MSPs dig in where needed. Users learn from real emails in real time—no phishing simulations required. X-ray provides a fully isolated view of any message in seconds. Click the insight cards to learn what Shield found and why it matters in plain English. Safely preview potentially harmful content and switch tabs to investigate links, files, and delivery details.
Take a deeper look inside your message.
Robert Harmon <rharmon@acmecorp-mail.net>
New Sender
Quick favor — need you to handle something
11:55 AMHey — I'm in back-to-back meetings all afternoon and can't make calls. Need you to take care of a vendor payment for me before EOD. It's time-sensitive.
I'll explain everything later but just need you to initiate the wire now so we don't miss the window. Details are in the instructions below.
View payment instructions
Don't loop in anyone else on this yet — I'll brief the team once it's done. Thanks for handling it.
— Rob
You locked this message just now. The content is hidden until you unlock it.
This email was sent from an untrusted region.
A lot of bad email comes from foreign countries, so tracing the origin can be one of the quickest and easiest ways to tell if an email is safe.
If you don't think Robert Harmon would have sent you an email from Singapore, be extra cautious if you open or reply to this message.
This message claims to be from Robert Harmon, but it's not really him.
Email impersonation is a deceptive technique where an attacker disguises the source of an email to make it appear as if it is coming from a different sender. It is commonly used for phishing scams or to distribute malware by tricking recipients into believing the email is legitimate.
This message appears to be spam.
Spam comes in many forms including advertising, phishing, malware, and scams. It's often sent in bulk. This message looks like spam but it's not obvious.
Occasionally, email you want will look like spam. If this is from a legitimate sender, you can trust them to always receive their messages. If you never want to receive email from this sender, you can silence them.
The source of this message is unauthorized to send email for acmecorp.com.
Organizations publish a list of sources that are allowed to send email. Being aware of the source can be helpful when determining if a sender is legitimate.
This email came from a source that is NOT on the list of senders for acmecorp.com.
Also, the sender domain is not the same as the domain that shows in the from address (acmecorp.com). This may be an attempt to hide the true sender on a forged email.
This message came from a server that has a bad reputation for sending abusive email.
When an email comes from a server with a bad reputation, it is often because the server has been compromised and is being used to send spam without the owner's knowledge. It can also be because the server is intentionally sending spam. Either way, this is a bad sign.
Your privacy is protected. Shield blocked 3 trackers in this email.
The trackers embedded in this email can report back to the sender with information like if you opened the email, when you opened it, where you are located, and how you opened it. Shield blocked these trackers to protect your privacy.
There are no files attached to this message.
"Keep unlocked"
This email is unlocked and viewable in your inbox. You can lock it to protect any sensitive or private content. This email is locked and protected in your mailbox.
Subject: | Quick favor — need you to handle something |
Sender: | rharmon@acmecorp-mail.net |
From: | Robert Harmon <rharmon@acmecorp-mail.net> |
To: | sarah.chen@acmecorp.com |
Origin: | 198.51.100.47 (mail-sg14.acmecorp-mail.net) by acmecorp-mail.net |
Decision: | Jailed |
Reason: | High security risk — impersonated sender |
Created at: | Wed, 04 Mar 2026 11:55:08 +0000 |
Message ID: | <20260304115523.A4F812B490DE7C21@acmecorp-mail.net> |
SPF: | Fail — acmecorp-mail.net not authorized for acmecorp.com |
DKIM: | Fail |
DMARC: | Fail |
Headers: |
Copies header information to your clipboard for easier investigation.
|
Received: from acmecorp-mail.net (mail-sg14.acmecorp-mail.net [198.51.100.47])
by frontline.shield.security (Haraka/3.1.1) with ESMTP id A9F3BC12-7741-4D2E-9C03-BD8821F04A17.1
envelope-from <rharmon@acmecorp-mail.net>; Wed, 04 Mar 2026 11:55:08 +0000
X-Shield-Authentication-Results: {"dkim":"fail","spf":"fail","dmarc":"fail","arc":"none","bimi":"skipped","auth_results":"ip-10-10-22-115.us-east-2.compute.internal;\r\n
dkim=fail (signature verification failed);\r\n spf=fail
(ip-10-10-22-115.us-east-2.compute.internal: acmecorp-mail.net is not
authorized to send on behalf of acmecorp.com)\r\n
smtp.mailfrom=rharmon@acmecorp-mail.net
smtp.helo=acmecorp-mail.net;\r\n dmarc=fail header.from=acmecorp.com;\r\n bimi=skipped (DMARC
not enabled)"}
Date: Wed, 04 Mar 2026 11:55:05 +0000
From: Robert Harmon <rharmon@acmecorp-mail.net>
To: sarah.chen@acmecorp.com
Message-ID: <20260304115523.A4F812B490DE7C21@acmecorp-mail.net>
Subject: Quick favor -- need you to handle something
MIME-Version: 1.0
Content-Type: text/html;
charset=utf-8
Content-Transfer-Encoding: quoted-printable Relay to acmecorp-mail365.mail.protection.outlook.com was delivered
Mar 4, 2026
11:55:23 AM
Shield decided the message should be jailed
Mar 4, 2026
11:55:14 AM
Shield examined the email
Mar 4, 2026
11:55:14 AM
Message received by Shield
Mar 4, 2026
11:55:14 AM
Message authentication checked
Mar 4, 2026
11:55:14 AM
Connection from mail-sg14.acmecorp-mail.net (198.51.100.47)
Mar 4, 2026
11:55:14 AM
You can open X-ray directly from the Heads-Up-Display at the top of any email. Just tap or click the HUD banner and you're in.
The same color-coded icons from the HUD carry over into X-ray as insight cards. Each one represents something specific Shield detected, explained in everyday terms rather than technical shorthand. For example, "SPF fail" is replaced with "this email came from a source that is not on the list of approved senders for xyz.com."
Yes, and more. X-ray's deep link analysis scans every URL in the redirect chain until it arrives at the final destination. Users are provided a summary of all links included in the email with the ability to open an image-based preview to safely see where they lead. It's another way Shield enhances visibility into messages while still keeping users safe.
Absolutely, just not in the way you might expect. Every time users go into X-ray, it shows them exactly why something might be suspicious and teaches better security habits in real time. Instead of quarterly "trainings" and fake phishing injections, users can investigate the real emails they receive every day in a safe, isolated environment. Teaching isn't forced— learning happens organically.
Lockbox gives your most sensitive messages their own vault. Locking a message redacts sensitive content and replaces it with a placeholder that only MFA (Multi Factor Authentication) can unlock. Check it out.
Say when and we'll be in touch with next steps.