IRONSCALES Email Security Platform

IRONSCALES is an exceptional solution to prevent phishing attacks due to the strength of Themis, it's AI-powered email security platform.

Editor's Score

By Craig MacAlpine
Updated Jan 30, 2023


Expert Insights Verdict


IRONSCALES is a phishing protection solution, not a traditional spam filter. The platform’s goal is to identify and block advanced email threats such as spear phishing, business email compromise, and account impersonation, and it does this very well. Like a scalpel, IRONSCALES precisely and accurately removes targeted phishing threats. With the IRONSCALES email security platform, businesses can effectively secure their users’ inboxes against targeted threats, as well as educate their users on the risks of email threats via warning banners (and, where needed, security awareness training). IRONSCALES is an exceptional solution to prevent phishing attacks due to the strength of Themis, it's AI-powered email security platform.

  • Accurate detection of highly targeted email threats
  • Effective alerting banners
  • Intuitive “Report Phish” button

  • Admin console can be tricky to navigate


IRONSCALES is a US-based cybersecurity provider that specializes in cloud email security but has expanded their offering to include security awareness training and protection for the Microsoft Teams cloud messaging platform. The IRONSCALES email security platform works at the mailbox level to identify suspicious email activity and either warn users that an email may be unsafe, or automatically remove threats from all user inboxes. Powered by a combination of artificial intelligence and crowd-sourced human intelligence, IRONSCALES offers effective protection against sophisticated phishing attacks, account compromise, and VIP impersonation.

IRONSCALES Corporate Overview Video

Key Features

Machine Learning-Powered Threat Detection

IRONSCALES operates at the mailbox level within Microsoft 365 and Google Workspace. This means that any emails it scans have already been scanned by Microsoft or Google for SPF, DKIM and DMARC authentication checks plus any spam and malware scanning operated on those platforms.

The platform uses machine learning to detect highly targeted emails that may have slipped through. To do this, IRONSCALES’ machine learning engines use contextual analysis to identify malicious or unusual behaviors, considering factors such as domain, send time, attachments, sender location, and content language. Emails that are flagged as malicious—even though they may have come from a legitimate domain—are blocked as phishing, without having to block all emails from that sending domain.

IRONSCALES’ Email Protect and Complete Protect packages include malware scanning of attachments and URL links; however, IRONSCALES doesn’t offer “click to scan” for URL links, which some other platforms offer.

Crowdsourced Threat Intelligence

When a threat is detected in your user’s inbox, IRONSCALES remediates that threat across the inboxes of all their clients, not just your organization. This is one of the platform’s key differentiators, and one of the main reasons why it is so effective. If another IRONSCALES client reports an email as phishing, their IT team can make a note on why that email has been classed as phishing. IRONSCALES then pushes out this intelligence automatically to all their clients, enabling them to detect phishing emails that would otherwise be missed by computer scanning. This is true of threats detected by IRONSCALES’ machine learning engines, as well as those reported by users via the “Report phishing” button.

Alerting Banners

If an email is flagged as suspicious but is delivered to a user’s inbox in line with policies, IRONSCALES automatically injects a warning banner at the top of the email with details on its risk level. The banner indicates whether the email is high risk and why, e.g., the email is from a first-time sender, includes language typical of compromise attempts, or may have been sent from a spoofed address. This ensures that the user is aware of the risk and interacts with the email with caution.

Admins can customize banners to add their company logo and escalation point of contact details.

Report Phishing Button

Admins can implement IRONSCALES’ “Report phishing” button directly within each user’s inbox. This works on all devices and allows users to report suspicious emails—both phishing simulations and genuine threats—to their IT or security team. When an end user reports an email, IRONSCALES will either quarantine the email or inject a warning banner where other users have received the same or a similar email, as per admin-configured policies.

This button is extremely easy for end users to interact with, and helps to reduce dwell time of threats, while enabling admins to easily monitor the results of phishing campaigns when users are also utilizing IRONSCALES for security awareness training. You can read our full review of IRONSCALES Security Awareness Training here.

Warning banner in IRONSCALES

Warning banner in IRONSCALES

Post-Delivery Remediation

If an email reaches a user’s inbox but then is subsequently flagged as phishing, IRONSCALES can automatically remove that email from the inboxes of all users that have received it.

IRONSCALES clusters similar types of email, so if several users have each received a phishing email that is subtly different, IRONSCALES can detect this and delete the emails together. This ability to cluster and remediate is a powerful feature that can save admins in larger organizations a lot of time in dealing with phishing attacks.

Microsoft Teams Protection

As part of the Complete Protect package, IRONSCALES scans all links shared in Microsoft Teams and automatically blocks any malicious content, replacing it with an alert that warns the user as to why the link was blocked. Admins are alerted to all security events within Teams via email, and can access reporting on incidents via the management dashboard and mobile app.

Clustering and post-delivery remediation in IRONSCALES

Clustering and post-delivery remediation in IRONSCALES

Ease Of Use

IRONSCALES’ email security platform is compatible with both Microsoft 365 and Google Workspace.

The platform integrates seamlessly with Microsoft 365 environments via Graph API, without the need to configure new mail flow rules or change MX records. Deployment within Microsoft 365 takes around 5-10 minutes. In a Google environment, it takes up to an hour.

The platform offers lots of powerful functionality, but the user interface takes some getting used to. Since the product was first launched, IRONSCALES has developed and evolved, with lots of new features being added. Each time a new feature has been added, they’ve added new tab, menu, or dashboard options, making the user interface somewhat cluttered and occasionally tricky to navigate.

Pricing And Plans

IRONSCALES is available via three packages, but note that the email security features are only available within two of these:

  • Starter includes phishing simulation testing at no cost
  • Email Protect (formerly Core Plus) includes the Starter package features plus business email compromise protection, ransomware and malware protection, credential theft prevention, and crowdsourced threat intelligence for $6/mailbox/month
  • Complete Protect includes the Email Protect package features plus account takeover detection and response, Microsoft Teams protection, and added training functionality for $8.33/mailbox/month

These prices are based on businesses with under 500 mailboxes. IRONSCALES offers volume discounts for larger organizations, and special pricing for education and government institutions, which can be found on their website.

Best Suited For

IRONSCALES is offers highly effective protection against advanced email threats such as spear phishing and business email compromise, as well as security for Microsoft Teams to help identify and remediate account takeover attacks. It is not a spam filtering solution and should be used alongside an email gateway solution to prevent sophisticated attacks that a traditional gateway cannot detect. Its ease of deployment and ongoing management make IRONSCALES suitable for small- and mid-sized businesses, but the platform is also highly scalable and well-suited to serving larger enterprises.

Because of its easy, native integration with Microsoft 365 and support for Microsoft Teams, we particularly recommend IRONSCALES as a strong phishing protection solution for organizations using an Exchange or Outlook email client.

Final Verdict

IRONSCALES is not a spam filtering solution; it is a phishing protection solution. The platform was designed to identify and remediate advanced email threats such as spear phishing and business email compromise, and it does this very effectively, precisely and accurately removing targeted phishing threats like a scalpel. The platform is feature rich and—though the interface is a little cluttered and takes some getting used to—enables businesses to effectively secure and monitor their users’ inboxes for targeted threats, as well as educate users on the risks of email threats via warning banners.

IRONSCALES as a strong phishing protection solution for organizations of any size using Microsoft 365 or Google Workspace for email. We recommend that any organizations looking for heightened protection against social engineering attacks consider implementing IRONSCALES to bolster their existing email security gateway.

CEO and Founder, Expert Insights

Craig MacAlpine is CEO and founder of Expert Insights. Before founding Expert Insights in August 2018, Craig spent 10 years as CEO of EPA cloud, an email security provider acquired by Ziff Davies, formerly J2Global (NASQAQ: ZD) in 2013, which has now been rebranded as VIPRE Email Security. Craig has extensive experience in the email security industry, with 20+ years of experience helping organizations to stay secure with innovative information security and cyber security solutions. Craig delivers these insights to readers with detailed product reviews, comparisons and buyers’ guides.

Company Information
Category Icon

Email Security

Website Icon

Founded Icon


Headquartered Icon

Altanta, US

Deployment Icon

API within Office 365 & G Suite, Install on Exchange

Suitable Icon


IRONSCALES Email Security Platform Awards
Product Award Product Award Product Award Product Award Product Award Product Award Product Award Product Award Product Award
IRONSCALES Email Security Platform Interviews
Eyal Benishti
Read Here
Adam Hofeler
Read Here
David Habusha
Senior Vice President of Product Management
Read Here