How It Works

A gateway computer system receives incoming messages from a sender’s message system before they enter the recipient’s perimeter. The gateway analyzes each message according to warning criteria and adds a link to an image hosted on a Safe Image Server. The modified message—now containing the image link—is delivered to the recipient’s message system.

When the recipient opens the email, their client retrieves the image from the Safe Image Server and displays it. Because the image is fetched at view time from an external server, it can be dynamically changed—even after the email has been delivered and is sitting in the recipient’s inbox.

This technology extends the gateway-based systems used in behavior analytics and breach detection with a visual indicator layer.

What Makes It Different

• Dynamic at view time: the image is retrieved when the email is opened, so what’s displayed can change after delivery to reflect updated threat intelligence.
• Safe Image Server: images are served from a dedicated, controlled server rather than embedded in the message, reducing risk from malicious image content.
• Gateway-level injection: the image link is added at the transport layer before the message enters the recipient’s perimeter, covering all users without client plugins.
• Warning criteria analysis: the gateway evaluates messages against configurable warning criteria to determine what visual indicator to apply.

Why It Matters

Email security is usually a one-shot decision—a message is either blocked or delivered. But threat intelligence is constantly evolving. This technology bridges that gap, allowing security teams to communicate updated risk information to users through visual indicators in emails they’ve already received.

It’s real-time risk communication, delivered where people actually look—inside the email itself.