Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

MailMarshal Upgrade Boosts ‘Hard to Detect’ Phishing by 40%

Trustwave MailMarshal has received a major upgrade to version 10.0.5 adding proprietary technologies to greatly increase the security tool’s ability to detect phishing emails, spam and malicious URLs.

MailMarshal is already highly effective against phishing, but the new version’s phishing detection ability is boosted by being able to detect 40% of previously ‘hard to detect' samples. This increase is extremely important as email is one of the primary threat vectors exploited by threat actors. Such hard-to-detect phishing emails include those from compromised Microsoft 365 accounts, and otherwise legit email senders.

Overall, MailMarshal is capable of detecting 99.99% of all email-based threats.

The new features are PhishFilter, and URLDeep which are being added to MailMarshal’s other defensive layers to provide the highest-level of protection possible from email-based threats.

On-premise customers must upgrade manually to get the new 10.0.5 version. However, PhishFilter files were pushed out to all on-premise customers, and they can enable it without being on version 10.0.5.

MailMarshal Cloud customers have been using the PhishFilter for the last six months.


PhishFilter is a new proprietary filter developed and maintained by SpiderLabs Research that adds an additional layer of defense against phishing messages.

The tool is heuristic, scoring-based, and looks at more than 1,000 tell-tale fingerprints and traits used by phishing actors, including headers and message structures, to pick out dangerous email items.

Scores are optimized using machine learning based on data pulled from real phishing emails.


URLDeep is a phishing URL classifier and is one of the tools used by PhishFilter to identify suspect URLs within emails. URLDeep is based on Deep Learning techniques and trained on a huge corpus of previously discovered phishing URLs. This information allows URLDeep to calculate the probability of a URL being phishing-related and then feed this intelligence into the PhishFilter.

How MailMarshal Protects Clients

MailMarshal uses a layered defense approach to protect organizations’ email systems. MailMarshal runs every inbound email through 11 separate layers to help protect against spam, email-delivered malware, phishing and BEC attacks on-premise and in the cloud.

The layers are:

  • IP ReputationSpamProfiler
  • Email Threats
  • Advanced Malware and Exploit Detection
  • Antivirus Engine
  • SpamCensor
  • BEC Filter
  • PhishFilter+URLDeep
  • Suspect URLs
  • Sandbox
  • Email Policy Settings

Each of the millions of emails that arrive each day in MailMarshal are broken down into their component parts, such as message header, message body, raw HTML, URLs, images, and attachments, which are then examined to find any potential threats.

As MailMarshal processes emails, the system scores each item, and if a certain threshold is reached, the email is flagged or quarantined. This activity all happens in milliseconds and does not slow down email processing. In addition, real-time URL scanning takes place when a user clicks on a link in a delivered email to ensure it is safe.

The layered defense detects 99.99% of incoming spam and malware, with near-zero false positives. This already very high success rate can be boosted even further when MailMarshal is used in tandem with

The takeaway is that when it comes to email security, please do not be complacent sitting behind a single defensive barrier; build your wall higher.



Trustwave MailMarshal Secure Email Gateway Trial

Capture 99.99% of malware and exploits with extensive policy controls & layered protection against email-based threats.


Latest Trustwave Blogs

DOJ Disrupts Russian Botnet Created Using Unchanged Admin Credentials

The US Justice Department conducted a court-authorized operation in January that thwarted an on-going Russian GRU botnet campaign that used unchanged publicly known default administrator passwords to...

Read More

Lessons to be Learned: Attacks on Higher Education Proliferate

Trustwave SpiderLabs is wrapping up a multi-month investigation into the threats facing the education sector, across higher education, primary and secondary schools. Trustwave will post the 2024...

Read More

Understanding Why Supply Chain Security is Often Unheeded

Many organizations downplay the critical aspect of whether their cybersecurity provider has the ability to properly vet a third-party vendor's cybersecurity posture.

Read More