Hoxhunt now classifies emails reported by your employees as safe when assessed with 99%+ confidence. When you enable safe classification, it resolves most reported emails automatically and sends employees an instant verdict. Analysts see only the reports that need real attention.
How this reduces analyst workload
- Most reported emails resolve without reaching the analyst queue. The majority of employee reports are benign emails: newsletters, IT announcements, known vendor messages. With safe classification enabled, these resolve automatically.
- No analyst time spent on confirmed safe reports. Safe emails do not appear in the triage queue. Your team focuses on reports that are genuinely suspicious or malicious.
- Employees get a clear verdict. Every employee who reports a safe email receives instant feedback: "This email is safe to interact with." Reporting volume stays strong because reporters get an answer, not silence.
What the safe verdict is based on
Hoxhunt Respond classifies every reported email into one of four verdicts: Malicious, Likely malicious, Possibly malicious, and Safe. The safe verdict is new.
Before safe classification, emails assessed as benign received a "possibly malicious" verdict and entered the analyst queue. Only malicious emails resolved automatically: roughly one out of five of all reports. The remaining required manual analyst review.
Now, emails assessed with high confidence to be safe receive a safe verdict and resolve automatically. Automated coverage expands to cover most reported emails. Analysts see only reports with genuine suspicion or a confirmed threat.
Hoxhunt's threat analysis model powers the safe verdict. Hoxhunt validated it against millions of reported emails, comparing results to human analyst verdicts. Accuracy on safe classifications: 99%+.
The safe verdict appears in two places:
- Instant Feedback: employees who reported the email receive a notification: "This email is safe to interact with."
- Incident Orchestration: safe reports resolve automatically and do not appear in the analyst queue.
Limitations
- Safe classification is off by default. An admin must turn it on in product settings.
- Safe emails are moved to the end user's Deleted Items folder, not returned to their inbox.
- Available to customers with Incident Orchestration or Instant Feedback.
- Safe verdicts carry 99%+ accuracy, not 100%. A small proportion of safe reports may be miscategorised.
Actions needed from you
Toggle safe classification on in your admin settings.
- Sign in to the admin console and open Response > Threat settings.
- Toggle safe classification on.
Note: Analyst triage volume will drop significantly once enabled. Notify your security team before the queue shrinks.