Trellys Guide

Email Security

What Avanan does, where flagged mail goes, and what you will see when something is caught.

Powered by Check Point Harmony Email & Collaboration  ·  v1.0  ·  May 2026
Purpose

Email is the primary entry point for fraud, phishing, and malware targeting law firms and medical practices. Avanan runs in the background to filter those threats before they reach your inbox, so you can stay focused on the mail that actually matters. This guide explains what gets filtered, where it goes, and what to do if a legitimate email gets caught.

Who this is for

Anyone who uses email at the firm. No technical background required. This covers what to expect, where to find held mail, and what to do when something is caught.

What it covers

The seven threat categories Avanan handles, how email is routed, the daily digest, and how to recover a legitimate email that was caught.

45%
of all email worldwide is spam or unwanted mail
Nearly half of everything hitting your inbox has no legitimate reason to be there.
Statista, 2024
18 hrs
lost per employee per year to spam management
Time spent sorting, deleting, and second-guessing suspicious mail. Time that should go to client work.
Kaspersky, 2024
#1
phishing is now the leading cause of data breaches
16% of confirmed breaches start with a phishing email. Average breach cost: $4.8 million.
IBM Cost of a Data Breach Report, 2025
How Email Flows
1

Arrives

Email sent from the internet to your firm

2

Microsoft Baseline

Known spam signatures and obvious threats filtered

3

Avanan Scan

Advanced analysis for phishing, BEC, malware, and impersonation

4

Delivered

Inbox, Junk, or Quarantine depending on what was found

Delivered to one of:
Inbox

Delivered

Email passed all checks. Arrives normally. No action needed.

Junk Folder

Filtered

Low-risk catch such as spam or graymail. Accessible in Junk. Move it to your inbox if it is legitimate.

Quarantine

Removed and Held

Confirmed threat. Removed from your mailbox. You are notified in the daily digest.

Links are also checked at click-time. If a link in an email was clean at delivery but became malicious later, it is blocked the moment you click it and a warning page is shown instead.

Section 01

What Gets Caught

Avanan handles seven categories of threat. Serious threats are quarantined and removed. Lower-risk mail goes to Junk where it remains accessible.

Category What it is Outcome
Phishing Emails designed to steal passwords or credentials by impersonating a trusted source. Quarantine
Business Email Compromise Impersonation of a known person at your firm or a trusted vendor to redirect a payment or change banking information. Quarantine
Malware Attachments containing malicious code. Opened in an isolated environment before delivery. If the file does anything harmful, the email is removed. Quarantine
Impersonation Emails pretending to be a known contact using a look-alike domain or a spoofed display name. Quarantine
Account Takeover When an account at your firm has been compromised and is being used to send threats to others. Avanan detects the unusual behavior and blocks it before it spreads. Quarantine
Spam Unsolicited bulk mail with no legitimate business purpose. Junk Folder
Graymail Newsletters, subscriptions, and marketing campaigns. Not a threat, but routed out of the inbox to reduce clutter. Junk Folder
Section 02

Quarantine & Daily Digest

When mail is quarantined, you receive a daily summary of what was held. Here is what that looks like and what you can do from it.

Daily Security Digest  From: Check Point  ·  Once per day if mail was held

The following emails were held in the last 24 hours. Review and release any that are legitimate.

billing@acme-partners.com
Updated wire instructions, urgent
BEC
hr@company-verify.net
Your account requires immediate action
Phishing
newsletter@lawreview.org
This week in legal tech
Graymail
Preview
Request Release
Trust Sender
  • Preview: view the email securely before deciding whether to release it.
  • Request Release: for confirmed threats (phishing, malware, BEC), you can submit a release request for review. For spam and graymail, you can release directly without approval.
  • Trust Sender: adds the sender to the allow list so future mail from that address is never filtered again.
If an expected email has not arrived: check the Junk folder first. If it is not there, log in at email-security-portal.avanan.net using your Microsoft credentials to see everything held and request release without waiting for the next digest.
Trellys.
Standards Home