Malware commonly enters a network enterprise through a number of vectors. One such vector is electronic mail (email). A challenge with malware analysis is figuring out a sufficient way to get access to potentially malicious content for scanning, such as without affecting network speed or other network traffic. One approach is using a man-in-the-middle (inline) mail transfer agent (MTA). In an inline approach, the email traffic is buffered. The buffered email is analyzed for malware and forwarded to a user only after passing malware analysis. Such an inline approach adds a delay between email receipt at the network and the email showing up in a user's inbox, regardless of whether the email includes malware. Time-sensitive emails can be delayed too long using an inline approach. Analyzing every email can be cumbersome and unduly tax computation resources.