What are the steps for filtering emails received by a protected user?
The antivirus filter: we check the content and attachments for the presence of potentially malicious software.
Keyword filtering (if configured): blocking of a word contained in the email subject.
RBL check: we check the reputation of an IP by verifying RBL lists that reference IPs known for sending spam (Blacklisting).
SPF check: this is an anti-spoofing control based on the sender's IP. We verify if the IP sending the email is legitimate to send on behalf of the sender's domain.
Authorized/Banned sender list check: unknown senders receive an authentication request. If they do not respond, the email is categorized as "pending". The recipient user of the email then has the option to retrieve this email from their digest or personal interface. Banned senders are directly categorized as Banned. Authorized senders are categorized as Valid to be delivered to the mail server.
Secure Link: it's an analysis of the link at the time of clicking on it. It warns the user if the link turns out to be dangerous.
In detail :
As a reminder, adding an address to the authorized/banned senders list does not exempt it from antivirus and antispam checks, which occur prior to sender verification. Adding a sender exempts them from the authentication request. An authorized/banned sender can still be categorized as spam/infected.
Tips: You can check the steps through which the email passes using access managers by going to the "Protect" interface, then the "Emails" tab, and finally "Trace" at the end of the line.