FireFly Email Protection is an email protection product that uses sophisticated machine learning and artificial intelligence to analyze incoming messages for signs of phishing, spam, and other email-based threats

The color-coded banners are inserted by FireFly Shield to alert you of any possible threats in your emails. The banners also display the email sender’s address and mark if an email is internal (from someone in your organization) or external. If you see these banners, it means that your IT staff has deployed FireFly Shield and included you in the group of protected users.

A gray banner indicates that FireFly Shield did not find anything unusual or suspicious about the message. Even though the message was not classified as threatening, you should always check the displayed sender address and the source type to be sure it makes sense (e.g., an external webmail address for a message from a colleague may be cause for concern). A yellow banner indicates that FireFly Shield found something unusual about the email message. It is not necessarily phishing or dangerous but something you should be aware of. For example, a request for sensitive personal information should be given extra scrutiny. Mail that seems out of the ordinary or is spammy in some way may receive a yellow banner. A red banner indicates that FireFly Shield thinks the message is suspicious and likely to be phishing or dangerous in some other way. This includes brand impersonations (e.g., a fake “account alert” email from your IT department), blocked phishing URLs, or attempts to spoof mail to look like it came from an internal company account.

Look carefully at who the mail is from and whether it is from someone you trust. Be especially careful about clicking any links in the body of the email or opening any attachments.

In most cases, you can simply delete the message and move on. In many FireFly Shield deployments, your IT staff, security team, or email administrator will configure your mail server to quarantine or delete “red-flagged” mail before it reaches your mailbox. In other cases, the mail will still be delivered with the banner telling you to be careful.

If you think FireFly Shield has made a wrong classification, or if you just want to confirm that FireFly Shield got it correct, click the “Report This Email” link found in the bottom right corner of each banner. This will take you to a web form where you can indicate that the message is truly Safe, Spam, or Phishing. You can also provide a comment describing your assessment. This feedback is used to automatically improve FireFly Shield's predictions in the future. Your submissions are also manually reviewed to improve the overall system and ensure FireFly Shield provides the most accurate security possible.