Controlled post-delivery email remediation for Exchange Online
Exchange SafePurge (ESP) is a lightweight, Graph-based remediation application for Microsoft Exchange Online that helps organizations safely locate and purge malicious emails after delivery.
It is designed for environments where a suspicious or malicious message has already reached user mailboxes and is later identified by an administrator, antivirus product, security team, user report, or other detection source. ESP provides a controlled, auditable way to find the affected messages and remove them without requiring administrators to open or inspect message body content.
Purpose-Built for Post-Delivery Response
Malicious emails sometimes evade initial filtering and only later become known-bad due to updated threat intelligence, URL reputation changes, antivirus signature updates, or human investigation.
ESP fills the gap with a simple administrator-driven workflow: a safe and efficient way to remove already-delivered messages across mailboxes.
Content-Safe by Design
ESP uses the Microsoft Graph API and deliberately avoids routine message-content exposure. Operators work from message metadata and headers only, within targeted searches related to known threats.
This materially reduces operational risk — less chance of an administrator accidentally engaging with malicious content during the cleanup process.
Human-Driven by Design
ESP is intentionally not an automated auto-pull system. A human operator drives the process, reviews the targeted results, and explicitly confirms the purge action.
This supports safer change control, reduces the risk of accidental mass deletion, and provides a clear answer to: who decided to remove what, and based on what evidence?
Immutable Audit Logging
ESP includes immutable audit logging for both major categories of sensitive action: viewing message headers and purging messages.
This creates a durable operational record showing what was examined, what was removed, and which user initiated the activity — a defensible remediation trail without requiring a broader suite.
Ecosystem-Neutral and Deployment-Agnostic
ESP is compatible with virtually any Exchange Online deployment scenario. It does not depend on a specific email gateway, antivirus product, EDR platform, or post-delivery security vendor. It also does not require customers to replace anything they already use.
If an organization already has an email security stack, ESP sits alongside it. If an organization has little or no layered email protection, ESP can still provide a safe post-delivery mitigation path.
Who Is ESP For?
Small & Midsize Businesses
Organizations that need a safe way to clean up malicious emails but aren't paying for a broader enterprise security suite. Easy to understand, easy to deploy.
Fragmented Mid-Market
Companies whose email and security environments aren't homogeneous enough for a single-suite strategy. ESP closes a specific remediation gap without requiring architectural standardization.
Managed Service Providers
MSPs managing many smaller tenants benefit from ESP's narrow purpose, predictable licensing, and auditable workflow as a repeatable remediation utility across customer environments.