Email Actions

For emails in Email Live Tracking, various actions, such as adding senders to the deny list, can be performed.

The actions are described in the following table.


The availability of the email actions depends on which actions have been enabled by the administrator and which products have been activated.

Table 1. Email actions



Deliver email The selected emails are delivered, triggering a process of re-evaluation of the classification on our part.

This option can always be applied to emails classified as Clean and Infomail if you have booked Archiving. For emails classified as Spam, Content, Threat, and AdvThreat, the option is independent from Archiving. However, the option is only available for emails with these classifications if the administrator has enabled the delivery. The additional line x-hornetsecurity-delivered: is added to the headers of the delivered emails, containing information about the role of the user who triggered this action. Support employees of Hornetsecurity, partner-level administrators, customer-level administrators and basic users are tagged with the words support, reseller, admin and user, respectively.

Email preview

In a new window, an encrypted link opens a web service where the content of the selected email is displayed in a secure way. Images, links and other active content from the email are deactivated or replaced by secure placeholders. If necessary and possible, the layout and encoding of the email are slightly modified to display the content of the email.


You can only apply this action to emails of which you are the owner.


You can only execute this action for a single email (see Selecting actions for single emails).


The email preview opens in a pop-up window. Browsers may block pop-up windows. Pop-up windows can be allowed in the browser settings.


For more information about email preview, see Email Preview.

Report as spam

The selected emails are classified as spam, and the support and quality management system is informed. This is the preferred method of dealing with spam emails.

Report as infomail

The selected emails are classified as infomail. The options for dealing with infomail are individually adjustable.

Add sender to deny list

The senders of the selected emails are added to the user's deny list. Any future emails from these senders will be automatically classified as spam.

Add sender to allow list & deliver email The senders of the selected emails are added to the user’s allow list and the emails are delivered. All other emails from the senders will be automatically delivered.
Add to deny list for all users

The senders of the selected emails are added to the deny list for all users of the domain and incoming emails are classified as spam.

Add to allow list for all users

The senders of the selected emails are added to the allow list for all users. All incoming emails from the senders will be automatically delivered.

Send email to admin

The selected emails are sent to the email address of the person to whom the contact send_email_to_admin has been assigned under Service Dashboard > Role management and contacts (see Assigning a Contact for Email Delivery).

Deliver to support

The email is sent to the support mailbox


Mark as private

The selected emails are treated as private emails. Thus, the access to them is blocked and can only be restored by support. With an audit access, emails marked as private cannot be read. However, emails marked as private are exported with the Aeternum Export Manager.


The deny list and allow list entries are processed in the following order:

  • Administrator deny list
  • Administrator allow list
  • User deny list
  • User allow list

An administrator adds the account to the global deny list. A user adds the same account to his allow list. All emails from the account will be delivered to the user, but not to any users who have not added the account to their allow lists.