What is Sphinx Email Protection?

Traditionally, email is the hardest component to secure in a company’s IT infrastructure. The good news? If you got to this page by clicking a banner in your email, your company has implemented Sphinx Email Protection!

We’re making email threat detection easier. Sphinx Email Protection uses AI to identify risky emails and places the following banners at the top of your email to let you know how much caution to take:


The email does not appear to be malicious, phishing, or spam. Sphinx Email Protection also notifies you if the sender is within your company (Internal) or outside your domain (External).


The email is suspicious: it could be spam, phishing, or contain malicious content. You should be extraordinarily careful about clicking on links or opening any attachments.


The email is confirmed to be spam, phishing, or contain malicious content – Do not click links, open attachments, or reply to the sender with any confidential or personal information.

Aside from these banners, your email is not altered in any way, so formatting and other features appear exactly the same as before. If you think Sphinx Email Protection isn’t accurately reporting email risks of an email, click the “report email” link below the banner and let us know why. This improves our algorithm and transforms YOU, the user, into a part of the security team.

Sphinx Email Protection doesn’t replace standard security awareness.

While it can make your company safer, Sphinx Email Protection is only one tool in the fight against spam, phishing, and malicious emails. Always remember your Security Awareness Training and apply it to every email you receive. Sphinx Email Protection cuts through the clutter, making it easier to determine if an email is safe or dangerous: it’s a great resource when paired with your security awareness.

Frequently Asked Questions

Sphinx Email Protection is an email product that uses sophisticated machine learning and artificial intelligence to analyze incoming messages for signs of phishing, spam, and other email-based threats.
The banners are inserted by Sphinx Email Protection to alert you of any possible threats in your emails. The banners also display the email sender’s address and mark if an email is internal (from someone in your organization) or external. If you see these banners, it means that your IT staff has deployed Email Protection and included you in the group of protected users.
A gray banner indicates that Sphinx Email Protection did not find anything unusual or suspicious about the message. Even though the message was not classified as threatening, you should always check the displayed sender address and the source type to be sure it makes sense (e.g., an external webmail address for a message from a colleague may be cause for concern).

A yellow banner indicates that Email Protection found something unusual about the email message. It is not necessarily phishing or dangerous, but something you should be aware of. For example, a request for sensitive personal information should be given extra scrutiny. Mail that seems out of the ordinary or is spammy in some way may receive a yellow banner.

A red banner indicates that Email Protection thinks the message is suspicious and likely to be phishing or dangerous in some other way. This includes brand impersonations (e.g., a fake “account alert” email from your IT department), blacklisted phishing URLs, or attempts to spoof mail to look like it came from an internal company account.

Look carefully at who the mail is from and whether it is from a source you trust. Be especially careful about clicking any links in the body of the email or opening any attachments.
In most cases, you can simply delete the message and move on. In many SPHINX Email Protection deployments, your IT staff, security team, or email administrator will configure your mail server to quarantine or delete “red flagged” mail before it reaches your mailbox. In other cases, the mail will still be delivered with the banner telling you to be careful.
If you think Sphinx Email Protection has made a wrong classification, or if you just want to confirm that Email Protection got it correct, click the “Report This Email” link found in the bottom-right corner of each banner.

This will take you to a web form where you can indicate that the message is truly Safe, Spam, or Phishing. You can also provide a comment describing your assessment. This feedback is used to automatically improve Email Protection’s predictions in the future. Your submissions are also manually reviewed to improve the overall system and ensure Email Protection provides the most accurate security possible.

Part of Sphinx Email Protection is the ability to perform real-time checks on any links you click. If this feature is enabled, clicking on links in a yellow or red banner email will take you to a page reiterating that Email Protection found the message to be unusual or suspicious. In some cases, a message that originally only had a grey banner contains a link that is later detected as a dangerous phishing URL. In that case, when you click the link, Email Protection’s real-time check will detect you clicked on a bad link, and you’ll be met with a blocker page alerting you of that fact.
Please contact your IT staff, security team, or email administrator who can pass your feedback along to the appropriate Sphinx support person. They will be able to fine-tune your Email Protection policies and settings to help make things work as smoothly as possible.

Keep your emails protected with our complete protection package.

Get in Touch