When MailShield intercepts an email that crosses your spam score threshold, the message is blocked from reaching your network and held securely in your quarantine queue.
Because no security filter is absolutely perfect, administrators can review these held messages and manually release any legitimate emails (false positives) so they can be safely delivered.
Safely previewing held emails
You do not need to guess whether an email is safe based purely on its subject line. MailShield allows you to look at the actual contents of the email without putting your computer or network at risk.
- Log into your MailShield dashboard and navigate to the Quarantine page.
- Locate the email you want to review. On desktop, hover over the row and click the Eye icon (Preview). On mobile devices, simply tap the email row.
- The Secure Sandbox Preview window will open.
This sandbox is a highly restricted environment. MailShield automatically disables all hyperlinks and blocks hidden tracking pixels inside the email. This guarantees that even if the email contains a malicious virus or ransomware payload, it cannot execute or infect your machine while you are previewing it.
Understanding the threat analysis
At the top of the preview window, you will see a dark header band containing the email's metadata. Alongside the sender and recipient details, you will find:
- Spam Score: The total number of penalty points the email accumulated during scanning.
- Reason Tags: Specific, colour-coded badges explaining exactly why the email was flagged (e.g., "Invalid DKIM", "Suspicious Link", or "Forged Sender").
Use this analysis to help you decide whether the email is a genuine threat or a harmless message that simply tripped the filters.
Releasing the email
If you determine the email is safe and belongs in the user's inbox:
- From inside the preview window, click the green Release to Inbox button at the bottom of the screen.
- (Desktop shortcut): If you do not need to preview the email, you can click the green Checkmark icon directly on the email row in the main quarantine table.
Once released, the MailShield gateway will instantly forward the message, and it will arrive in the original recipient's inbox within a few moments. The email will then be removed from your quarantine view.
Note: If you need to investigate the raw headers of a malicious email, users on the Strict, Compliance, and Enterprise plans can click Export .eml from the preview window to download a safe, encapsulated forensic copy of the original message.