Skip to main content

How to Use InboxWatch

InboxWatch scans your email account for security threats that traditional antivirus and spam filters miss. This guide covers everything you need to know to protect your email.

Getting Started

Setting up InboxWatch takes about 30 seconds.

1

Sign in with your email provider

Click Start Free Scan on the homepage and sign in with your Google or Microsoft account. InboxWatch uses your provider's secure sign-in — we never see or store your password.

2

Grant read-only permissions

You'll see a permissions screen from Google or Microsoft. InboxWatch requests read-only access to your email settings and metadata (sender, subject, date). We never read the content of your emails.

3

Your first scan runs automatically

Once connected, InboxWatch immediately scans your mailbox settings for threats. Your security score and any findings will appear on your dashboard within 1-2 minutes.

Your first 15 scans are free. No credit card required.

Your Dashboard

Your dashboard is the central hub for your email security. At the top you'll see:

  • Security Score — A number from 0-100 reflecting your overall email security posture
  • Grade — A letter grade (A+ to F) based on your score
  • Active Findings — Security issues that need your attention
  • Last Scan — When InboxWatch last checked your account
A score above 80 (grade B or higher) means your account is in good shape. Below 60 means action is needed.

Running Scans

InboxWatch scans your account in two ways:

1

Automated scans (every 30 minutes)

InboxWatch automatically scans your mailbox every 30 minutes. You don't need to do anything — threats are detected and you're alerted automatically.

2

Manual scans (on-demand)

Click the Scan button in the bottom navigation (mobile) or dashboard header (desktop) to run a scan immediately. Use this after making changes to your email settings to verify they're secure.

Each scan counts toward your free allowance (15 scans) or metered usage if you have a payment method on file.

Understanding Findings

When InboxWatch detects a potential security issue, it creates a finding. Each finding includes:

  • Title — What was found (e.g., "External Email Forwarding Active")
  • Severity — How urgent the issue is (Critical, High, Medium, Low)
  • What we found — A plain-language explanation of the issue
  • Why it matters — The potential impact if left unaddressed
  • How to fix — Step-by-step remediation instructions

Click any finding card to expand the full details and fix steps.

Fixing Issues

Every finding comes with clear instructions on how to resolve it. Here's the typical workflow:

1

Review the finding

Click the finding to see the full details, including what was detected and which specific item (email address, rule, app) is affected.

2

Follow the fix steps

Each finding has numbered steps that walk you through the fix. These typically involve going to your email provider's settings and removing or changing the flagged item.

3

Run a new scan

After making changes, run a manual scan to confirm the issue is resolved. The finding will disappear from your dashboard.

4

Mark as dismissed (if intentional)

If the finding is something you did on purpose (e.g., forwarding to a personal backup), click Dismiss to tell InboxWatch it's expected. It won't alert you again.

Severity Levels

Critical

Your account may be actively compromised. Take action immediately — these issues can lead to data theft, fraud, or account lockout.

High

Significant security risk. Address within 24 hours — these create openings that attackers commonly exploit.

Medium

Moderate risk. Review when convenient — these may indicate misconfiguration or weak security practices.

Low

Minor concern. Good to know about but not urgent — often informational or best-practice suggestions.

Dashboard Sections

Email Alerts

InboxWatch sends email alerts to keep you informed without needing to check the dashboard:

  • Critical alerts — Sent immediately when critical or high-severity issues are detected
  • Morning digest — Daily summary of your security status and any new findings
  • Weekly executive summary — High-level overview of your security posture for the week
  • Breach alerts — Notification when your email appears in a new data breach

You can customize which alerts you receive in Settings → Notifications.

Teams

If you have a work email on a custom domain, you can invite team members to monitor your entire organization:

  • Team Overview — See security scores across all team members (admin only)
  • Invite members — Send email invitations to colleagues in your organization
  • Org-wide insights — View aggregate threat data and team-level recommendations
Team features are available for custom domain accounts (e.g., you@company.com). Personal email accounts (Gmail, Outlook.com) use individual mode.

Settings

Customize InboxWatch to fit your needs:

  • Notifications — Choose which email alerts to receive and how often
  • Connected Accounts — View and manage linked email accounts
  • Billing — Manage your subscription and payment method
  • Alert Severity — Set the minimum severity level for real-time alerts

Access settings from the gear icon in the sidebar or here.

Privacy & Security

We never read your emails

InboxWatch only accesses email metadata (sender, subject line, timestamps) and settings (forwarding rules, filters, connected apps). We never request or have access to email body content.

Encryption at rest

All OAuth tokens are encrypted with AES-256 before storage. Your scan results are stored in encrypted databases. We follow industry-standard security practices.

You can disconnect anytime

Remove InboxWatch's access from your Google or Microsoft account settings at any time. We'll stop scanning immediately and you can request data deletion.

Read-only access only

InboxWatch requests the minimum permissions needed. We can read settings but cannot modify your email, send messages, or change your password.

Still have questions?

Visit our Help Center or contact support.

© 2026 InboxWatch. All rights reserved.