ZoxrimZoxrim
Features

Email Monitor

Set up automated email scanning to detect phishing, spam, and malicious attachments.

The Email Monitor is Zoxrim's automated inbox protection system. Once connected, it analyzes every incoming email in real time — checking sender authentication, link reputation, and attachment behavior — and alerts you before you interact with anything dangerous.

Connecting Your Email Account

Zoxrim supports three email providers: Gmail, Microsoft Outlook, and any IMAP-compatible mail server.

Gmail

  1. Open Zoxrim and navigate to Email Monitor in the left sidebar
  2. Click Connect Account, then select Gmail
  3. A browser window opens and redirects you to Google's OAuth authorization page
  4. Sign in to the Google account you want to protect and review the requested permissions — Zoxrim requests read-only access to message headers and metadata only
  5. Click Allow to grant access
  6. You are redirected back to Zoxrim, where the account appears in your connected accounts list

Gmail connections use OAuth 2.0. Zoxrim never stores your Google password, and you can revoke access at any time from your Google account's security settings.

Microsoft Outlook

  1. Click Connect Account, then select Outlook / Microsoft 365
  2. You are redirected to Microsoft's OAuth consent page
  3. Sign in with your Microsoft account and accept the permissions request
  4. The account appears in your connected accounts list immediately after authorization

Outlook connections support both personal Microsoft accounts and Microsoft 365 business accounts with IMAP access enabled by your organization.

Custom IMAP

For any email provider that supports IMAP (ProtonMail Bridge, Fastmail, Zoho Mail, self-hosted servers, etc.):

  1. Click Connect Account, then select IMAP / Custom
  2. Enter the following details:
    • IMAP Server: Your provider's IMAP hostname (e.g., imap.fastmail.com)
    • Port: Usually 993 for SSL/TLS or 143 for STARTTLS
    • Username: Your full email address
    • Password: Your account password or app-specific password
    • Encryption: Select SSL/TLS (recommended) or STARTTLS
  3. Click Test Connection to verify the credentials before saving
  4. Click Save to activate monitoring

For providers that support app-specific passwords (Fastmail, iCloud, etc.), use an app-specific password instead of your main account password.

Configuring Auto-Scan

Once an account is connected, auto-scan is enabled by default. You can adjust behavior from Email Monitor > Settings:

  • Scan frequency: Choose between real-time (recommended, checks each email as it arrives), every 5 minutes, or manual only
  • Scan depth: Standard (headers and link reputation only) or Deep (also follows links and analyzes page content). Deep scan is available on Starter plans and above
  • Notification threshold: Set the minimum severity level that triggers a desktop notification — All threats, Suspicious and above, or Dangerous only

Auto-scan runs silently in the background. It does not open, mark, move, or delete emails — Zoxrim only reads and analyzes, never modifies.

Trusted Senders

The trusted senders list lets you mark specific email addresses or entire domains as permanently safe. Emails from trusted senders are logged but skip the full threat analysis pipeline, which reduces noise for high-volume newsletters and internal company communications.

To add a trusted sender:

  1. Go to Email Monitor > Trusted Senders
  2. Click Add Trusted Sender
  3. Enter an email address ([email protected]) or a full domain (@yourcompany.com)
  4. Click Save

You can also add a sender directly from a flagged alert: open the alert, click the sender address, and select Mark as Trusted. Existing alerts from that sender are not retroactively cleared.

To remove a trusted sender, click the trash icon next to the entry in the Trusted Senders list.

Interpreting Alerts

When Zoxrim detects a threat in an incoming email, an alert appears in the Email Monitor > Alerts panel and, if enabled, as a desktop notification. Each alert contains:

  • Sender: The From address and display name, with a note if display name spoofing is detected
  • Subject: The email subject line
  • Threat type: Classification such as Phishing Link, Malicious Attachment, Spoofed Sender, or Suspicious Pattern
  • Risk score: A 0–100 score, consistent with the URL scanner's scoring scale
  • AI Explanation: A plain-language summary of what was found and why it was flagged (Starter and Pro plans)
  • Evidence: The specific URLs, attachment hashes, or header anomalies that triggered the alert

Authentication failures are also reported: SPF Fail, DKIM Fail, and DMARC Fail indicators appear in red when the email did not pass the sender's declared authentication policy.

Actions When a Threat Is Detected

Zoxrim does not automatically delete or move emails — all remediation decisions remain with you. From any alert, you have the following options:

  • View in email client: Opens a deep link to the original email in Gmail, Outlook, or your default mail app
  • Mark as safe: Dismisses the alert and adds the sender to your trusted list (use this for false positives)
  • Report as phishing: Submits the alert details to Zoxrim's threat intelligence database to improve detection for all users
  • Block sender: Adds the sender to your block list; future emails from this address will be auto-flagged at maximum severity
  • Export alert: Downloads the full alert as a JSON file for incident documentation or SOC reporting (Pro and Enterprise plans)

For teams using webhooks, Zoxrim can push alert payloads to a Slack channel, Microsoft Teams, or any HTTP endpoint in real time. Configure webhooks from Settings > Integrations > Webhooks.

Previous

URL Scanner

Next

API Reference

Need help? Contact support or visit our security blog.