Emails in the inbox should have the following protection (in case you didn't develop this yet).
1. Check if the email address matches the sender person as it is expected to be. For example, a certain bank should always have a certain email address matching the bank domain. To do this, there should exist a database of main companies such citi.com etc. so that Thunderbolt system can verify if all messages coming from Citibank really come from someone with email address ending in citi.com.
2. Check if there is a link in the message leading to a website different from the website it supposed to be. For example, a message coming from a bank should lead only to the bank website which is in your database.
3. In case 1 or 2 happens, and any other, the message should be sent to a Box called Phishing or something, not Spam. Thunderbold could also send automatically a copy of this email sent to this Box to a outside controller related or not to Thunderbolt (Interpol etc.)
