Spam and security filtering

tocc.contact automatically filters spam, noise, and suspicious emails before they reach the AI pipeline. Obvious spam never generates a response and never triggers a notification to you — and it doesn’t count against your conversation limit.

Inbound emails are checked in layers:

• Email authentication (SPF, DKIM, DMARC)
• Sender reputation and known spam patterns
• Malicious links (checked against security databases)
• Content-based risk signals
• AI classification into inbox, noise, or spam (see “Email classification” topic)

Noise emails (marketing, vendor outreach, newsletters) are separated from spam and stored in their own tab for 30 days. You can review and reclassify them if the AI got it wrong — the system learns from your corrections.

Emails that fail security checks are blocked and stored. You can review blocked emails on your dashboard and release them if they were flagged incorrectly. Blocked emails trigger a security alert notification so you’re always aware.