Every email in Shield includes a Heads-Up Display (HUD) at the top. Color-coded indicators show what's safe and what's suspicious at a glance. And if risk or trust levels change after a message lands, the HUD updates automatically for more informed decision making. It also serves as one-click access to X-ray—more on that next.
Take a deeper look inside your message.
Michael Torres <mtorres@acmecorp.com>
Trusted
Re: Q1 Budget Review — Looks Good
10:23 AMHey Sarah,
Just reviewed the updated numbers — everything looks solid. I've approved the infrastructure line items and looped in Dana on the headcount request.
See you at the 2pm sync.
— Mike
This email was sent from a trusted region.
This email is digitally signed by acmecorp.com.
The source of this message is authorized to send email for acmecorp.com.
Your privacy is protected. No trackers found in this email.
Take a deeper look inside your message.
This is your first email from this sender. Do you want to Trust or Silence them?
Amanda Park <apark@veritas-partners.co>
New Sender
Quick intro — think we could work well together
3:31 PMHi,
I came across your company while researching MSPs in the region and wanted to reach out directly. We help IT teams reduce onboarding time by around 40% — happy to share a quick case study if that's relevant to what you're working on.
Worth a 15-minute call?
Amanda Park
Veritas Partners
This email originates from a familiar region.
This email is digitally signed by veritas-partners.co.
The source of this message is authorized to send email for veritas-partners.co.
Your privacy is protected. No trackers found in this email.
Take a deeper look inside your message.
Billing — Datadog <billing@datadog.com>
Silenced
Your invoice #INV-20482 is ready
8:02 AMHi there,
Your invoice for the period Feb 1–28, 2026 is now available in your Datadog billing portal. Total due: $1,284.00 on March 15, 2026.
Log in to view or download your invoice.
Datadog Billing
This email was sent from a trusted region.
A lot of bad email comes from foreign countries, so tracing the origin can be one of the quickest and easiest ways to tell if an email is safe.
This email was sent from the United States, which is a typical delivery region.
This message appears to be bulk or unwanted email.
Bulk email comes in many forms including advertising, newsletters, and other automated emails. This message looks like a bulk or automated email.
Occasionally, email you want will be bulk email. If this is from a wanted sender, you can trust them to always receive their messages. If you never want to receive email from this sender, you can silence them.
This email is digitally signed by mail39.wdc01.mcdlv.net.
Senders can use a digital signature to mark an email as authentic. Think of it as the digital version of a wax seal on an envelope.
The signature on this email was valid for mail39.wdc01.mcdlv.net. This indicates that the email has not been spoofed or tampered with, kind of like an unbroken wax seal.
The source of this message is authorized to send email for mail39.wdc01.mcdlv.net.
Organizations publish a list of sources that are allowed to send email. Being aware of the source can be helpful when determining if a sender is legitimate.
The source of this message is an authorized sender for mail39.wdc01.mcdlv.net.
However, it's worth noting that the sender domain that authorized this source is not the same as the domain that shows in the from address (mail39.wdc01.mcdlv.net). This may be for legitimate reasons or it may be an attempt to hide the true sender.
Your privacy is protected. Shield blocked 1 tracker in this email.
Spy trackers embedded in email can report back to the sender with information like if you opened the email, when you opened it, where you are located, and how you opened it. Shield blocked these trackers to protect your privacy.
Take a deeper look inside your message.
IT Service Desk <helpdesk@acme-it-support.net>
Silenced
Action required: Verify your account details
2:47 PMHello,
We've detected that your account information may be out of date. To avoid disruption to your services, please verify your details using the link below within 24 hours.
Verify my account
If you did not request this, you can safely ignore this message.
IT Service Desk
This email was sent from a untrusted region.
A lot of bad email comes from foreign countries, so tracing the origin can be one of the quickest and easiest ways to tell if an email is safe.
If you don't think the IT Service Desk would have sent you an email from Pakistan, be extra cautious if you open or reply to this message.
This message appears to be spam.
Spam comes in many forms including advertising, phishing, malware, and scams. It's often sent in bulk. This message looks like spam but it's not obvious.
Occasionally, email you want will look like spam. If this is from a legitimate sender, you can trust them to always receive their messages. If you never want to receive email from this sender, you can silence them.
This message came from a server that has a bad reputation for sending abusive email.
When an email comes from a server with a bad reputation, it is often because the server has been compromised and is being used to send spam without the owner's knowledge. It can also be because the server is intentionally sending spam. Either way, this is a bad sign.
This email is digitally signed by billut.com.
Senders can use a digital signature to mark an email as authentic. Think of it as the digital version of a wax seal on an envelope.
The signature on this email was valid for billut.com. This indicates that the email has not been spoofed or tampered with, kind of like an unbroken wax seal.
The source of this message is authorized to send email for billut.com.
Organizations publish a list of sources that are allowed to send email. Being aware of the source can be helpful when determining if a sender is legitimate.
The source of this message is an authorized sender for billut.com.
Your privacy is protected. Shield blocked 1 tracker in this email.
Spy trackers embedded in email can report back to the sender with information like if you opened the email, when you opened it, where you are located, and how you opened it. Shield blocked these trackers to protect your privacy.
Take a deeper look inside your message.
Robert Harmon <rharmon@acmecorp-mail.net>
New Sender
Quick favor — need you to handle something
11:55 AMHey — I'm in back-to-back meetings all afternoon and can't make calls. Need you to take care of a vendor payment for me before EOD. It's time-sensitive.
I'll explain everything later but just need you to initiate the wire now so we don't miss the window. Details are in the instructions below.
View payment instructions
Don't loop in anyone else on this yet — I'll brief the team once it's done. Thanks for handling it.
— Rob
This email was sent from an untrusted region.
A lot of bad email comes from foreign countries, so tracing the origin can be one of the quickest and easiest ways to tell if an email is safe.
If you don't think Robert Harmon would have sent you an email from Singapore, be extra cautious if you open or reply to this message.
This message claims to be from Robert Harmon, but it's not really him.
Email impersonation is a deceptive technique where an attacker disguises the source of an email to make it appear as if it is coming from a different sender. It is commonly used for phishing scams or to distribute malware by tricking recipients into believing the email is legitimate.
This message appears to be spam.
Spam comes in many forms including advertising, phishing, malware, and scams. It's often sent in bulk. This message looks like spam but it's not obvious.
Occasionally, email you want will look like spam. If this is from a legitimate sender, you can trust them to always receive their messages. If you never want to receive email from this sender, you can silence them.
The source of this message is unauthorized to send email for acmecorp.com.
Organizations publish a list of sources that are allowed to send email. Being aware of the source can be helpful when determining if a sender is legitimate.
This email came from a source that is NOT on the list of senders for acmecorp.com.
Also, the sender domain is not the same as the domain that shows in the from address (acmecorp.com). This may be an attempt to hide the true sender on a forged email.
This message came from a server that has a bad reputation for sending abusive email.
When an email comes from a server with a bad reputation, it is often because the server has been compromised and is being used to send spam without the owner's knowledge. It can also be because the server is intentionally sending spam. Either way, this is a bad sign.
Your privacy is protected. Shield blocked 3 trackers in this email.
The trackers embedded in this email can report back to the sender with information like if you opened the email, when you opened it, where you are located, and how you opened it. Shield blocked these trackers to protect your privacy.
The HUD uses colors and icons to signal risk at a glance. The same icons carry over into X-ray, where each one is paired with a plain-language explanation. Over time, this approach helps users learn better security habits organically using the real emails they receive every day.
All of them, without apps or plugins.
While we do not recommend doing so, the HUD can be turned off by an admin if circumstances require.
Say when and we'll be in touch with next steps.
