Provide additional actions to help us take special precautions when a protected user is impersonated
The existing actions have some pretty big down sides. It would be helpful to have the ability to take more than one action perhaps?
"Add address as Bcc recipient”
Does not permit us to send the message to quarantine or to the users junk e-mail folder. Presents posibility user will fall for the phishing attempt as we are notified that it occurred.
Erases the original recipient. Using this action makes it very difficult to deliver a false positive to the original recipient.
"send to quarantine"
notification for a protected user behaves just like notifications for anyone else when using this action.