Tag Management

Tags are conditions that are used by Add-in to identify whether an e-mail is safe or not. The outlook add-in checks all enabled tags. Founded tags or violations are listed in the Tags column of the logs. By examining the reported tags, a security administrator can decide to report malicious e-mail or escalate to different users for further checks.

Under the Tags menu, you can enable which checks will be executed by Add-in and define conditions.

Full list of tags are summarized below:

System Tags:

1. Link Mismatch: Specifies that monitored link or text in the mail body is not the same as the redirected link.

2. Name MailAddress Mismatch: Specifies that the sender name and surname are not compatible with the sender mail address.

3. HTML: Specifies that the mail is in HTML format.

4. Attachment: Specifies that the mail has an attachment/attachments.

5. Picture: Specifies that the mail contains a picture/pictures.

6. Link: Specifies that the body of the mail contains a link/links.

7. Link Sender Domain Mismatch: Specifies that the domain of sender address is not compatible with domains in the mail body.

8. Link in Picture: Specifies that picture in the body of the mail contains a link.

9. From Reply-To Mismatch: Specifies that the sender mail address is not compatible with the ReplyTo mail address.

10. To CC Empty: Specifies that To and CC fields of mail are empty.

11. SPF Fail: Specifies that the SPF value in the mail header information is Fail.

12. Link in File: Specifies that Files at the attachment have a link/links.

13. Recipient Mailbox Address Mismatch: Specifies that the recipient mail address is not compatible with the mailbox mail address.

14. To From Same: Specifies that the recipient mail address is the same as the sender mail address.

15. DKIM Fail: Specifies that the DKIM value in the mail header information is Fail.

16. DMARC Fail: Specifies that the DMARC value in the mail header information is Fail.

17. Suspicious Domain Category: Specifies the categories of domains in the mail body to be tagged as suspicious.

18. Malicious Domain Category: Specifies the categories of domains in the mail body to be tagged as malicious.

19. Suspicious IP: Specifies that the e-mail’s sender IP address is found suspicious due to the result of VirusTotal.

20. Suspicious Hash: Specifies that the Hashes of files at the attachment are found suspicious as a result of VirusTotal.

21. Suspicious Link: Specifies that the links in the body of mail are found suspicious as a result of VirusTotal.

22. Suspicious Domain: Specifies that the domains in the mail are found suspicious as a result of VirusTotal.

23. Matched from Shared Intelligence: Specifies that IoC information in the reported e-mail is matched with shared Intelligence.

24. Matched from Phishing Feed: Specifies that IoC information in the reported e-mail is matched with Phishing Feed.

Custom Tags:

1. Suspicious Words: Specifies the words to be tagged in the body of the e-mail.

2. First Time Seen: Specifies that the recipient received a mail from the sender address for the first time in a defined period.

3. Suspicious Command in File: Specifies the commands to be tagged in the files in the attachment.

4. IP Out of Range: Specifies that Sender IP Address is out of whitelisted IP ranges.

5. Suspicious TLD: Specifies the TLD value(Generic&Country-Based) to be tagged in the domains in the body of the e-mail.

6. Suspicious File: Specifies the file extensions to be tagged at the attachment of the e-mail.

7. Suspicious Extension: Specifies the TLD value(Generic&Country-Based) to be tagged in the sender domain address of the e-mail.

8. Suspicious Character in Domain: Specifies the character to be tagged in the e-mail’s sender domain address.

9. Suspicious Character in From/To : Specifies the character to be tagged in the e-mail’s sender and e-mail's receiver.

10. Newly Registered Domain: Specifies that the ages of domains in the e-mail are below the defined age.

​