A method of detecting malicious electronic messages transmitted from at least one message sending device to at least one message receiving device includes: generating at least one signature for an electronic message; storing the generated signature in a data storage unit; determining whether the electronic message is malicious; if the electronic message is determined to be malicious, determining on the basis of the generated signature, whether electronic messages comparable to the determined malicious message were classified as non-malicious and transmitted to the message receiving device in the past; and if it is determined that electronic messages comparable to the determined malicious message were classified as non-malicious and transmitted to the message receiving device in the past, notifying the message receiving device about a potential threat. Also disclosed are a messaging server and a messaging system implementing the above described method.