This article contains information on how Mimecast Email Security Cloud Integrated uses Relationship Strength and Reputation Score to assess email legitimacy and trustworthiness, without affecting detection and scanning processes.
Considerations
- Reputation and Relationship scores are not utilized in our Detection and Scanning process. However, they are generated at the moment in time when Mimecast Email Security Cloud Integrated first processes the email.
- End Users will not see notifications for these values. Instead, the information presented is an additional data point for you to help them decide how legitimate and trustworthy a particular message is.
- If a sender has been reported, you will see a Reported tab so that the you are aware that this sender has been reported (this is not updated post-scan) and reflects the sender's status across the entire graph, not just the protected organization.
What is Relationship Strength?
This score is derived from the AI graph and is used to surface whether there has been strong communication between the sender and recipients.
The social graph uses several factors to assess relationship strength (i.e. has the sender been marked as safe, has SPF passed, etc.) as well as the frequency of the sender and recipient email correspondence; at its most superficial level, this is a value showing how often the sender and recipient have emailed each other. This is an indicator that an you can use to decide if this is a legitimate email or malicious.
Relationship Strengths:
Weak: Little to no correspondence between Sender and Recipient(s).
Moderate: Some correspondence between Sender and Recipient(s).
Strong: Frequent correspondence between Sender and Recipient(s).
What is the Reputation Score?
This score is intelligently calculated to provide a score for the sender's reputation based on the inbound and outbound communication patterns with the protected organization for the period Mimecast has scanned emails. We assume a sender is considered trustworthy if they have balanced communications; for example, where a sender has had most of their emails replied to, we will see a similar volume of emails sent to the sender as they received, which implies high trustworthiness.
Conversely, the opposite means low trustworthiness, where a sender has sent emails to the organization but has not received replies. The system also considers the number of recipients who marked the Sender as Safe, so the system adapts based on the end-user feedback.
Reputation Score Meanings:
No History: This sender has not sent or received enough emails to make a judgment.
Weak: The communication pattern needs to be more balanced with this sender. For example, they have sent high volumes of inbound emails. Still, no one has responded (significantly more email activity in one direction than the other, resulting in a Weak reputational score.)
Strong: There have been balanced communications with the sender and the organization (similar amounts of inbound and outbound emails to and from the sender, providing a Strong reputation score.)
Comments
Please sign in to leave a comment.