Remediation is the process of assessing and taking action on malicious emails. Go to PhishTitan > Configuration > Remediation, where you can select automatic remediation for all your customers or keep the default option of manual remediation.


When auto remediation is selected at the MSP level, it is enabled for all customers. However, a customer admin can revert to manual remediation, and override the auto remediation setting by the MSP. It is important to note that once the customer admin overrides the MSP selection, inheritance between the MSP level and the customer level is broken.

  • Manual remediation (default): By default, PhishTitan is configured for manual remediation, which means that administrators must assess user-reported threats and select a remediation option.

    Administrators will need to assess and manage those emails by going to PhishTitan > Incidents and viewing the Action Needed tab. See Incidents for additional information.

  • Auto remediation for all customers: If you select this option, then all malicious emails for all your customers are delivered directly to their junk folders.

    You can view the emails that have been auto remediated in the Resolved tab at PhishTitan > Incidents. If you decide that the email is safe, you can choose to add the sender to the Allow List or mark the email as safe. See Incidents for additional information.