The Spam, Phishing, Graymail, Web Reputation, or Social engineering attack criteria allow you to create rules that take actions on these types of potentially unwanted messages.
Hosted Email Security does not apply content-based heuristic spam, BEC, phishing, graymail, Web reputation, or social engineering attack rules to email messages received from email addresses and domains listed on the Approved Senders screen.
Lowest (most conservative)
Moderately low (the default setting)
Highest (most aggressive)