Read-only access — can view mail logs, quarantine, and settings but cannot change anything
operator
Daily operations — can release quarantine, manage queue, and handle day-to-day email tasks
manager
Configuration + users — can edit filtering rules, sender policies, and create viewer/operator users
admin
Full control — can manage domains, all users, billing, and all settings within their scope
Levels
customer
Access to all domains belonging to that customer
domain
Access restricted to one specific domain only
Managed Domains
Domain
Relay To
Customer
Status
Added
Actions
Loading...
-
Quarantined
0
Pending Approval
Quarantined Emails
Ctrl+click rows to select · then batch release
Date
From
To
Subject
Verdict
Score
Reason
Actions
Loading...
Release Requests Pending Approval
Date
Recipient
Sender
Subject
Score
Reason
Status
Actions
Loading...
Quarantined Email
-
Total Queued
-
Deferred
-
Active
-
Hold
Customer
Domain
Sender
Recipient
Size
Age
Error
Actions
Click "Queue" tab to load
▸
▸
▸
Resellers
Customers
Add Customer
Users
Domains
User Management
Name
Email
Role
Scope
Status
Last Login
Actions
Loading...
Add User
Quarantine & Whitelist Policies
Control who can self-release quarantined emails and who can auto-whitelist senders. Settings inherit from parent scope (Global → Reseller → Customer → Domain). Set a value to override the parent, or leave as “Inherit” to use parent’s setting.
Self-Release (Quarantine)
Can users release quarantined emails themselves?
Auto-Whitelist (Sender Trust)
Can users auto-trust senders when releasing emails?
Mailbox Billing
Manage declared mailbox counts per customer or per domain. Our system automatically detects the approximate number of real human mailboxes from mail flow — this estimate improves over weeks. Click a row to expand.
Loading...
Voice Feedback
Voice questions where the RAG knowledge base returned nothing relevant. Review, mark resolved, or write a doc to close the gap.
-
Open
-
Open (24h)
-
Reviewed
-
Total
Date
Role
Who
Question
Top sim
Status
Loading...
User Feedback
Bug reports, UI/UX suggestions, and feature requests from all users.
-
New
-
Bugs
-
UI/UX
-
Features
-
Total
Date
Category
From
Message
Page
Status
Actions
Loading...
Domain Info
Relay:
Plan:
AI Mode:
Connection:
DNS Records
Microsoft 365
Status:
Mode:
Tenant:
⏳Disconnecting Microsoft 365
Starting…
0%
✓ Microsoft 365 disconnected — all Exchange changes reverted
✗ Disconnect failed
Disconnect Microsoft 365?
This removes all four Exchange objects LastSpam created (inbound connector, transport rule, anti-spam policy, anti-phish policy) and returns the tenant to its original state. Mail flow will not change unless this domain also has MX records pointed at LastSpam.
Greylisting delays first-contact emails by 5 minutes — legitimate servers retry, bots don't. Disabling it means emails skip the greylisting delay but still go through all other verification layers (authentication, sender rules, attachment scanning, AI analysis).
OFF (default): Greylisting bypassed when SPF auth passes. No alignment check. ON: Greylisting bypassed only when DMARC passes (SPF/DKIM auth + domain alignment). Recommended for high-security domains (finance, healthcare, education).
How it works: This setting controls whether email analysis uses local AI, cloud AI, or both. Privacy Mode customers still benefit from anonymized threat intelligence learned from cloud analysis — only raw email content stays local.
Tags & Banners —
Inherited
HTML Banners
External
Suspect
Spam
Danger
Subject Line Tags
External
Suspect
Spam
Danger
File Attachment Policies
ⓘ —
Default attachment policy — aligned with Microsoft Defender, Mimecast, Proofpoint, and Google. Overrides below can create exceptions per customer or domain.
ClamAV malware scanning runs on all attachments regardless of extension. Use the override form below to create exceptions for trusted senders or required file types.
Extensions = file types to allow/block. Senders = who can send them (empty = anyone). Emergency = active immediately for your direct scopes, cascades to child admins for approval.
Child Scope Rules
Change History▼ Show
Sender Whitelist / Blacklist
ⓘ —
Two whitelist modes — choose based on how much you trust the sender's email infrastructure.
✅ Safe Whitelist (recommended)
Delivers the email only if SPF or DKIM passes. Still runs full spam/AI analysis for logging and Tags.
Use for: Trusted partners with working email authentication. Protects against spoofing — someone pretending to be the whitelisted sender will still be blocked.
Blocks if: Neither SPF nor DKIM passes, or DMARC policy is p=reject and fails.
⚠ Full Bypass (dangerous)
Delivers the email regardless of authentication results. No SPF, DKIM, or DMARC checks.
Use for: Senders with broken infrastructure — no reverse DNS, temporary blacklisting, no DKIM/SPF setup at all.
Risk: Anyone can spoof this sender and bypass all protections. Use with caution and set an expiry date if possible.
Input formats:acme.com = exact domain | *.acme.com or .acme.com = domain + subdomains | bob@acme.com = specific address
Precedence: Blacklist always wins over whitelist. Dangerous whitelist wins over safe. Customer-level rules inherit to all their domains.
Spam scoring is controlled by the Mode selector above
⚠ Warning: Full Bypass skips ALL authentication checks (SPF, DKIM, DMARC). Anyone can spoof this sender and emails will still be delivered. Only use for senders with completely broken email infrastructure.
Input Format Guide
bob@acme.com
Exact email address
acme.com
Entire domain (all users @acme.com)
*.acme.com
Domain + all subdomains (mail.acme.com, eu.acme.com, etc.)
What Each Option Does
Mode: Safe
Whitelist only if DMARC passes (proves sender owns the domain)
Mode: Full Bypass
Skip all spam checks — no authentication required (dangerous)
Skip greylisting
No first-contact delay — useful for time-sensitive senders
Skip attachment blocking
Allow risky file types (e.g., .exe, .iso) from this sender
You can combine options. Comma or newline-separate multiple entries.
Whitelist
Blacklist
Child Scope Rules
▲ Inherited from Customer — (read-only)
▲ Inherited from Reseller — (read-only)
| CONFIG CHANGELOG
All Users
Add User
Email
Name
Tier
Role
Belongs To
2FA
Status
Actions
Loading...
Add Reseller
Email Details
Panel 1
Panel 2
Panel 3
Admin Assistant
Send Feedback
Report a bug, suggest an improvement, or request a feature. Just describe it — we'll categorize it automatically.
or Ctrl+V to paste
✓
Thank you!
Your feedback has been submitted. We'll review it shortly.