BackHow Subject Prefix Remediation Works in Rotate
4 minHow “Subject Prefix Remediation” Works in Rotate
When something looks off in an email, users usually notice it in one place first: the subject line.
Our Subject Prefix Remediation feature in Rotate takes advantage of that by clearly marking risky emails directly in their inbox, on any device.
In this article, we’ll walk through:
- What Subject Prefix Remediation does
- What a remediated email looks like for end users
- Why this helps reduce risk
What is Subject Prefix Remediation?
Subject Prefix Remediation is a policy-driven action in Rotate that rewrites the subject line of an email to include a clear security indicator.
Instead of silently letting a suspicious email land in the inbox, Rotate can change:
Subject: Payment confirmation
into something like:
Subject: [SUSPICIOUS] Payment confirmation
How a Remediated Email Looks in the Inbox
From the user’s perspective, a remediated email looks like a normal email – just with a very clear label at the beginning of the subject.
In the message list
In Outlook, Gmail, or on mobile, users will see something like:
- Before remediation
Payment confirmationReset your password
- After Rotate remediation
[SUSPICIOUS] Payment confirmation[``SUSPICIOUS``] Reset your password
This helps users instantly understand:
- “This email might be risky.”
- “I should be extra careful before clicking links or opening attachments.”
In the email itself
When the user opens the email, they see the same prefixed subject at the top of the message. There’s no separate banner they might miss or ignore – the risk marker is part of the core email metadata they are already used to reading.
Replies and forwards
When a user replies or forwards a remediated email, the prefix typically stays in the subject, for example:
Re: [SUSPICIOUS] Payment confirmation
This has two benefits:
- It keeps the risk context visible inside the ongoing conversation.
- It helps admins or security teams quickly recognize that a message in a thread was originally flagged by Rotate.
Example: Before & After
Original email
- From:
billing@payments-portal.com - To:
finance@yourcompany.com - Subject:
Payment confirmation
Rotate analyzes this email and finds:
- Domain has low reputation
- Links point to a newly registered domain
- Wording matches a pattern used in previous phishing attempts targeting finance
Policy result: mark as suspicious but do not block.
After Subject Prefix Remediation
- From:
billing@payments-portal.com - To:
finance@yourcompany.com - Subject:
[SUSPICIOUS] Payment confirmation
For the user, the message is still readable and actionable, but clearly labeled as something that requires extra caution.
Why This Matters
Subject Prefix Remediation is designed for organizations that:
- Want to reduce risk without immediately quarantining every suspicious email
- Need a simple, visual cue that works across desktop, web, and mobile clients
- Prefer to train user behavior over time rather than rely solely on hard blocking
By putting risk information directly in the subject line, Rotate helps:
- End users make better, safer decisions when interacting with emails
- Security teams enforce policies consistently, without needing an add-in per client
- Organizations strike the right balance between productivity and protection
How “Subject Prefix Remediation” Works in Rotate
Frequently Asked Questions
What is the Email Add-On?
The Email Add-On is a tool designed for Gmail and Outlook that helps you identify and manage malicious emails, including spam, phishing attempts, and malware. It enhances your email security by reporting suspicious emails and managing your personal spam list.
Why are mail rules a security risk?
Mail rules can be exploited to exfiltrate data, hide security alerts, or modify incoming messages. Attackers often use forwarding rules to silently send emails to external accounts or create rules that auto-delete security notifications, making it harder to detect compromises.
Why is email security important?
Email is a common attack vector for phishing, spoofing, and other cyber threats. Properly configured DMARC, DKIM, and SPF records help prevent unauthorized parties from sending emails on behalf of your domain, protecting your organization from email-based attacks.
What actions can I take on a malicious email?
When a malicious email is detected, you can take the following actions:
- Block the email to remove it from the user’s inbox.
- Release the email after it’s been blocked, putting it back in the inbox.
Can I deactivate Rotate Mail Scanning on a specific mailbox?
Yes, you can exclude specific mailboxes from Rotate Mail Scanning. This can be configured in the Configurations tab in the Email Hub under the Users and choose the users to exclude.
What does Email Threats mean?
- Phishing: A type of cyberattack where attackers impersonate legitimate organizations via email or websites to steal sensitive information like passwords or credit card numbers.
- Financial Fraud: Illegally obtaining money or assets through deceptive means, such as credit card fraud, investment scams, or identity theft.
- BEC (Business Email Compromise): A type of cybercrime where attackers impersonate company executives or employees to trick others into transferring money or sensitive information, often through email.
- Malware: Malicious software designed to harm, exploit, or otherwise compromise the data or functionality of a computer, network, or device. Examples include viruses, trojans, and ransomware.
- Spam: Unsolicited and often irrelevant or inappropriate messages, typically sent in bulk, usually through email. Often used for advertising or spreading malicious content.