FAQ: What do users see when browsing is blocked or allowed by the Blended Threats service?

Expand / Collapse

This article applies to:

  • Trustwave MailMarshal (SEG)
  • Blended Threats service


  • What do users see when the Blended Threats service blocks browsing to a URL?
  • What do users see when the Blended Threats scan determines that a URL is safe?


When Trustwave SEG processes a message using the Blended Threats function, URLs in the message subject and body are updated so that the URL content can be scanned in real time.

When the user clicks a rewritten URL, the Blended Threats server evaluates the page using several validation methods, potentially including a live scan of page behavior. 

  • While the evaluation is in progress, the user may see a "Scanning - Please Wait" notice.
  • Once evaluation is complete, if no threats are found the user will be notified and redirected to the original site.
  • The service caches results for a short period. If the target page was very recently checked and no threats were found, the user will immediately be notified and redirected to the original site.

Caution: Even if no threats are found, users should always takedue care, particularly if the site requests credentials or personal information.

If the content is blocked the user will see a result similar to the below image. Detailed information varies depending on the specific functionality that returned the result.

In some cases the scan notes a page as suspicious, but with lower confidence. In these cases the validator page presents a warning, but allows click-through to the original site.

To contact Trustwave about this article or to request support:

Rate this Article:

Add Your Comments

Comment submission is disabled for anonymous users.
Please send feedback to Trustwave Technical Support or the Webmaster