Managing Reported Emails

Bolster’s Customer Abuse Mailbox module automatically triages customer-reported emails, with most remediation actions initiated automatically by Bolster. This helps security teams quickly assess, prioritize, and mitigate threats. Here’s how to manage the reports so you can quickly assess threats and take any action needed.

To learn how to set up the module, see Getting Started: External Abuse Mailbox Module.

Tools Available

The Customer Abuse Mailbox module offers multiple tools to manage email reports and detections:

• Dashboard – Real-time view of phishing and scam detection, reported threats, and takedown progress through analytics and visualizations. 
• Targeted Malicious –Searchable, filterable view of identified threats to help analysts quickly surface risks and export data for investigation. 
• All Email Submissions – Filterable inbox-style audit of all reported emails, with threat analysis details for each report. 
• Report Generator – Dashboard button that creates an executive summary.
• (optional) Email Notification – Add-on feature that, when enabled, automatically emails the person who reported the threat letting them know the verdict.

How to Evaluate Reports

The Dashboard and Targeted Malicious view help assess reported threats, identify attack patterns, and prioritize responses. You can export the data for deeper investigation. 

Triage Customer Reports

The Dashboard provides a real-time overview of phishing and scam detection, reported threats, and mitigation progress. Security teams can quickly assess threat trends and prioritize responses.  

Navigate to Attack Surface > Abuse Mailbox > Dashboard to: 

• See threats your customers are exposed to. 
• Click a widget to drill into the underlying data.
• Identify trends for further analysis. 

For more, see Abuse Mailbox Dashboard. 

Analyze Threats Targeting Your Brand

Use the Targeted Malicious view to filter and sort threats by severity, surfacing high-risk threats first. This structured breakdown helps you identify patterns, assess risk levels, and prioritize mitigation efforts. Security teams can connect reported threats to real security impact. 

For example, you can identify multiple reports of the same malicious link that indicate a widespread attack. When Bolster takes down a URL or sender domain that’s been repeatedly flagged, it reduces your threat exposure, directly connecting mitigation efforts to ROI. 

Navigate to Attack Surface > Abuse Mailbox > Targeted Malicious to:  

• Analyze breakdowns by threat type.
• Assess risk and prioritize escalation needs with key details like report count, first seen, last seen, and status. 
• Sort and filter threat lists for deeper investigation and to correlate reports with mitigation efforts. 
• Use the Status column to monitor URLs that have been taken down, and Sender Domains that have been taken down or had their MX removed (so they cannot send emails).

Export Threat Data

On the Targeted Malicious view, select Export CSV to download a CSV file of the threat data for further analysis and reporting.

View Email Insights

On the Targeted Malicious view, click a hyperlinked threat to open its Insights page for a detailed email analysis. Review other threats found in the same email and related emails containing the same threat. These insights help security teams determine escalation needs and take proactive measures to mitigate risks. 

Review All Reported Emails

See a centralized view of all reported emails. Navigate to Attack Surface > Abuse Mailbox > All Email Submissions to: 

• Audit all reported emails in an inbox-style format.  
• Cross-reference email submissions with categorized threats.
• Filter emails by category, threat type, subject, and more.
• Select individual emails for detailed threat analysis. 

How to Mitigate Threats

Bolster automatically initiates remediation of malicious URLs and sender domains, so you don’t have to take any action. But you can export data as CSV for further mitigation, dispute incorrect verdicts, and stay aware of trends. You do not need to manually review or act on every reported email.

Leverage File Exports

Generate a CSV file of a filtered list of threats to integrate with other security tools or use directly in mitigation actions. For example, multiple malicious phone numbers with a high report count may indicate a large-scale scam targeting customers. Use a CSV file of these phone numbers to take proactive steps—such as blocking them—to minimize harm.

Request a Takedown

If your account does not have automatic takedown enabled, you can manually request a takedown on a phishing or scam URL, or malicious sender domain.  

1. Navigate to Attack Surface > Abuse Mailbox > Targeted Malicious.  
2. Select the threat you want to take down to arrive at the Insights page. 
3. Select Request Takedown in the upper-right corner. It will be available on URLs and sender domains that have not already had takedown requested or completed, or if a previous takedown has been disputed.
   
4. Complete and submit the request form, including your comments and evidence.
   

Dispute a Disposition

If you believe a threat has been incorrectly categorized, you can dispute the disposition and provide supporting evidence.  

1. Navigate to Attack Surface > Abuse Mailbox > Targeted Malicious. 
2. Select the relevant threat to arrive at the Insights page. 
3. Select the Dispute link next to the current disposition.
   
4. Complete and submit the dispute form, including your comments and evidence.