How can my organization use PhishBarrel?

Only 2 steps? Yup! It's that simple to setup and start using PhishBarrel.

  1. 1
    Pick an email ingestion method

    Select from IMAP, SMTP, file share, HTTP POST, or S3 sources for real time ingestion of your organization's emails. Microsoft Exchange Online / Office 365 integration also exists so you do not have to modify your DNS MX records. See this FAQ question for more Exchange Online / Office 365 integration details.

  2. 2
    Build automation around PhishBarrel's API

    Write security orchestration playbooks, integrate with third party threat intelligence, and search quickly for anything (text, hashes, URLs) in emails. The sky is the limit with how your organization can leverage the email data available in PhishBarrel.


Lightning Fast Search

Search emails for free-form text, attachments, URLs, and addition to some other secret sauce attributes (request a demo).

Robust API

Seamlessly integrate your existing security operations analytics and reporting (SOAR) workflows with PhishBarrel's API.

Enriched email analytics

Provide better context and attributes about every email, URL, and attachment entering your organization.

Decreased reaction/remediation time during security incidents

During a phishing attack, those first few minutes are precious. Quickly gain visibility and situational awareness about the phishing attack.

Identify similar malicious emails

Attackers evolve and PhishBarrel is prepared to handle that. Identify tweaks and modifications to campaigns to quickly discover a change in an adversary's tactics.

No hardware/software management

PhishBarrel is completely cloud native with encryption at rest and transfer when possible. We also support on-premise deployments if you would rather manage your own infrastructure.

Have questions? Want a demo?

PhishBarrel API use cases

Search emails for a key word

Your Security Operations Center learns of a Business Email Compromise phishing campaign requesting funds be transferred to account 11223344. With PhishBarrel, you can quickly search all emails for that text phrase "11223344" to determine if your organization is being targeted.

Determine users receiving an email with a credential stealing URL

A user reports they entered their credentials into a fake web page. With PhishBarrel, you can quickly query all your emails for the URL ("") to determine other recipients.

Search for malicious hashes

Your threat intelligence feed reports there is a known ransomware variant PowerShell script masquerading as a Microsoft Word document with a specific SHA-256 hash. With PhishBarrel, you can determine which recipients received the email with that attachment and that the file signature is incorrect for the ".docx" file.

Frequently Asked Questions

Email us with any other questions.

What type of organization is ideal for PhishBarrel?

Any organization with a security team looking to enhance their insight into inbound emails, increase phishing playbook automation, and develop more security orchestration around phishing incident response.

Does PhishBarrel only operate in passive mode?

No. An active inline solution to block, warn, or prevent phishing emails from reaching your organization's users in the first place is currently offered for Microsoft Exchange Online / Office 365 customers. There is no need for you to modify your DNS MX records with all email being initially spam filtered and stored by Microsoft. Email is diverted to PhishBarrel which processes it, then injects it back into the mail flow with a warning banner or prepended subject text, e.g. "[POTENTIAL PHISHING EMAIL] - Invoice for parts".

Should I have concerns that it is hosted in the cloud?

Your organization may have a different risk tolerance, but we can leverage incredible scalability, features, and security by hosting PhishBarrel in the cloud. If you are more comfortable self hosting on your own infrastructure, we also support an on-premise solution.

Do you support on-premise deployments?


How long are emails kept?

This is up to your organization, but emails can be retained for 1-60 days. For on-premise deployments, you can store email indefinitely as long as you have the disk storage space.

Will this break the flow of inbound email to my organization?

If PhishBarrel is operating in passive mode and the service goes down, it will not affect your organization's email flow. If PhishBarrel is operating in active mode as part of Microsoft Exchange Online / Office 365 and the service goes down, there could be small delay while the service comes back up, but you won't lose any emails. They are saved and stored on Microsoft's mail servers until it can be processed by PhishBarrel.

If Phishing is the #1 attack vector, why aren't more companies trying to solve this problem?

That's a great question and one we asked ourselves when we started developing PhishBarrel. Check out Momentum Cyber's CYBERscape graphic and see if you can find the small set of companies tackling "Messaging Security".

Our organization leverages a Managed Security Service Provider (MSSP), can they use this?


Can this be used for outbound email traffic?

Although initially designed for inbound email, PhishBarrel could also be utilized to handle outbound email as part of a Data Loss Prevention solution.

Will you read my emails?

No. We understand the potentially sensitive information PhishBarrel could be privy too, but we take your personal and organization's privacy seriously and want to earn your trust. Also, we have enough of our own emails to wade through everyday.

Have questions? Want a demo?