Quarantine is a mail security holding state used for suspicious messages that should not be delivered immediately. Instead of landing in a user’s inbox, the email is paused for review by a security system or administrator.
This matters because email is a common delivery path for phishing, malware links, and spoofed business requests. Quarantine helps defenders stop risky mail before it reaches high-value users, reducing the chance that a fake login page, malicious attachment, or deceptive invoice will be opened. It is a practical control in gateway filtering, where signals such as SPF, DKIM, DMARC, sender reputation, content analysis, and unusual domain patterns can trigger a delay or hold.
In real operations, quarantine is used to review borderline messages, release legitimate mail, and block obvious threats. It is especially useful in government and enterprise environments, where one convincing message can affect credentials, policy, or workflows. The trade-off is that overly aggressive quarantine can задержать legitimate correspondence, so tuning and exception handling are important.



