Email Headers Check - Generic

This playbook executes one sub-playbook and one automation to check the email headers: - **Process Microsoft's Anti-Spam Headers** - This playbook stores the SCL, BCL and PCL scores if they exist to the relevant incident fields (Phishing SCL Score, Phishing PCL Score, Phishing BCL Score). - **CheckEmailAuthenticity** - This automation checks email authenticity based on its SPF, DMARC, and DKIM.

Common Playbooks · 9 tasks · 2 inputs · 2 outputs

Inputs

  • AuthenticateEmail — Whether the authenticity of the email should be verified using SPF, DKIM and DMARC.
  • CheckMicrosoftHeaders — Whether to Check Microsoft headers for BCL/PCL/SCL scores and set the "Severity" and "Email Classification" accordingly.

Outputs

  • Email.AuthenticityCheck — Possible values are: Fail / Suspicious / Undetermined / Pass
  • Email.MicrosoftHeadersSeverityCheck — Possible Values: Medium: PCL or BCL scores are equal to or greater than 4. High: BCL score is equal to or greater than 8.

Commands used

setIncident

Flowchart

yes yes Start Start Should the email be authenticated? Should the email be authe... Email Authenticity Check Email Authenticity Check Authenticate email - CheckEmailAuthenticity Authenticate email CheckEmailAuthenticity Save authenticity check result to incident field - setIncident Save authenticity check r... setIncident Microsoft's Headers Check Microsoft's Headers Check Check Microsoft's Headers? Check Microsoft's Headers? Process Microsoft's Anti-Spam Headers - Process Microsoft's Anti-Spam Headers Process Microsoft's Anti-... Process Microsoft's Anti-Spam... Done Done