Skip to main content


Customer Remediation

Remediation is the process of assessing and taking action on malicious emails. Go to PhishTitan > Configuration > Mail Flow > Remediation, where you can select automatic remediation for all your users or keep the default option of manual remediation.


When auto remediation is selected at the MSP level, it is enabled for all customers. However, a customer admin can revert to manual remediation, and override the auto remediation setting by the MSP. It is important to note that once the customer admin overrides the MSP selection, inheritance between the MSP level and the customer level is broken.

The Remediation tab is active by default when you access the Mail Flow page.

  • Manual remediation (default): By default, PhishTitan is configured for manual remediation, which means that administrators must assess user-reported threats and select a remediation option.

    Administrators will need to assess and manage those emails by going to PhishTitan > Incidents and viewing the Action Needed tab. See Incidents for additional information.

  • Auto remediation for all users: If you select this option, then all malicious emails for all your users are delivered directly to their junk folders.

    You can view the emails that have been auto remediated in the Resolved tab at PhishTitan > Incidents. If you decide that the email is safe, you can choose to add the sender to the Allow List or mark the email as safe. See Incidents for additional information.