Threat actions

When PhishNet flags an email, the result panel shows one or more action buttons. Here's what each one does.

Report phishing

Marks the email as a confirmed phishing attempt and moves it to quarantine. This also contributes signal back to PhishNet's threat detection — reporting helps protect other users.

Use this when you're confident the email is malicious and want to make sure it can't cause harm.

Block sender

Adds the sender's email address to your personal blocked list. Future emails from that address will be flagged at high risk, regardless of their content.

This is useful for persistent senders that PhishNet flags repeatedly. You can review your blocked senders from your account settings at phishnet.ai.

Quarantine

Moves the email out of your inbox and into quarantine without reporting it. The email is preserved — you can review and restore it later if needed.

This is the right action when you're unsure about an email but don't want to leave it in your inbox while you decide.

Restore

Available on quarantined emails. Moves the email back to your inbox and marks it as reviewed. Use this if you've reviewed a quarantined email and confirmed it's legitimate.

Dismiss

Closes the PhishNet panel without taking action. The email stays in your inbox and the scan result is recorded. Dismiss is appropriate for low-confidence flags on emails you recognise as legitimate.

Report phishing​

Block sender​

Quarantine​

Restore​

Dismiss​

Report phishing

Block sender

Quarantine

Restore

Dismiss