Email threat intelligence

Catch the email threats your filter waves through.

Sentinel reads intent, not just keywords — surfacing targeted phishing, business email compromise and spoofing, then correlating them into campaigns and acting before they reach a person.

View plans → See how it works

9-agentanalysis pipeline

<15%mail reaches an LLM

GDPRexport & erase built in

Live triage · inbound

"Urgent: update your payroll details"Blocked

Invoice from look-alike supplier domainFlagged

CEO gift-card request · spoofed senderBlocked

Newsletter · aligned & reputableCleared

Credential page · campaign match 0.71Flagged

Why Sentinel

Built for the threats that get past the basics.

Rules and reputation lists stop the obvious. Sentinel is designed for the targeted, low-volume attacks that are written to look legitimate.

Beyond the spam filter

Multi-signal analysis weighs headers, payloads, sender history and intent — not just blocklists.

AI that respects budget

A layered pre-filter cascade clears most mail cheaply, sending only a small fraction to a model — fast model first.

Campaign-level view

Related messages are fingerprinted and grouped into scored campaigns — not treated as isolated emails.

Privacy by design

Data minimisation, lawful-basis retention and one-command GDPR export or erasure.

Capabilities

A full intelligence pipeline, not a single verdict.

Every message runs through specialised agents that each add a signal, then a correlation layer connects the dots across your mail flow.

9-agent analysis

Ingestion, headers, payloads, senders and intent — each handled by a dedicated agent.

Pre-filter cascade

Cheap, fast layers clear the obvious so models only see what genuinely needs them.

Smart model routing

Most analysis runs on a fast, low-cost model; heavier reasoning is reserved for the few cases that warrant it.

Campaign correlation

Content fingerprinting plus infrastructure and timing signals group attacks into scored campaigns.

Threat dashboard

A clear customer view with on-demand Intelligence Reports generated without sending data to a model.

Spoof-aware actions

Auto-rules never punish an impersonated domain — generation is gated on authentication alignment.

Sender fingerprinting

Builds reputation over time so a familiar sender's sudden change of behaviour stands out.

Header forensics

DKIM, SPF and sender-IP extraction expose forged routing and authentication failures.

Multi-tenant & API-first

Isolated tenants and a clean API make Sentinel straightforward to run for one team or many.

How it works

From raw inbox to a clear decision in five steps.

Ingest

Capture mail from your mailbox over a secure connection.

Triage

The cascade clears the obvious, escalating only what looks suspicious.

Analyse

Agents inspect headers, payloads, senders and the message's intent.

Correlate

Related messages are grouped into a campaign with a confidence score.

Act

Protective rules apply automatically and a plain Intelligence Report is surfaced.

Security & compliance

Protective by default, careful with data.

GDPR data tooling — export or erase a subject's data with a single command.
Data minimisation — only what's needed for detection, retained on a lawful basis.
Secrets isolated — credentials live outside the codebase and are never logged.
Tenant isolation — each customer's data and rules stay their own.

Intelligence without exposure

Sentinel's customer reports are generated from your own analysed data — the report layer runs without sending content to a language model, so insight doesn't come at the cost of privacy.

// data minimised · lawful-basis retention · audit-logged

Plans

Protection that scales with you — from £4.99/month.

Start small and move up as your mail volume and team grow. Every plan runs the same detection engine; higher tiers unlock more mailboxes, deeper analysis and richer reporting.

Essential Growing teams Enterprise

Compare plans & sign up →