To provide an outstanding level of protection against known and emerging email threats, Email Protection uses a combination of complementary technologies, including multiple industry-leading email security engines.

First, messages are assessed and categorized according to the collective results of all checks, and then routing actions are applied according to policy configuration.

Primary categories

All messages processed by Email Protection receives one of the following primary categories:

  • Certain Spam: The message was classified as SPAM with high certainty.
  • Probable Spam: The message was classified as SPAM with less certainty.
    Note: you can adjust the sensitivity level of this category to be more aggressive, relaxed, or moderate. Read the KB article Email Protection: Message Routing for more information.
  • Virus: One or more engines determined the message to contain a virus or other malware.
    Note: if message contains a virus, the original message with attachment goes to Admin Quarantine and must be manually released if needed. The intended recipient receives a message without any attachments. If the same message is also assigned a spam score, the original message with the attachment will be available through Admin Quarantine only. 
  • Legitimate: The message was not classified as spam and did not contain malware. The message will be still subjected to additional checks and additional categories may be applied.
  • Error: Email Protection encountered an irrevocable error during the scanning process. All messages with this category are delivered to the Admin Quarantine.
  • Uncategorized: Engine scanning was not performed, and the message will not be subjected to any additional processing. Messages sent from Blocked Senders will receive this category and will be dropped.
    Note: it is not possible to retrieve messages that got dropped. The sender will have to resend them.

Additional categories

Depending on the Email Protection policy settings, other checks may be run and the message may receive one or more of the following additional categories:

Safe Senders

Messages from Safe Senders will still be scanned by the Email Protection engines, however, any actions will not be taken for checks that are bypassed.

Safe Senders


  • By default, only the spam and marketing actions are bypassed for Safe Senders. This can be adjusted for each sender depending on the security risk associated with the sender
  • Enable the Require Authentication condition to ensure that safe senders are not being spoofed.
    Note: this requires the sender to have correctly configured SPF.
  • You can check a specific user's personal Safe & Blocked Senders Lists with the User Quarantine Takeover tool. Read the KB article on Email Protection: User Quarantine Management In HostPilotĀ® Control Panel for more information.
  • Note: the User Quarantine message routing option must be enabled. Senders on the personal safe list will only ever bypass the spam and marketing actions.
  • Restrict permissions for users to add items to their personal Safe & Blocked lists in the User Quarantine that can be found under HostPilot > Email Protection > Settings > Default user settings.


Some actions do not affect how a message is delivered, but may instead modify the email. These modifiers are:

  • Tag Subject: the subject line will be prepended with a text string.
  • Tag body: the email body will be prepended with colored text string.
  • Re-write URLs: links within a message will be modified, so they can be scanned when the user clicks them.
  • Send silent copy: a blind copy of the message will be sent to a designated recipient.


After all filters and checks have been considered it is possible for a message to have multiple delivery options. In this situation Email Protection will use most restrictive destination according to the following order:

  1. Drop
  2. Admin Quarantine
  3. User Quarantine / Junk Email folder (depending on Message Routing settings selected on your account)
  4. Inbox
  5. Inbox with tag


  • Use Email Tracking to understand how a particular email was processed by Email Protection
  • Use Email Reporting to generate a detailed offline report
  • Use the Security Dashboard for visual statistics of how emails have been categorized and routed across all mailboxes