecurity Manager
Sentara
Read Case Study
How Abnormal Saves Your Analysts Time
Automatically Triages and Remediates Emails
When users report an email, Abnormal automatically inspects and judges it as malicious, safe, or spam. If an email is found malicious, Abuse Mailbox intelligently locates and removes other unreported emails within the same phishing campaign.
The AI-powered detection and automated triage process addresses user-reported incidents more accurately, quickly, and thoroughly—saving your team hours each week and eliminating dwell time.

Responds to Users with Customizable Templates
Abnormal closes the communication loop by automatically sending a follow-up email to inform reporters of the submission outcome and remediation action.
Swifter, personalized response to end users allows the organization to improve the employee experience, encouraging phishing reporting behavior and growing a healthy cybersecurity culture.

Brings All User-Reported Emails into View
Abnormal organizes all user-reported emails in one place and provides enhanced visibility into each submission. Administrators can see full attack context for each campaign and email, as well additional details about top reporters and most attacked employees.
The enhanced visibility allows you to gain holistic attack and remediation insights, assess employees' security awareness more efficiently, and save time from locating unreported campaign-correlated emails.

Integrates with Existing Workflow and SIEM/SOAR Solutions
Abnormal integrates with existing end-user phishing reporting buttons, SIEM/SOAR solutions, and ticketing system workflows to enable centralized alerts for SOC analysts.
The most popular integrations include Palo Alto Networks Cortex XSOAR by Palo Alto Networks and Microsoft Azure Sentinel.

Inbound Email Security Features
Campaign Remediation
Abnormal’s abuse campaign remediation automatically inspects and judges phishing reports as either malicious, safe, or spam. If an email is found malicious, Abuse Mailbox Automation locates and removes other unreported emails within the same phishing campaign, grouped by similar sender display name and email subject.
Customizable End-user Notifications
With 90% of reported emails safe, managing user-reported phishing emails can be a full-time job in some organizations. Keeping reporters of phishing emails informed about whether their reported email campaign was safe, spam, or malicious encourages a vigilant cybersecurity culture in your organization.
Abuse Mailbox Automation’s customizable automated email follow-ups allow security teams to automate most of their responses in a personalized fashion within minutes of a phishing report. Closing the communication loop quickly further encourages end-users to keep reporting suspicious messages.
Mailbox Reporting
In your dashboard, abuse mailbox reporting provides visibility into trends around phishing reporting, attack types remediated, and top phishing reporters in your organization. At the campaign level, abuse mailbox reporting shows all your phishing reports in one customizable centralized management pane.
Abuse Mailbox Automation also provides the ability to export the phishing report log on a message-by-message basis in raw data format.
Mailbox TAP Integration
Connecting with other tools to streamline reporting across your technology stack is important. Abuse Mailbox Automation integrates with Proofpoint TAP alerts as an additional attack ingestion source to triage with Abnormal’s Abuse Mailbox Automation.
Reporting Button Integration
End-user phishing reporting buttons are ubiquitous in email clients. Abuse Mailbox Automation integrates with multiple email client phishing buttons, including the Microsoft 365 Report Phishing Button, the Phishing Button in Gmail clients, and Cofense’s PhishMe button.
Legacy Approach to Managing User-Reported Messages
- Only remediates individual messages
- No campaign context
- Separate abuse mailboxes per email tenant
- Manual investigation and triage requires an average of 30 minutes per message
- Manual remediation and response
- Limited visibility and reporting
Abnormal’s Unique Approach to Abuse Mailbox Automation
- Remediates campaigns
- Full campaign context
- Identity, content, and behavior-based email evaluation
- Automated triage, remediation, and response saves time
- Integration with existing phishing reporting buttons, SIEM/SOAR solutions, and ticketing systems
Deployment Outcomes
Process Automated
95%
Reduction in time spent reviewing user-reported email.
SOC Time Saved
5,000
SOC analyst hours saved annually.
Analysts Unburdened
2
Full-time employees freed from handling user-reported email.
Frequently Asked Questions About Inbound Email Security
Trusted by Global Enterprises
Accelerate Security
Operations with Abuse
Mailbox Automation
Learn how you can free up time for strategic projects when you accelerate and automate the user-reported email flow.
See a Demo
