Contents hide
1 Tools Available
2 How to Evaluate Reports
3 How to Mitigate Threats
4 Dispute a Disposition
Abuse Mailbox

Managing Reported Emails

Bolster’s External Abuse Mailbox module automatically triages customer-reported emails, helping security teams quickly assess, prioritize, and mitigate threats. Here’s how to manage the reports and take action to neutralize malicious emails. 

To learn how to set up the module, see Getting Started: External Abuse Mailbox Module.

Tools Available

The External Abuse Mailbox module offers multiple tools to manage email reports and detections:

  • Dashboard Real-time view of phishing and scam detection, reported threats, and takedown progress through analytics and visualizations. 
  • Targeted Malicious Searchable, filterable view of identified threats to help analysts quickly surface risks and export data for investigation. 
  • All Email Submissions – Inbox-style audit of all reported emails, with threat analysis details for each report. 

How to Evaluate Reports

The Dashboard and Targeted Malicious view help assess reported threats, identify attack patterns, and prioritize responses. You can export the data for deeper investigation. 

Triage Customer Reports

The Dashboard provides a real-time overview of phishing and scam detection, reported threats, and mitigation progress. Security teams can quickly assess threat trends and prioritize responses.  

Navigate to Attack Surface > Abuse Mailbox > Dashboard to: 

  • See threats your customers are exposed to. 
  • Identify trends for further analysis. 

For more, see Abuse Mailbox Dashboard. 

Analyze Threats Targeting Your Brand

Use the Targeted Malicious view to filter and sort threats by severity, surfacing high-risk threats first. This structured breakdown helps you identify patterns, assess risk levels, and prioritize mitigation efforts. Security teams can connect reported threats to real security impact. 

For example, you can identify multiple reports of the same malicious link that indicate a widespread attack. When Bolster takes down a URL that’s been repeatedly flagged, it reduces your threat exposure, directly connecting mitigation efforts to ROI. 

Navigate to Attack Surface > Abuse Mailbox > Targeted Malicious to:  

  • Analyze breakdowns by threat type. 
  • Assess risk and prioritize escalation needs with key details like report count, first seen, last seen, and status. 
  • Sort and filter threat lists for deeper investigation and to correlate reports with mitigation efforts. 

Export Threat Data

On the Targeted Malicious view, select Export CSV to download a CSV file of the threat data for further analysis and reporting.

View Email Insights

On the Targeted Malicious view, click a hyperlinked threat to open its Insights page for a detailed email analysis. Review other threats found in the same email and related emails containing the same threat. These insights help security teams determine escalation needs and take proactive measures to mitigate risks. 

Review All Reported Emails

See a centralized view of all reported emails. Navigate to Attack Surface > Abuse Mailbox > All Email Submissions to: 

  • Audit all reported emails in an inbox-style format.  
  • Cross-reference email submissions with categorized threats.  
  • Select individual emails for detailed threat analysis. 

How to Mitigate Threats

To mitigate threats reported to the abuse mailbox, security teams can monitor takedown status, export threats as a CSV file, request manual takedowns, and dispute incorrect threat dispositions. 

Track Takedown Status

Monitor takedown progress for phishing URLs and malicious domains. Navigate to the Takedown Visibility Center to:  

  • Get a situational overview of every takedown in progress, including those from web, social media, app stores and dark web sources. These takedowns may be automatically initiated by Bolster or specifically requested by your organization. 
  • View and export takedowns that originated in the abuse mailbox by going to Scan Source Category and filtering by Crowd Sourced. 

Leverage File Exports

Generate a CSV file of a filtered list of threats to integrate with other security tools or use directly in mitigation actions. For example, multiple malicious phone numbers with a high report count may indicate a large-scale scam targeting customers. Use a CSV file of these phone numbers to take proactive steps—such as blocking them—to minimize harm.

Request a Takedown

If your account does not have automatic takedown enabled, you can manually request a takedown on a phishing or scam URL, or malicious sender domain.  

  1. Navigate to Attack Surface > Abuse Mailbox > Targeted Malicious.  
  2. Select the threat you want to take down to arrive at the Insights page. 
  3. Select Request Takedown in the upper-right corner. It will be available on URLs that have not already had takedown requested or completed, or if a previous takedown has been disputed.
  4. Complete and submit the request form, including your comments and evidence.

Dispute a Disposition

If you believe a threat has been incorrectly categorized, you can dispute the disposition and provide supporting evidence.  

  1. Navigate to Attack Surface > Abuse Mailbox > Targeted Malicious. 
  2. Select the relevant threat to arrive at the Insights page. 
  3. Select the Dispute link next to the current disposition.
  4. Complete and submit the dispute form, including your comments and evidence.
Updated on May 1, 2025
Was this article helpful?
Yes No
Thanks for your feedback
Related Articles
Setting Up Your Organization’s External Abuse Mailbox

This guide is for organizations that don’t yet have an external abuse mailbox but need to set one up in…
Threat Types, Intents, and Dispositions for Emails

Discover how emails are categorized in the External Abuse Mailbox module and what those categories reveal about how bad actors…
Getting Started: External Abuse Mailbox Module

Bolster’s External Abuse Mailbox module automates abuse email triage, helping security teams detect, prioritize, and mitigate threats. This guide walks…