Skip to main content


When the Sandbox feature is activated, all emails containing attachments will be delayed, and their attached files will be sent to a sandbox environment for scanning. Their recipients will instead receive an email notifying them of the events.


New Email Security companies have the feature activated by default. Users of existing companies will be prompted to activate the feature when logging in to the Email Security console.

File detection techniques are used to determine the real type of the file even if the extension has been manually changed. For a list of supported file types refer to Supported file types for Email Security Sandbox.


The maximum file size that can be sent to the sandbox is 20 Mb

Once the scanning is completed, the original email will is delivered to the intended recipient. If the attachments are clean, they will be included in the email. If threats are found, the behaviour of the feature will depend on the Advanced Email Sandbox message rule. For more information refer to Default Rules.


It may take up to 20 minutes for the sandbox to process a file and longer if the file is contained within an archive

Sandbox Settings

To access Sandbox Settings actions go to Product Configuration > Sandbox Settings.


Enable Notifications to Recipients

If this option is enabled, users will receive notifications via email informing them that an email sent to their address has been delayed for further scanning.

Notification Email Display Name

The displayed name of the sender in the notification emails sent to users.

Notification Email From Address

The email address of the sender in the notification emails sent to users.