MX · Module

Email protection

Name: Protoxol Email protection
Brand: Protoxol
Availability: PreOrder

Inbound analysis. URL & attachment sandboxing. BEC defense.

Overview

What MX does.

Email Protection inspects every inbound message, attachment and URL via API integration with Microsoft 365 and Google Workspace — no MX record changes required. Suspicious URLs are detonated in an isolated sandbox; attachments are statically and dynamically analyzed; sender reputation, header anomalies and tone-of-voice are all scored. When a user clicks anyway, the click becomes an EDR signal in the same timeline.

Features

Inside MX.

API-native integration

Microsoft Graph + Google Workspace API. No MX rerouting, no DNS surgery.

URL sandboxing

Detonate suspicious links in isolated VM. Catch credential phish and drive-by malware.

BEC detection

Sender reputation, tone analysis, financial keyword scoring, lookalike domain matching.

User-reported phish flow

One-click report from Outlook/Gmail plugin into the same SOC queue.

Auto-remediation

Pull malicious mail from all recipients' inboxes when a phish is confirmed, with audit.

Use cases

Where MX earns its keep.

Phishing protection

Pre-delivery scoring stops 99%+ before user sees the message.

BEC and CEO fraud

Behavioral models flag wire-transfer requests from impersonated execs.

Account takeover defense

Detect impossible-travel OAuth grants, mass forwarding rules, MFA bombing.

Technical specs

MX under the hood.

Integration	M365 Graph API, Google API
Detection latency	Pre-delivery in under 8s p95
Sandbox capacity	100k URL detonations / hour
Languages	12 languages tone-aware

The landscape

Where the market stands today.

Email is still the #1 initial access vector. Most email security vendors focus on phishing detection but treat the rest of the stack as someone else's problem. Protoxol Email feeds every signal back into the same correlation engine.

Vendor	Strength	Tradeoff
Proofpoint	Best-in-class anti-phishing. Rich threat data.	Expensive. Slow to integrate with broader SOC.
Abnormal Security	Strong BEC and account takeover detection.	Email-only — siloed from endpoint/network signals.
Microsoft Defender for Office	Tight M365 integration. Bundled licensing.	Weaker against modern BEC. UI fragmented.

Our offering

Protoxol MX — built differently.

Inbound URL and attachment sandboxing — phishing, BEC and weaponized payloads.
Signals feed directly into EDR/NDR correlation — link clicks become host events.
Native M365 and Google Workspace API integration — no MX record changes.
User-reported phish flows into the same queue as auto-detected ones.
Custom detection rules in the same language as your SIEM hunts.

Cross-surface

Email events join the same timeline as endpoint and network.

No MX change

API integration — keep your existing gateway if needed.

Same rules

Detection-as-code shared across modules.

See MX against your data.

Thirty minutes. Your environment. The modules that fit. No slideware.

Book a demo See pricing