Email Security Blog

Content Disarm and Reconstruction: Sanitizing Malicious Emails to Keep You Secure

We live in a quick-to-click culture. Likes, shares, and follows are a part of everyday life where speed and convenience rule. We want everything quickly – whether it’s the mail we’re ordering or the news we’re consuming. In many instances, this works out just fine. But in the case of cybersecurity, the quick-to-click instinct can prove catastrophic.

Malicious content refers to the malicious code that is inserted into your email. One quick or curious click in a phishing email and you could set the malicious code into play - jeopardizing, disrupting, or destroying your network. One-click is all it takes and your system could be embedded with a host of computer viruses, worms, malware, trojan horses, time bombs, ransomware and more.

How likely are your employees to click on malicious content?

Consider these statistics involving human error:1,2

  • 85% of all data breaches are due to human error.
  • Nearly 20% of employees click on phishing emails.
  • 5% of those who click on a phishing email end up submitting credentials on a phishing website.

As these numbers show, the need for a strong email security solution is paramount. You can’t rely on employees to be able to identify malicious links in an email, even if you are providing regular cybersecurity training. Instead, you need a security solution that can identify abnormalities in emails, even if the threat has never been seen before.

In addition to the human error at play, phishers design clever new tactics all of the time. INKY, a leading cloud-based communication security platform provider, caught hackers who had built a 2x2 table and disguised it as a Microsoft logo so it could slip by security.

From there, other phishing tactics were used in an effort to deliver malicious links:

  • Invisible characters – a technique in which scammers exploit the complexity of Unicode/HTML by embedding invisible text in an email to confuse the SEG.
  • The booby-trapped HTML attachment — an attachment containing obscured malicious code that executes upon opening.
  • Zero-font character stuffing — a technique that involves surrounding text to be rendered visually with characters that will be invisible to humans in order to fool email security tools as well as the recipient.

The Power of Content Disarm and Reconstruction (CDR)

Email security providers differ in their offerings based on the level of ingenuity inherent in the solution they offer. INKY’s Content Disarm and Reconstruction (CDR) process is designed to protect your company from the perils that lurk behind dangerous attachments, obscured code, invisible characters and any other malicious content designed with criminal intent. If you’re not familiar with it, CDR is much like it sounds.

It’s a process in which INKY’s advanced technology sanitizes and analyzes all emails in a few quick steps.

  1. Deconstructs each email into header, body, attachments, etc.
  2. Detects evidence of foul play
  3. Disarms ill-intended emails by removing javascript, cross-site scripting, and any similar malicious content
  4. Reconstructs the email using safe and standard HTML5.
  5. Shares its analysis with the recipient via INKY’s Email Assistant

Of course, throughout this process, INKY simultaneously unleashes more than three dozen models on every email as part of the analysis. Based on the results, INKY injects an HTML block with one or more of nearly 60 warning banners, which are available in 35 languages. These email security banners have distinct color-coding - red for DANGER, yellow for CAUTION, and grey for SAFE. A short descriptive message and a “details” link are also included to provide users with additional insight into any particular issues with the email they’ve just opened. In a way, each message acts as a quick tutorial and helps to promote stronger cyberculture throughout your organization.

INKY is the industry’s best solution for the security of your email. Cost-effective and powerful, INKY can be implemented quickly, regardless of whether your employees work at the office or remotely. Like all INKY offerings, Content Disarm and Reconstruction works on any device, including mobile.

If you’d like to learn more about INKY’s Content Disarm and Reconstruction (CDR) process and how it can protect your company, schedule a demonstration.


INKY is an award-winning, cloud-based email security solution developed to proactively eliminate phishing emails and malware while simultaneously providing real-time assistance to employees handling suspicious emails so they can make safer decisions. INKY’s patented technology incorporates sophisticated computer vision, machine learning models, social profiling, and stylometry algorithms to effectively sanitize emails, rewrite malicious links, detect and block security threats, mitigate sender impersonation, and more. Cost-effective and powerful, the INKY platform was developed for mobile-first IT organizations and works seamlessly on any device, operating system, and mail client. Learn more about INKY™ or request an online demonstration today.