Blogs & Stories

Trustwave Blog

The Trustwave Blog empowers information security professionals to achieve new heights through expert insight that addresses hot topics, trends and challenges and defines best practices.

MailMarshal Upgrade Boosts ‘Hard to Detect’ Phishing by 40%

Trustwave MailMarshal has received a major upgrade to version 10.0.5 adding proprietary technologies to greatly increase the security tool’s ability to detect phishing emails, spam and malicious URLs.

MailMarshal is already highly effective against phishing, but the new version’s phishing detection ability is boosted by being able to detect 40% of previously ‘hard to detect' samples. This increase is extremely important as email is one of the primary threat vectors exploited by threat actors. Such hard-to-detect phishing emails include those from compromised Microsoft 365 accounts, and otherwise legit email senders.

Overall, MailMarshal is capable of detecting 99.99% of all email-based threats.

The new features are PhishFilter, and URLDeep which are being added to MailMarshal’s other defensive layers to provide the highest-level of protection possible from email-based threats.

On-premise customers must upgrade manually to get the new 10.0.5 version. However, PhishFilter files were pushed out to all on-premise customers, and they can enable it without being on version 10.0.5.

MailMarshal Cloud customers have been using the PhishFilter for the last six months.


PhishFilter is a new proprietary filter developed and maintained by SpiderLabs Research that adds an additional layer of defense against phishing messages.

The tool is heuristic, scoring-based, and looks at more than 1,000 tell-tale fingerprints and traits used by phishing actors, including headers and message structures, to pick out dangerous email items.

Scores are optimized using machine learning based on data pulled from real phishing emails.


URLDeep is a phishing URL classifier and is one of the tools used by PhishFilter to identify suspect URLs within emails. URLDeep is based on Deep Learning techniques and trained on a huge corpus of previously discovered phishing URLs. This information allows URLDeep to calculate the probability of a URL being phishing-related and then feed this intelligence into the PhishFilter.

How MailMarshal Protects Clients

MailMarshal uses a layered defense approach to protect organizations’ email systems. MailMarshal runs every inbound email through 11 separate layers to help protect against spam, email-delivered malware, phishing and BEC attacks on-premise and in the cloud.

The layers are:

  • IP ReputationSpamProfiler
  • Email Threats
  • Advanced Malware and Exploit Detection
  • Antivirus Engine
  • SpamCensor
  • BEC Filter
  • PhishFilter+URLDeep
  • Suspect URLs
  • Sandbox
  • Email Policy Settings

Each of the millions of emails that arrive each day in MailMarshal are broken down into their component parts, such as message header, message body, raw HTML, URLs, images, and attachments, which are then examined to find any potential threats.

As MailMarshal processes emails, the system scores each item, and if a certain threshold is reached, the email is flagged or quarantined. This activity all happens in milliseconds and does not slow down email processing. In addition, real-time URL scanning takes place when a user clicks on a link in a delivered email to ensure it is safe.

The layered defense detects 99.99% of incoming spam and malware, with near-zero false positives. This already very high success rate can be boosted even further when MailMarshal is used in tandem with

The takeaway is that when it comes to email security, please do not be complacent sitting behind a single defensive barrier; build your wall higher.

Trustwave MailMarshal Secure Email Gateway Trial

Trustwave MailMarshal Secure Email Gateway Trial

Capture 99.99% of malware and exploits with extensive policy controls & layered protection against email-based threats.

Start Free Trial