Is this email from who it says it’s from? The main check of Authentication is the SPF (Sender Policy Framework), DKIM (Domain Key Identified Mail), and DMARC (Domain-Based Message Authentication Reporting and Conformance) protocols.
An example of red A would be an email failing all authentication checks. Green would be an email with a DMARC pass.
Does this email contain wording or topics that may indicate phishing or at least require care and attention? Content performs NLP analysis of the email body, compares domains used to a list of the top 1 million, flags up email trackers, and much more.
An example of a red C would be the email being flagged as mentioning an invoice and having high urgency. Green would be an email where NLP returns no particular topic and all domains listed are common.
Do you have an established relationship with this user? OnINBOX has a trust list for users and a larger domain list managed by your company administrators. Trust checks that users you are communicating with are on this list, alongside checks for possible email deception such as the user having a similar name to someone on your trust list.
An example of a red T would be if the email is from a domain on the company's threat list. Green would be that the user is on the trusted list.