First, the concept of "suspicious" email, which is based on specific error patterns in SPF, DKIM and DMARC validation, has been introduced, but it does not trigger a policy failure. Messages that are considered suspicious are decorated with a warning in the preview and in the pop-up window of the message. If the "suspect" designation is due to a configuration problem with the sender but this sender is legitimate, users may choose to trust the sender and delete future notices.
Secondly, we have added a functionality to protect users from accidental activation of malicious content of messages in the spam folder. Thus, the basic content can be seen but the images, links and attachments are not accessible while the message is in the 'spam' folder. This forces users to drag the message out of the spam folder to interact with it. This reinforces the prevention attitude with the messages of the spam folder, which are potentially dangerous.
Finally, the way to show the discrepant information of the sender is also updated. A common sign of phishing/spoofing messages (impersonation in the computer environment) is when the Friendly From (the name that is seen as the sender of the message) does not match the address of the path of return (where the message came from). That's why we have added information in the "From" field that shows when the primary domains of these two referring addresses do not match. To simplify everything together we have also added a help bubble to explain what it means "sent from".