Welcome to the Glossary! Whether you're already familiar with some of these terms or you're just becoming acquainted, our top-level glossary is a great resource for learning all of the relevant goods. Scroll through the full list below, search by term, or select by individual letter.

Account Takeover (ATO)

The process of taking unauthorized possession of online accounts using stolen credentials by cybercriminals with the intent of launching email-borne attacks.

Adaptive Redaction

A process involving the identification of critical or confidential information and cyber threats which are either redacted or sanitized to allow the ongoing flow of communication with no disruption.


A sanitization feature operating at the appliance level that detects and cleans exploited images containing nearly undetectable malicious text, hidden code, or malware that flow in and out of the network that are typically not noticed.

Application Programming Interface (API)

A software interface that allows two or more computer programs or components to integrate by communicating with each other. In this case, it allows a SIEM or SOAR (see glossary under "S") to easily ingest threat data to quickly remediate attacks.

Artificial Intelligence (AI)

This scientific application simulates human intelligence by leveraging algorithms, data, and computational power so that hardware and software can perform human-like tasks like learning, reasoning, problem solving, perception, and language interpretation.

Automated Remediation

After attack or threat incidents are reported, an automated workflow takes place, including investigative analysis and triage, minimizing manual efforts to accelerate time-to-containment.

Brand Indicators for Message Identification (BIMI)

A standard that places a verified and approved logo next to the sender "From" address to authenticate a trusted message from the sending domain, thus helping reinforce brand recognition.

Business Email Compromise (BEC)

These highly targeted, sophisticated attacks leverage a combination of phishing and social engineering tactics to trick unwitting recipients into taking action, such as wiring money to the scammer, and can be extremely tough to spot to the untrained eye.


An automated process in Fortra's Global Inbox Threat Intelligence feeds by which indicators of compromise are utilized to detect and proactively remove, or claw-back, threats that make it into multiple inboxes across an organization and suspends them.

Cloud Email

An email communication and storage system that is hosted or migrated to the cloud and is separate from an enterprise's private communication infrastructure.

Computer Vision

A subset of artificial intelligence that centers on the ability to perceive and understand objects and data in images and video in order to perform and automate tasks that replicate human capabilities.

Cyber Kill Chain

A system based on a chain of events specific to targeting data assets in cybersecurity using the following phases – notably from reconnaissance, weaponization, delivery, exploitation, installation, commanding & controlling, and taking action.

Data Breach

This is a type of attack where cybercriminals bypass existing security controls to target and exploit a user's trust to gain access to their network with the goal of stealing sensitive data.

Data Leak

This is generally an accidental leak of sensitive data, including personally identifiable information (PII - see glossary under "P") like credit card numbers, etc., that can happen when transmitting in outbound emails or when sharing files outside of an organization.

Data Loss Protection (DLP)

A technique that inspects content within a file, email, application, etc. to classify it while at rest (in storage), in use (during an operation), or in transit (across a network).

Data Science

The organized study that extracts significant insights using an amalgam of principles from mathematics, statistics, artificial intelligence, and computer engineering in order to analyze large amounts of data, such as email header data and metadata.

Domain Impersonation

Various techniques used by threat actors that impersonate an organization's domains, through the use of look-alike domains or email spoofing, with the aim of getting into user inboxes to manipulate them into giving away access or sensitive information.

Domain Name System (DNS) Server

This serves as the contact directory of the Internet by translating the characters (or URL) a user types by converting a domain name into an IP address so the website can be located.

Domain-based Message Authentication, Reporting, and Conformance (DMARC)

An email authentication protocol that helps identify and quarantine malicious emails to prevent fraudulent use of legitimate brands, spam, and email spoofing.

DomainKeys Identified Mail (DKIM)

An email authentication technique that uses your domain name to sign your emails with a digital “signature” so your customers know it’s really you sending those emails and that they haven’t been altered in transit.

Email Archiving

A measure that helps customers safeguard their critical information found within email in order to protect their intellectual property and brand reputation, while ensuring compliance, legal discovery, and streamlined business efficiencies.

Email Continuity

A capability that offers continued access through a backup system so that emails can still be sent and received, even if there is a server outage or some discrepancy in operation (such as with Exchange).

Email Data Loss

The inadvertent loss or malicious leaking of data via email transmission, which can lead to unauthorized access to sensitive information.

Email Header Data

The various components contained in the email header data, including the "From" sender display name and webmail address, date/time sent, To address, the subject line, local email prefix identifier, domain portion of email, and brand within the suffix.

Email Security

The technology and policies designed to protect email content and communication from cyber threat attacks by leveraging solutions that can universally operate in cloud, on-premise, and hybrid email environments.

Email Spoofing

One of the most common forms of identity deception in cybercriminal activity and one of the easiest to execute, where threat actors impersonate domains by forging an email's sender address in phishing and spam attacks.


One of the main ways to send secure email sent over the Internet so that they maintain confidentiality, message or attachment integrity, and non-repudiation when it comes to proving their security and adhering to the law.

Feature-Engineered Models

A type of machine learning models that analyze and improve performance for the individual measurable properties of input data that are instrumental in making predictions or performing tasks through greater interpretability.

Graylisting (or Greylisting)

The practice by email service providers where a mail transfer agent (MTA) temporarily rejects any email from a sender it does not recognize or unknown IP, and sets up a delay in delivery.

Graymail (or Greymail)

This term is used for spam-like emails that fall into the grey area of legitimacy and being unwanted, that users typically don't open or click through – such as marketing alerts and newsletters.

Hybrid Architecture

A type of cloud environment that combines on-premise appliances, as well as private and public cloud storage that comes together in one single IT infrastructure. 

Identity-Based Attack

A category of tactics and techniques used by threat actors that use deceptive practices to exploit the identity of trusted colleagues and brands, including phishing, business email compromise, and account takeover-based attacks.

Inline Deployment

This type of deployment in email architecture sits along (or in line with) the SMTP chain, interacting with emails as they come in and evaluating them before they reach the inbox.

Insider Threat

An advanced attack that is usually inadvertently caused by employees when sharing or clicking malicious emails, links, attachments, etc., including spear phishing, social engineering, and account takeover-based attacks.

Integrated Cloud Email Security (ICES)

A multi-tiered architecture for cloud-based email security that supplements the native capabilities of a cloud email provider through the use of APIs and machine learning models and processing for attack detection.

Large Language Models (LLMs)

Models designed to understand language in a human-like fashion by training on massive amounts of text data to learn patterns, relationships, and contextual information in language, and then making judgments about them.