Select Page

Retarus Glossary

Email Security Report


The email was moved to quarantine because it has an attachment that is on your current blocklist. The attachment was blocked by your administrator because it could be used by attackers or because receiving this file type violates your company’s internal policies.

  • Threat Level 3 of 5*


The email was blocked because the sender address is on one of your valid blocklists. You administrator has either made this setting for the entire company or you have added the sender to your personal blocklist in the Retarus quarantine. The blocked email was sent by an unwelcome or even fraudulent sender.

  • Threat Level 3 of 5 *

Custom Rule

The email was moved to quarantine because it falls under a rule that was configured by your administrator within the Retarus Predelivery Logic service.

  • Threat Level 2 of 5*

CxO Fraud

This email was classified as suspicious or potentially fraudulent because the sender's email address could be fake. CxO Fraud emails (also known as “managerial impersonation”) send fake instructions from someone posing as a manager typically asking you to make a payment or transfer money.

For your protection, the message was moved to quarantine. Never reply to the email in question. When in doubt, contact the indicated sender by phone to verify the contents of the message.

  • Threat Level 4 of 5 *


The DKIM signature (DomainKeys Identified Mail – a method for verifying the identity of the sender) for this email is invalid. Either the sender could not be verified, meaning the email could be fraudulent, or the contents of the email were modified during transmission. The origins or content of the email were categorized as questionable and the message was moved to quarantine for security purposes.

  • Threat Level 4 of 5 *


DMARC specifications (short for Domain-based Message Authentication, Reporting and Conformance) are used to verify the origin of emails. The authentication for the affected email failed. The affected email has been moved to quarantine as requested in the policy by the owner of the sender domain for such cases.

  • Threat Level 4 of 5*

Message Size

The email was blocked because the message or the attachment exceeds the maximum size defined by your administrator.

  • Threat Level 1 of 5 *

NDR Spam

If there is an unusually high number of NDRs (non-delivery report, bounce message), security mechanisms, which caused this email to be blocked, are triggered automatically. This prevents what are known as backscatter effects to occur, which result in an enormously high number of undeliverable emails.

  • Threat Level 2 of 5*


The email was categorized by your administrator as a potentially unwelcome newsletter and therefore moved to quarantine. You can add the sender or the sender domain to your personal allowlist from your email quarantine settings.

  • Threat Level 1 of 5*


The email was moved to quarantine due to suspected phishing.

Criminals use phishing links to access confidential data such as passwords or to spread malware. Phishing emails and the website links within them, are often created by scammers to look very much like the original (e.g. messages from banks, telecommunication providers, authorities, email servers, or online shops), down to the very last detail.

Never click on the links in such emails, even if they appear to be legitimate. Never, under any circumstances, reply to these emails and never disclose any personal data, even if requested.

  • Threat Level 5 of 5 *


The email’s attachments were analyzed in detail by the Retarus Sandboxing Service in a protected environment using heuristic methods and machine learning algorithms and returned a conspicuous result. The message could contain malware and was moved to quarantine or deleted for your protection.

  • Threat Level 5 of 5 *


The email was categorized as spam, in other words, as an unwelcome or potentially harmful advertisement, and moved to quarantine. It was classified as spam and assigned a spam probability through use of numerous automated analyses and based on various, continuously updated data sources.

Your administrator can define the “sensitivity” of the spam identification feature. However, people have different perceptions and definitions of when an email should be categorized as spam. Users can use blocklists and allowlists to make personal email quarantine settings, block specific email senders, or remove them from the spam filter.

  • Threat Level 2 of 5*


SPF (Sender Policy Framework) is a method used by the email server to legitimize the sender's domain. The SPF entry of this email is invalid and the IP address of the sending server is not saved in the corresponding DNS entry. This means that the sender could be fraudulent and the email was moved to quarantine or deleted.

  • Threat Level 4 of 5 *


The email has an attachment that has been infected by malware. For your security, the message and attachment were deleted and you can no longer access them.

  • Threat Level 5 of 5*

* : 1 = lowest, 5 = highest