McAfee SaaS Email
Protection Administrator
Guide
Updated: November 2012
Proprietary and Confidential
Email Protection Administrator Guide
RESTRICTION ON USE, PUBLICATION,
OR DISCLOSURE OF PROPRIETARY
INFORMATION.
Copyright © 2012 McAfee, Inc.
This document contains information that is
proprietary and confidential to McAfee. No
part of this document may be reproduced,
stored in a retrieval system, or transmitted, in
any form or by any means (electronic,
mechanical, photocopying, recording, or otherwise) without prior written permission
from McAfee. All copies of this document
are the sole property of McAfee and must be
returned promptly upon request.
McAfee, Inc.
9781 South Meridian Blvd., Suite 400
Englewood, CO 80112 USA
Direct +1 720-895-5700
Fax +1 720-895-5757
November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission 2
Email Protection Administrator Guide
Contents
Overview..................................................................................................................... 1
Differences in Administration for Service Providers ............................................ 1
Account Management Necessary for Email Protection ........................................ 1
MX Record Validation ...........................................................................................2
Alias Domain Names ............................................................................................2
Auto-creation of Users .............................................................................................2
Email Filtering Policies ............................................................................................ 2
Types of Inbound Email Filtering ..........................................................................3
Types of Outbound Email Filtering ....................................................................... 8
Configurable Actions for Filtered Email ................................................................8
User-level Policy Configurations ..........................................................................10
Quarantine ...............................................................................................................10
Customizing the Interface ......................................................................................11
Licensed Branding ..............................................................................................11
Language Localization ........................................................................................12
Outbound Disclaimer ..........................................................................................12
Notifications ........................................................................................................ 13
Monitoring and Reporting ......................................................................................13
Optional Utilities ..................................................................................................... 13
Spam Control for Outlook® ............................................................................... 13
Disaster Recovery Services ...................................................................................14
Fail Safe ............................................................................................................. 14
Email Continuity ..................................................................................................14
Access Email Protection Administration 15
November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission iii
Email Protection Administrator Guide
Who Can Access Email Protection Administration windows ............................. 15
Other Documents You Might Need .......................................................................19
Email Protection Documents ..............................................................................19
Web Protection Service Documents ................................................................... 20
Message Archiving Documents ..........................................................................20
User Guides ........................................................................................................20
Ensure You Can Receive Email from Your Service Provider .............................20
Log on to the Control Console ..............................................................................20
Reset Your Password from the log on window ................................................... 21
Check the Status of Email Protection on the Overview 25
Set up Your Servers 29
Confirm Your Inbound Servers Setup .................................................................29
Set up Additional Inbound Servers .......................................................................29
Delete an Inbound Server ...................................................................................30
Add IP Address of Outbound Server, If Necessary .............................................31
Delete an Outbound Server ................................................................................32
Set up a Smart Host (If Outbound Mail Defense is Turned on) .......................... 32
Add an Outbound Email Disclaimer ....................................................................32
Redirect Your MX Records .................................................................................... 33
Check Your MX Record ..........................................................................................34
Set up User Creation Mode — SMTP Discovery or Explicit ................................36
Customize Inbound Mail Filters 39
November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission iv
Email Protection Administrator Guide
Enterprise or Service Provider Customer ............................................................ 39
Create a Custom Policy (Enterprise Customer Only) ..........................................41
Configure a Virus Filter ..........................................................................................43
Set Email Protection to Notify Users about Emails with Viruses ........................44
Configure a Spam Filter .........................................................................................45
Define the Action to Take on Spam ....................................................................46
Define Additional Words That Indicate Spam .....................................................47
Set up Spam Quarantine Reports ......................................................................50
Configure a Content Filter .....................................................................................53
Turn Off a Default Content Filter ........................................................................55
Custom Content Group .......................................................................................56
Notify Users about Spam Content ......................................................................57
Configure a Filter for HTML, Java Script, ActiveX, and Spam Beacons .............58
Configure Web Hyperlink Filters (ClickProtect) .................................................. 60
Define an Attachment Filter ...................................................................................62
Filter by Attachment File Types ......................................................................... 62
Filter by Attachment File Name ..........................................................................65
Filter Zip File Attachments ..................................................................................66
Notify Users about Attachment Violations ..........................................................67
Allow or Deny Email to or from Specific Addresses ...........................................68
Allow Email from a Specific Address .................................................................. 69
Deny Email from a Specific Address ................................................................. 70
Deny Email to a Specific Recipient ....................................................................72
Save a Copy of an Allow, Deny, or Recipient Shield List ...................................73
Add Allow, Deny, or Recipient Shield Addresses with a Batch File .................... 73
Email Authentication ..............................................................................................73
Transport Layer Security ....................................................................................73
Enforced SPF ..................................................................................................... 75
Define the Format and Text of Notifications to Users .........................................80
Variables within a Notification .............................................................................80
Define the Format and Text of Virus Notifications ..............................................81
Define the Format and Text of Content Violation Notifications ...........................83
November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission v
Email Protection Administrator Guide
Define the Format and Text of Attachment Violation Notifications ..................... 84
Email Authentication ...........................................................................................85
Disaster Recovery .................................................................................................. 87
Assign a Group to the Custom Policy .................................................................. 88
Customize Outbound Mail Filters 89
Create a Custom Outbound Policy .......................................................................89
Configure a Virus Filter ..........................................................................................90
Configure a Content Filter .....................................................................................90
Email Encryption for Content Groups .................................................................91
Define an Attachment Filter ...................................................................................92
Define the Format and Text of Notifications to Users .........................................92
Assign a Group to the Custom Policy .................................................................. 92
Managing Quarantine Reports 93
Set up Quarantine Reports .................................................................................... 93
Monitor Users’ Quarantined Email ........................................................................93
Primary Email Addresses, Aliases, and Public Domain Addresses ....................94
Search for Quarantined Email ............................................................................ 94
Interpret the Search Results ...............................................................................95
Sort the Search Results ......................................................................................96
Delete Quarantined Messages ...........................................................................97
Release Quarantined Messages ........................................................................97
View Quarantines Messages ..............................................................................97
Monitor Your Own Quarantine ............................................................................99
Set up Disaster Recovery Services 101
Administer Disaster Recovery Services .............................................................101
Set up Spooling for Disaster Recovery ............................................................. 101
Set up Notifications of Disaster Recovery ........................................................102
User-Level Policy Configuration 103
System Reports 105
November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission vi
Email Protection Administrator Guide
Email Protection Reports .....................................................................................105
View an Email Protection Report ........................................................................106
Traffic Overview ................................................................................................107
Traffic: Enforced TLS Report ............................................................................109
Traffic: Encryption ................................................................................................110
Threats: Overview ............................................................................................111
Threats: Viruses ............................................................................................... 113
Threats: Spam ....................................................................................................... 115
Threats: Content ...................................................................................................117
Threats: Attachments ...........................................................................................119
Enforced TLS: Details .......................................................................................... 121
Enforced SPF Report ............................................................................................122
ClickProtect: Overview .........................................................................................123
ClickProtect: Click Log ........................................................................................ 125
Quarantine: Release Overview ............................................................................126
Quarantine: Release Log .....................................................................................128
View Details of Log Items ....................................................................................130
User Activity ..........................................................................................................131
Event Log .............................................................................................................. 133
Audit Trail .............................................................................................................. 134
Inbound Server Connections ...............................................................................135
Disaster Recovery: Overview ..............................................................................137
Disaster Recovery: Event Log .............................................................................138
November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission vii
Email Protection Administrator Guide
Administer MSP Connector ................................................................................. 139
Configure the MSP Connection ........................................................................139
Add Domains to the MSP Connection .............................................................. 141
Turn on Exception Notifications for the MSP Connection .................................142
View an MSP Connector Audit Report .............................................................143
Administer Performance Reports .......................................................................147
Performance Report Descriptions ....................................................................148
Tips and Frequently Asked Questions 153
FAQs ................................................................................................................153
Tips/Techniques ............................................................................................... 159
November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission viii
Email Protection Administrator Guide Differences in Administration for Service
1. Overview
McAfee® Saas Email Protection provides security services that safeguard corporations
from unsolicited spam email (junk mail), viruses, worms, and unwanted content at the
network perimeter before they can enter the internal network.
Multiple layers of McAfee Saas Email Protection provide secure and complete email
filtering to protect your users. You can enable or disable specific layers by changing the
licensed packages of features and/or through configuring the specific email policies in the
Control Console, the comprehensive graphical interface into McAfee Saas Email
Protection.
This document describes the tasks necessary to configure and maintain your McAfee Saas
Email Protection.
Differences in Administration for
Service Providers
This document is for use by Enterprise customers only. Service Provider customers do not
administer groups for Email Protection and therefore, do not assign groups to email
filtering policies. Instead, Service Provider customers assign policies directly to domains.
The capabilities for managing policies and groups, as described in this document, apply
only to Enterprise customers.
Account Management Necessary for
Email Protection
Account Management is a set of administrative windows you use to configure and manage
the entities that use or are affected by Email Protection (Email Protection), as well as the
Web Protection Service (WDS) and Message Archiving products. These entities include:
• Domains
•Users
• Other administrators, including other Customer Administrators, Domain
Administrators, Quarantine Managers, and Reports Managers
In addition, for Email Protection only, you use Account Management to administer groups
of users that share a common email filtering policy.
For more information, see Account Management Administrator Guide.
November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission 1
Auto-creation of Users Email Protection Administrator Guide
MX Record Validation
You can validate that the MX Records that are configured for your domain are properly
redirected by entering the specific DNS and/or IP address for your MTA server. The
Control Console displays the MX Record configuration as reported by the authoritative
DNS server.
See Check Your MX Record.
Alias Domain Names
You can configure alias domain names that act as virtual domains using the configurations
and email addresses defined in the primary Domain name. Email addresses are created
automatically for alias domains (for example, jsmith@yourcompanyalias.com is
automatically created for jsmith@yourcompany.com), allowing the single user to receive
email for both addresses.
For more information, see Account Management Administrator Guide.
Auto-creation of Users
The Email Protection automatically creates new user accounts if all the following is true:
• SMTP Discovery is enabled. SMTP Discovery, which is enabled by default, is a
convenient way to add users to your service. However, this capability might also add
users who are not real users at your company and not add users who are real.
• SMTP discovery creates users that receive eight valid emails within a 24 hour period.
• A user account does not exist for the email address in the designated Domain.
• The emails were not addressed to an alias domain name.
For more information, see Set up User Creation Mode — SMTP Discovery or Explicit.
Email Filtering Policies
Email Protection has default inbound and outbound mail filters to block and clean
malicious email and to quarantine email that might be malicious. The filters are
configured by using policies, which are the parameters for the filters default policies are
automatically assigned to each of your domains.
You can customize the default inbound policy for any and each domain, or any and each
group, to fit your business Email Protection.
For more information, see Customize Inbound Mail Filters.
2 Proprietary: Not for use or disclosure outside McAfee without written permission. November 2012
Email Protection Administrator Guide Email Filtering Policies
Types of Inbound Email Filtering
Email Protection can filter both inbound and outbound email. Inbound filtering that is
available to be configured is as follows:
• Anti-Spam Filtering
• Real-time Blackhole List
• Anti-Virus Filter
• Content Filtering and ClickProtect
• Attachment Filtering
• Multi-Level Allow and Deny Lists
Anti-Spam Filtering
Spam is usually defined as unsolicited (and usually unwanted) and commercial email sent
to a large number of addresses. However, what one recipient may consider as spam,
another recipient would consider as legitimate email.
In addition, spam has become a tool of hackers and electronic terrorists who deliberately
attempt to gather proprietary information from computer systems and/or attempt to cause
harm to a company’s email system. Typically, these types of spammers deliberately use
naming standards, hijacked From: addresses, scrambled content, etc., to bypass spam
filters such as blacklists and keyword lists.
Using Stacked Classification Framework®, Email Protection provides the most
comprehensive and effective spam-blocking product on the market today—blocking 98%
of spam and providing an industry-leading low false positive rate (legitimate email
marked as spam).
The Stacked Classification Framework aggregates the most effective spam filters and
techniques in the industry into a spam likelihood. As appropriate, email is assigned a high
or medium likelihood of being spam. A separate email action can be assigned to each
likelihood.
The spam classification techniques include the following:
Spam FilterType Description
IP Reputation
Connection Manager
Bayesian Statistical
Filtering
This filter operates at the front of the Stacked Classification
Framework. It rates the reputation of every incoming email, based
on IP reputation data collected by your Email Protection provider
on an on-going basis. Connections are dropped for all messages
which originate from IP addresses that are determined to carry a
reputation for sending spam.
Statistical algorithms built by your Email Protection provider
identify and quantify the possibility that an email is spam based on
how often elements in that email have appeared in identified spam
emails.
November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission 3
Email Filtering Policies Email Protection Administrator Guide
Spam FilterType Description
Industry Heuristics Email Protection incorporates thousands of successful industry-
wide spam-fighting rules to recognize characteristics of spam.
Proprietary Heuristics Email Protection experts write and update thousands of proprietary
rules to block spam, including fraudulent phishing spam, using
real-time data from your service provider’s Threat Center.
URL Filtering URL filtering works by comparing embedded links found in emails
with URLs associated with identified spam.
Reputation Analysis Email Protection constantly monitors inbound email to build a list
of IP addresses and domain names to rate the reputation of the
sender based upon the percentage of spam emails received from
that address in the past.
Reputation-Based RBL
Filtering
Sender Policy
Framework (SPF)
Using up to 31 real-time blackhole lists (RBLs) of known
spammers provided by the industry, Email Protection creates a
single RBL indicator to help gauge the likelihood of an email being
sent by a known spammer. By using multiple black lists to create a
single vote and by rating the reputation of each RBL based on its
accuracy at distinguishing spammers from senders of legitimate
email helps to minimize the possibility of a non-spammer being
blocked by mistake.
The SPF classifier helps identify and block fraudulent spoofing
emails – those sent by spammers with forged “From” addresses –
from entering your email network. For each inbound email, the SPF
classifier will look up the sending domain’s Domain Naming
System (DNS) record and its list of authorized IP addresses.
Emails that carry an IP address not found on the authorized list will
be included within the Stacked Framework Classification System
for the detection of spam. By determining whether or not the
relationship between the DNS record and the IP address is
legitimate, Email Protection is able to more accurately filter out
fraudulent spoofed emails. As a result, Email Protection reduces
risk for users who might be duped by the email into divulging
confidential personal information.
Real-time Blackhole List
The Real-time Blackhole List (RBL) is a system for creating intentional network outages
(blackholes) for the purpose of limiting the transport of known-to-be-unwanted mass
email. The RBL is a database of IP addresses that are reported to be spam sources.
4 Proprietary: Not for use or disclosure outside McAfee without written permission. November 2012
Email Protection Administrator Guide Email Filtering Policies
Anti-Virus Filter
Email Protection provides highly effective, organization-wide virus and worm protection.
By identifying viruses and worms at your network perimeter—before they enter or leave
your messaging infrastructure— Email Protection minimizes outbreak and infection risks
to your enterprise messaging infrastructure. You can configure whether infected emails are
quarantined, denied, or stripped of infection.
• Provides maximum protection using multiple, industry-leading anti-virus engines to
allow Email Protection to customize the protection to meet the latest threats.
• Virus definition updates every 5 minutes provide up-to-the-minute defense against the
latest threats.
• Provides safe, external virus scanning and quarantine management for protection
against viruses before they reach your network. Protects your users, networks, and
data from harm
Content Filtering and ClickProtect
Email Protection protects your organization and reduces liability and risk by automatically
identifying unwanted and malicious content before it enters or leaves your network.
You can enable any of the following types of content filtering:
Content Filter Type Description
Predefined Content
Keyword Groups
Customized Content
Keyword Groups
Multiple Levels of
HTML Filtering
Graphic Image
Replacement
You can enable or disable predefined content keyword groups
provided by Email Protection:
•Profanity
• Sexual Overtones
• Racially Insensitive
You can define customized content keyword groups containing
terms and phrases to satisfy the business and security Email
Protection of your organization.
You can designate the level of HTML filtering to be used (low,
medium, or high), with predefined actions for each level.
Depending on the level, malicious HTML tags and scripting
options embedded in email are stripped.
You can enable or disable the automatic replacement of images
with a transparent 1x1 pixel GIF within HTML emails.
November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission 5
Email Filtering Policies Email Protection Administrator Guide
Content Filter Type Description
Stripping of Spam
Beacons or
Web bugs
Spam beacons and web bugs are typically transparent, 1x1 pixel
graphics embedded in HTML content that send information about
your system to the source (usually a URL) of the spam beacon or
web bug. Typically, web bugs are used on Web sites to monitor
surfing behavior, but now spammers are hiding them in their mass
mailings as spam beacons. If the graphic is not removed before an
email is opened, the spam beacon sends a signal back to the
spammer’s URL that lets the spammer know whether the email
was opened and if the recipient’s email address is valid. If the
spammer gets this signal, the recipient is marked as a valid email
address and is guaranteed to receive more spam in the future.
You can enable or disable the auto
matic stripping of spam beacons
or Web bugs within HTML emails.
Disabling hyperlinks
within email
ClickProtect
with
SM
ClickProtect allows you to monitor and disable or enable whether
Web hyperlinks received in emails can be clicked and followed by
the user. With multiple levels of ClickProtect policy control,
Administrators can customize the desired level of protection. This
feature supports blocking phishing sites and accidental downloads
of viruses and worms.
Attachment Filtering
Email Protection provides you the ability to control the types and sizes of allowed
attachments entering your email network. You can control attachment filtering using any
of the following:
Attachment Filter
Type
Attachment Filtering
File Type
by
Attachment Filtering
Size
by
Custom Attachment
Rules by
Filename
Filtering for Files
ained within a Zip
Cont
File Attachment
Encrypted or “High
Risk” Zip
File
Attachment Rules
Description
You can enable or disable filtering of attachments by file type. File
type is determined using the file extension, MIME content type,
and binary composition.
You can designate a maximum allowed size for each enabled
attachment type.
You can configure custom rules using filenames that override the
global settings for an attachment file type. You can designate that
the rule use the entire filename or any part of the filename.
You can configure custom rules to cause Email Protection to
analyze the files within a zip file attachment, if possible, to
determine if a file in the zip file violates attachment policies. If the
zip file cannot be analyzed, you can designate the email action to
be applied.
You can configure custom rules for emails with encrypted zip files
and/or zip files that are considered high risk (too large, too many
nested levels, etc.).
6 Proprietary: Not for use or disclosure outside McAfee without written permission. November 2012
Email Protection Administrator Guide Email Filtering Policies
Multi-Level Allow and Deny Lists
Email Protection allows you to define lists of emails that will always be denied (blacklists)
or will always be accepted (whitelists) at multiple levels. In addition, you can enable thirdparty Real-time Blackhole List to be used to filter unwanted emails.
The administrator-level lists override the user-level lists in a top-down manner: global lists
first, policy set lists next, and lastly user-level lists. For example, if the same address is
added to a user-level Allow list and the policy set Deny list, the address is always denied.
At the same level, the Allow list overrides the Deny list. For example, if you designate a
range of email addresses (for example, by designating an entire domain) in the Deny list,
but then designate a single email address from that domain in the Allow list, the email
from that single address will be always accepted while the email from any other address in
the domain in the Deny list will be always denied.
The same address string cannot be added multiple times in the same list or added to both
the Allow and Deny lists.
Be aware that emails that have been quarantined by Email Protection may not need to be
added to Deny lists because they are already being blocked from entering your email
network.
Following are the types of Allow and Deny lists that are available in Email Protection:
Allow/Deny List
Type
Global Deny List If your Email Protection provider determines that a Sending
SMTP has sent too many invalid incoming emails within a
specified time period, it will add the IP address for that Sending
SMTP to a Global Deny List for a designated time period (default
is 2 hours). During the denial period, all emails received from that
Sending SMTP will be automatically denied. This process helps to
protect against dictionary harvest and Denial of Service attacks.
This process can be disabled at the system level.
Policy set-level
Sender Deny Lists
and Sender Allow
Lists
Sender Deny lists indicate sender addresses from which email is
denied automatically. Sender Allow lists indicate sender addresses
from which email is allowed without spam, content, or attachment
filtering (virus filtering is always enabled unless specifically
disabled).
You can designate a single email address, entire domains or IPs, or
use wildcards to designate ranges of addresses. Optionally, you
can save these lists to a spreadsheet file.
Each policy set affects the email filtering for all user accounts in
the groups that are subscribed to that policy set.
Description
November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission 7
Email Filtering Policies Email Protection Administrator Guide
Allow/Deny List
pe
Ty
User-level Deny Lists
and Allow Lists
Recipient Shield List You can define a list of recipient em
Maintained by you and/or the user, Deny lists indicate sender
addresses from which email is denied automatically. Allow lists
indicate sender addresses from which email is allowed without
spam filtering (all other enabled filtering will be applied).
You can designate a single email address, entire domains or IPs, or
se wildcards to designate ranges of addresses. Optionally, you
u
can save these lists to a spreadsheet file.
These lists affect only the emails received for the designated user
account
want to specify special email actions (for example, you want to
deny all emails for a user who is an ex-employee). You can also
specify the email action to take if the recipient email address is
invalid in your system (permfailed by your email server as an
invalid recipient).
and its alias addresses (user-level lists).
Description
ail addresses for which you
Types of Outbound Email Filtering
You can add outbound filtering to each package, helping to ensure the safety and
appropriateness of information being sent from your corporate email system to valued
customers or business partners.
Filter Type Description
Content
Filtering
Attachment
Filtering
Virus
canning
S
This feature automatically prevents inappropriate,
confidential content from leaving your corporate email system,
allowing you to monitor and enforce your corporate email
policies.
Outbound attachments can be filtered by size, by MIME content
type, or by
policies.
Outbound virus scanning stops viruses and worms from leaving
your corporate email system, preventing your enterprise from
being the source of email-borne viruses to customers, suppliers,
and partners.
binary content, according to your corporate email
malicious, or
Configurable Actions for Filtered Email
In Email Protection, email filtering policies control how emails are filtered within a
specific Domain and how Email Protection will respond during email filtering and
reporting. Depending on the feature package that is licensed for a domain, specific email
filters will be available to be enabled and configured. Also, depending on the enabled
email filter, various actions must be configured that define how Email Protection will
respond if an email violates the specific filter policy.
8 Proprietary: Not for use or disclosure outside McAfee without written permission. November 2012
Email Protection Administrator Guide Email Filtering Policies
Based on the defined policy configuration, each email that violated the specified policy
can have any of the following actions taken, depending on the type of policy:
Action Description
Quarantine The email is added to the respective quara
ntine area and is not sent to
the recipient email address. If the email violated a spam policy, the
email is reported in the user’s Spam Quarantine Report.
Tag The subject line of the email has a descri
ptive phrase (for example,
“[SPAM]”) added to the beginning of the subject text and the email is
sent to the recipient email address.
Deny Delivery The email is blocked automatically. Depending on the sending system’s
nfiguration, the email sender may or may not be notified with a 5xx
co
Deny email.
Do Nothing or Allow
elivery
D
The email is forwarded to the recipient email address with no
processing applied. The values in the reports and the
Overview
window will be incremented for the relevant email policy to indicate
that an email did trigger the specific policy.
Silent Copy A copy of the email is forwarded to a list of designated email address
es
with no notification to the sender or recipient.
Strip Attachment If the email had an attachment that vi
olated configured policies, this
action causes that attachment to be removed from the email and the
email is be sent to the recipient email address. Text is inserted into the
email notifying the recipient that an attachment has been stripped. Only
the attachment that violated the policy is stripped.
Clean If the email had an attachment that
contained a virus or worm, this
action attempts to remove the virus or worm and preserve the
attachment. If the clean is successful, text is inserted into the email
notifying the recipient that an attachment had contained a virus and
was cleaned. If this action is selected, a second fall-back action also
must be designated in case the Clean action fails. This action is specific
to the virus filtering policies.
Custom X-Header If the email was determined to have a high or medium likelihood of
Disable Filter A non-administrator user cannot disable virus filtering if it is licensed
November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission 9
spam, you can configure that a custom X-header be inserted into
being
the email. This X-header can be used by your email servers to perform
additional actions within your network, such as redirecting the email.
Each spam likelihood can have a different custom X-header. This
action is specific to the spam filtering policies.
and enabled
for a specific Domain or policy set. Only Administrators
can enable or disable virus filtering for a specific Domain or policy set.
You can designate that Email Protection first attempts to remove the
from an infected attachment, and if the clean fails, perform
virus
another action. You can designate that only the infected attachment is
stripped. and the remaining email contents and attachments are sent to
the recipient.
User-level Policy Configurations Email Protection Administrator Guide
Notifications for Filtered Email
You can enable or disable email notifications to the sender and/or recipient email
addresses of email that was filtered because of virus, content keywords, or attachment.
For more information, see one of the following:
• Set Email Protection to Notify Users about Emails with Viruses
• Notify Users about Spam Content
• Notify Users about Attachment Violations
User-level Policy Configurations
By default, policy configurations are defined for each domain and group. All emails
received for all user accounts within a domain or group are processed using the same
policy configurations.
Optionally, user-level policy configurations can be defined for individual users that
override the Domain/Group policies. Thus, if there is a conflict between a user-level
policy and any of the other types of policy configurations, the user-level policy setting will
be used. These user-level policy configurations allow customization of email actions for
each user.
User-level policies are confined to the following policies:
• Enable or disable email processing for spam, virus, content keyword, attachments,
and/or HTML content.
• Specify actions to take for emails if they are determined to have a high or medium
likelihood of being spam.
• Configure the spam quarantine reporting
To manage the policy for an individual user, see User-Level Policy Configuration.
To establish user control of policies, see Set up Spam Quarantine Reports.
User also can have some control over their policies.
Quarantine
Email Protection provides multiple quarantine areas with different security accesses to
store and support review of suspect email outside of your email network.
Emails that violate configured policies and that have the Quarantine action applied are
sorted into multiple quarantines to ease email management and support security levels:
• Spam Quarantined Messages – Accessible to all users, with users with role of User or
Reports Manager allowed to access only their own personal spam quarantine
10 Proprietary: Not for use or disclosure outside McAfee without written permission. November 2012
Email Protection Administrator Guide Customizing the Interface
• Virus Quarantined Messages – Accessible to only Administrators and Quarantine
Managers
• Attachment Quarantined Messages – Accessible to only Administrators and
Quarantine Managers
• Content Keyword Quarantined Messages – Accessible to only Administrators and
Quarantine Managers
Within each quarantine, you can do any of the following:
• Delete selected emails or all emails
• Release selected emails or all emails for delivery to the recipient
• View selected email in a Safe View window
• Add the sender email addresses to the recipients’ user-level Allow list and release the
emails (available only for quarantined spam emails)
Emailed Reports of Quarantined Spam Emails
Optionally, emails are sent to users to indicate that spam emails that have been
quarantined, using either of the following types of emails:
• Spam Quarantine Report
Spam Quarantine Reports are HTML-based email notifications of quarantined spam
emails that sent to users. Multiple links in the Reports allow management of
quarantined spam email based on policy set-level and user-level configurable control
settings. When the user clicks a link, the designated action is performed and the user is
automatically logged into the Control Console.
• Spam Quarantine Summary
Spam Quarantine Summaries are optional text-based email notifications of
quarantined spam email sent to users, to support email applications that are not
HTML-compatible. The user clicks the link provided in the email and is automatically
logged into the Control Console. Once logged in, the user can navigate to the relevant
window to manage the spam quarantine and modify personal settings.
Customizing the Interface
Licensed Branding
There are multiple branding levels that control the appearance and URL addresses used
within the Control Console and Spam Quarantine Reports and Summaries:
• Standard – Branding uses images and addresses provided by your service provider.
• Private – You control the images and addresses.
• Cobrand – Branding uses images provided by you and your service provider., and
addresses provided by you.
• White Label – Branding uses no identifying images and uses addresses provided by
you.
November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission 11
Customizing the Interface Email Protection Administrator Guide
Branding levels other than Standard must be licensed separately.
For more information, see Rebrand Your User Interface in Account Management
Administrator Guide.
Language Localization
Within the Control Console, windows and features available to the non-administrative
user (whose role is User) can be provided in translated form supporting multiple
languages. When the user logs in via the log on window, he or she can select the desired
language in the Language field. Thereafter, all spam quarantine reporting emails and
window and field labels will be provided in the designated language.
The following languages are supported:
• Brazilian Portuguese
• Chinese Simplified
• Chinese Traditional
•Danish
•Dutch
• English
•Finnish
•French
•German
• Italian
• Japanese
• Korean
• Norwegian
• Portuguese
• Russian
• Spanish
•Swedish
•Turkish
This feature is available only to non-administrative user accounts. This feature must be
enabled at the system level to be available.
As a Customer Administrator, you can set the language for a user on the user’s Preferences
window. See Set User Display Preferences, Including Your Own in Account Management
Administrator Guide.
Outbound Disclaimer
You can define text that will be appended to the email content to support liability or legal
requirements for your organization. Every email that was sent from your organization to
Email Protection for email filtering will have the designated text added to the end of the
email content. This feature requires that outbound filtering be licensed.
12 Proprietary: Not for use or disclosure outside McAfee without written permission. November 2012
Email Protection Administrator Guide Monitoring and Reporting
See Add an Outbound Email Disclaimer.
Notifications
You can customize the content of the notification email for each combination of the type
of filter and each type of email action (quarantine, deny, or strip).
See Define the Format and Text of Notifications to Users.
Monitoring and Reporting
Email Protection provides near-real-time monitoring for most reports of system usage,
email filtering, etc., for the designated Domain and date or date range. Report data is
available to be downloaded to Microsoft Excel spreadsheet file (*.csv).
There are multiple reports available for viewing in the Control Console:
For more information, see System Reports.
Optional Utilities
Your service provider provides additional, free tools that provide additional support for
your email network.
Spam Control for Outlook®
If you receive email that you feel should have been filtered as spam, you can use the Spam
®
Control for Outlook
packages the email data, forwards it to your service provider’s Threat Center, and then
deletes it from your Microsoft Outlook mailbox. This utility only works for the Outlook
mail client.
You can download this utility at the following location:
http://www.mxlogic.com/services/spam_blocking/spam_control.html
plug-in. The Spam Control for Outlook plug-in automatically
November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission 13
Disaster Recovery Services Email Protection Administrator Guide
Disaster Recovery Services
Fail Safe
The Fail Safe Disaster Recovery Service provides protection against lost emails in the case
when your inbound email server (a.k.a. Customer MTA server) may be unavailable to
receive email. If you have multiple inbound servers configured in Email Protection, all of
these servers must be unavailable before Fail Safe is invoked.
When your inbound servers becomes unavailable, Fail Safe begins spooling email, which
means Fail Safe stores your emails in a temporary location until your inbound server
becomes available. Once any of your inbound servers become available, Fail Safe begins
unspooling the emails. That is, Fail Safe restores these stored emails to the inbound server
using the first in, first out order.
The messages Fail Safe stores are not available until the messages have been unspooled.
Fail Safe has an unlimited amount of storage capacity but removes messages that have
been in Fail Safe storage for more than 5 days.
For more information, see Administer Disaster Recovery Services.
Email Continuity
Email Continuity saves messages for later delivery if your mail server becomes
unavailable. When your mail server becomes available, Email Continuity delivers the
messages. Users can access their messages through a Web-based interface while messages
are in Email Continuity only.
Email Continuity also has unlimited storage capacity and removes messages that have
been in Email Continuity storage for more than 60 days.
For more information, see Administer Disaster Recovery Services.
14 Proprietary: Not for use or disclosure outside McAfee without written permission. November 2012
Email Protection Administrator Guide Who Can Access Email Protection Admin-
2. Access Email Protection
Administration
As a customer of Email Protection, you can have administrators who access the Control
Console with different levels of privileges within Account Management and Email
Protection.
Who Can Access Email Protection
Administration windows
The levels of administrative users you can add are as follows:
Administrative level Description
Reports Manager The Reports Manager can view, for an assigned domain, reports
available with Email Protection. The Reports Manager can also
manage his or her own user preferences and all other tasks a user
can perform.
Group Administrator The Group Administrator can add and remove members from one
re groups if assigned to those groups. A Group Administrator
or mo
can also create, edit, and modify Email Protection policies for the
assigned groups. Finally, a Group Administrator can view user lists
and user details. A Group Administrator does not need to be a
member of a group in order to have these capabilities.
Note: A Group
edit user information
Quarantine Manager The Quarantine Manager, for an assigned domain, can manage the
same areas as
domain, all users’ Quarantine for spam and other problematic
messages, only if Email Protection is enabled.
Domain Administrator The Domain Administrator, for an assigned domain, can manage
same areas as a Quarantine Manager, plus manage server setup
the
and authentication rules for the domain.
Customer Administrator The Customer Administrator can manage
customer’s Account Management for all domains.
Group Adsministrator The Group Administrator can, within the Group Administrator’s
assigned
groups if assigned to those groups. A Group Administrator can also
create and modify Email Protection policies for the assigned
groups. A Group Administrator does not need to be a member of a
group in order to have these capabilities.
Administrator cannot add or remove a group nor
a Report Manager, plus manage, for the assigned
all aspects of the
domain, add and remove members from one or more
November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission 15
Who Can Access Email Protection Administration windows Email Protection Administrator Guide
The following figure summarizes the levels of administrators, plus users, in an
Email Protection configuration.
Table 1: Email Protection Window Access Privileges
Window Access Feature
Enablement
Required
Overview No Ye s Ye s No No
Policies tab
Policy Sets No Ye s No No Ye s
Anti-virus: Action No Ye s No No Ye s
Anti-virus:
N
otifications
Anti-SPAM:
Classification
Anti-SPAM:
ent Groups
Cont
Anti-SPAM:
orting
Rep
No Ye s No No Ye s
No Ye s No No Ye s
No Ye s No No Ye s
No Ye s No No Ye s
Customer
Administrator
Domain
Administrator
Quarantine
Manager
Admnistrator
Group
Content: Content
oups
Gr
16 Proprietary: Not for use or disclosure outside McAfee without written permission. November 2012
No Ye s No No Ye s
Email Protection Administrator Guide Who Can Access Email Protection Admin-
Window Access Feature
Enablement
Required
Content: Custom
Content Groups
Content:
Notifications
Content: HTML
Shield
Content: Click
Protect
Attachments: File
Types
Attachments: File
Name Policies
Attachments:
Additional Policies
Attachments:
Additional
Notifications
No Ye s No No Ye s
No Ye s No No Ye s
No Ye s No No Ye s
No Ye s No No Ye s
No Ye s No No Ye s
No Ye s No No Ye s
No Ye s No No Ye s
Customer
Administrator
Ye s No No Ye s
Domain
Administrator
Quarantine
Manager
Admnistrator
Group
Allow/Deny:
Sender Allow
Allow/Deny:
Sender Deny
Allow/Deny:
Recipient Shield
Enforced TLS:
Actions
Enforced TLS:
Notifications
Notifications:
Content
Notifications:
Attachment
Group
Subscriptions
Disaster Recovery Ye s No No Ye s
Quarantine Tab No Ye s Ye s Yes No
No Ye s No No Ye s
No Ye s No No Ye s
No Ye s No No Ye s
No Ye s No No Ye s
No Ye s No No Ye s
No Ye s No No Ye s
No Ye s No No Ye s
No Ye s No No Ye s
SetupTab No
November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission 17
Who Can Access Email Protection Administration windows Email Protection Administrator Guide
Window Access Feature
Enablement
Required
Inbound Servers
Setup
Outbound Servers
Setup
Outbound
Disclaimer
Disaster Recovery
Setup
No Ye s Ye s No No
Ye s.
Depending on
your purchased
package, this
service might
need to be
enabled.
Ye s.
Depending on
your purchased
package, this
service might
need to be
enabled.
Yes. Either
FailSafe or
Email
Continuity
must be
enabled or
included in
your package.
Customer
Administrator
Ye s Ye s No No
Ye s Ye s No No
Ye s Ye s No No
Domain
Administrator
Quarantine
Manager
Admnistrator
Group
MX Records Setup No Yes Ye s No No
User Creation
Settings
Reports tab
Traffic Overview No Ye s Ye s Ye s No
Threats Overview No Ye s Ye s Ye s No
Threats: Viruses No Ye s Ye s Ye s No
Threats: Spam No Ye s Ye s Ye s No
Threats: Content No Ye s Ye s Ye s No
Threats:
Attachments
ClickProtect:Over
view
ClickProtect:
Click Log
No Ye s No No No
No Ye s Ye s Ye s No
No Ye s Ye s Ye s No
No Ye s Ye s Ye s No
18 Proprietary: Not for use or disclosure outside McAfee without written permission. November 2012
Email Protection Administrator Guide Other Documents You Might Need
Window Access Feature
Enablement
Customer
Administrator
Domain
Administrator
Quarantine
Manager
Admnistrator
Required
Quarantine:
Release Overview
Quarantine:
Release Log
User Activity No Ye s Ye s Ye s No
Event Log No Ye s Ye s Ye s No
Audit Trail No Ye s Ye s Yes No
Inbound Server
Connections
Disaster Recovery:
Overview
Disaster Recovery:
Event Log
No Ye s Ye s Ye s No
No Ye s Ye s Ye s No
No Ye s Ye s Ye s No
Yes. Either
FailSafe or
Email
Continuity
must be
enabled.
Yes. Either
FailSafe or
Email
Continuity
must be
enabled.
Ye s Ye s Ye s No
Ye s Ye s Ye s No
Group
Other Documents You Might Need
Account Management is a self-contained subset of windows you access on the Control
Console. You use it in conjunction with the administration windows for the previouslymentioned products. For information on administering these products, see the online help
in the Control Console or the documentation as listed below.
Email Protection Documents
• Email Protection Concepts Guide
• Email Protection Quick Start
• Intelligent Routing User Guide
• Email Continuity Administrator Quick Start Guide
November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission 19
Ensure You Can Receive Email from Your Service Provider Email Protection Administrator Guide
Web Protection Service Documents
• Web Protection Service Quick Start
• WDS Connector Installation Guide
Message Archiving Documents
• Message Archiving Administrator Guide
• Message Archiving Quick Setup Guide for Microsoft® Exchange® Server 2000
• Message Archiving Quick Setup Guide for Microsoft® Exchange® Server 2003
• Message Archiving Quick Setup Guide for Microsoft® Exchange® Server 2007
User Guides
In addition, a variety of guides for your users are available. These are:
• Email Protection User Guide
• Message Archiving User Guide
• Spam Control for Outlook
• Email Continuity User Quick Start Guide
Ensure You Can Receive Email from
Your Service Provider
If you had or still have a different email security or filtering service and your network is
administered so that you can receive email only from IP addresses associated with that
security service, you must administer your network to allow incoming email from the
Control Console servers. For example, a port in your company’s firewall may need to be
enabled to receive email from the IP addresses of the Control Console servers.
This enablement is necessary in order for you and your users to set the initial password for
access to the Control Console.
Log on to the Control Console
To manage your account, you must log on to the Control Console with the following steps.
Note: The first time you log on, you might need to create your password. If so, see Reset
Your Password from the log on window.
1 Open a browser on your computer and enter the URL for the Control Console.
20 Proprietary: Not for use or disclosure outside McAfee without written permission. November 2012
Email Protection Administrator Guide Log on to the Control Console
The URL should be identified in the Service Activation Guide you received from your
provisioner. If you don’t have the URL, contact your sales representative or Customer
Support.
2 At the Control Console log on window, enter your email address and password.
3 Click Sign in.
If you have not previously entered an answer to a security question, the Security
Question window pops up.
The answer to the security question is used is used to validate you, the user, if you
forget your password.
You can later change your security question and/or security answer on the Preferences
window of your user account. See Set User Display Preferences, Including Your Own
in Account Management Administrator Guide.
4 Select a security question and type the answer. Your answer is not case-sensitive.
Note: If
from a Spam Quarantine Report.
you also use the Email Protection, you can also log onto the Control Console
Reset Your Password from the log on
window
Note: This capability may not be available if the user authentication method is set to
LDAP, POP3, or IMAP or if the ability to change passwords has been disabled at the
system level.
If you forget your password or want to rese
1 On the log on window, click the
The following window is displayed.
t it, perform the following steps:
Forgot your password or need to create a password? link.
2In the Username field, type your email address.
3 Do one of the following:
November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission 21
Log on to the Control Console Email Protection Administrator Guide
• If your email address is working and you are already receiving email, select
Email password information to me.
• If your email address is not working, select Email password information to my
Domain Contact.
Your Domain Contact might be your administrator or another person your
administrator defined for your domain within the Control Console. Check with
your administrator on who that person is.
4 Click Next.
If you selected the option for your email, your email application receives an email
momentarily with further instructions. Continue with Step 5.
If you selected the option to email a Domain Contact, that person receives an email
from which the person can reset your password. The person can also forward the
message to an alternative email address you might have. Contact that person for the
password, then try to log on again. You are finished with this procedure.
5 If you selected the option to email information to you, open the email in your email
application. The email subject line says Control Console Sign in Information.
The email is similar to the following:
6 Click the link in the email. The link is active for only a limited time after the email is
sent (typically, 60 minutes).
22 Proprietary: Not for use or disclosure outside McAfee without written permission. November 2012
Email Protection Administrator Guide Log on to the Control Console
7 If you previously had selected a security question, the security question is displayed.
If you had not previously selected a security question, select a question from the
Security Question drop-down menu.
8 Type the answer to the question in the Security Answer field.
9For the Security Question field, click Change if you need to change the security
question or answer. You must answer this question when you forget your password or
need to reset it.
The Security Question and Security Answer fields are displayed. Select a question
from the Security Question drop-down menu, then type an answer.
10 In the Password field, type a password. The password must comply with the
following rules:
• Length must be a minimum of 8 characters.
• Alphabetical, numeric, and special character types are allowed.
• There must be at least one character that differs in character type (alphabetical,
numeric, or special) from the majority of characters. Thus, if the password
contains mostly alphabetical characters, then at least one character must be either
a special character or numeric. For example, majordude is invalid, but
majordude9 is valid.
November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission 23
Log on to the Control Console Email Protection Administrator Guide
• Allowed special characters are:
left parenthesis ( ( ) ampersand ( & ) right bracket ( ] )
right parenthesis ( ) ) asterisk ( * ) colon ( : )
apostrophe ( `) hyphen ( - ) semicolon ( ; )
tilde ( ~ ) plus sign ( + ) double quotes ( " )
exclamation ( ! ) equals sign ( = ) single quotes ( ' )
@ bar ( | ) less than sign ( < )
hash ( # ) backslash ( \ ) greater than sign ( > )
dollar sign ( $ ) left curly bracket ( { ) period ( . )
percentage sign ( % ) right curly bracket ( }) question mark ( ? )
caret ( ^ ) left bracket ( [ )
• Spaces are not allowed.
• Passwords are case-sensitive (for example, Password, password, and PASSword
would be different passwords).
Make sure you can remember your password, but do not use obvious passwords (for
example, password, your name, or a family member’s name). Keep your password
safe and private.
11 Retype your password in the Confirm Password field.
12 Click Save.
24 Proprietary: Not for use or disclosure outside McAfee without written permission. November 2012
Email Protection Administrator Guide
3. Check the Status of Email
Protection on the Overview
The Overview window provides the following high-level information about the email
traffic to your domain over the previous 24 hours:
• Disaster recovery information
• News and update information
Customer Administrators will see the information for all the domains in the customer
where the role was defined. Domain Administrators will see the information for only the
domain where the role was defined.
1 Select Email Protection | Overview.
The Overview window is displayed with the initial view.
2 Click Display Statistics.
The Overview window is displayed with the complete view.
November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission 25
Email Protection Administrator Guide
The sections on the window provide the following information:
Section Description
Inbound 24-Hour Snap Shot Displays a 24-hour snapshot of inbound email
Messages
Avg Size – A
– Number of inbound messages processed
verage size of inbound messages, including
attachments
Bandwidth
Viruses – Num
Spam
– Average bandwidth used by inbound messages
ber of inbound emails that contained viruses
– Number of inbound emails that were potentially
spam
Quarantined
– Total number of inbound emails that were
quarantined for any reason, including spam, virus, etc.
26 Proprietary: Not for use or disclosure outside McAfee without written permission. November 2012
traffic:
Email Protection Administrator Guide
Section Description
Outbound 24-Hour Snap
Shot
Traffic (Last 24 Hours –
{timezone})
Policy Enforcement (Last 24
Hours – {timezone})
Displays a 24-hour snapshot of the domain’s or Customer’s
outbound email traffic:
Messages – Number of outbound messages processed
Avg Size – Average size of outbound messages, including
attachments
Bandwidth – Average bandwidth used by outbound
messages
Avg Size – Average size of outbound messages, including
attachments
Viruses – Number of outbound emails that contained viruses
Quarantined – Total number of outbound emails that were
quarantined for any reason, including viruses.
Displays a graph of traffic volume for the last 24 hours of the
designated time zone.
Optionally, select one of the graphic display type icons to
change the appearance of the graph.
Displays the percentage of messages that had the different
email actions applied (for example, stripped, blocked, tagged,
quarantined, cleaned, or normally delivered) over the past 24
hours of the designated time zone.
Optionally, select one of the graphic display type icons to
change the appearance of the graph.
Disaster Recovery Current
Status
Displays domains that are currently in Disaster Recovery. The
Email Protection is currently spooling the specified domain's
email
Disaster Recovery Activity
(Last 24 Hours)
Displays how many emails were spooled and unspooled by
Fail Safe for all domains in the indicated Customer during the
last 24 hours of the designated time zone.
Spooled Messages – Indicates the number of emails that were
spooled by Fail Safe in the last 24 hours and how much spool
storage was used by them.
Unspooled Messages – Indicates the number of emails that
were spooled by Fail Safe in the last 24 hours and how much
spool storage was used by them.
What’s New Displays a list of new information available about Email
Protection. Depending on the configuration, this section may
be blank or may contain different information.
News Displays any updates on current email threats and other
important email security news (links). Click the desired link
to view the complete information. Depending on the
configuration, this section may be blank or may contain
different information.
November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission 27
Email Protection Administrator Guide
28 Proprietary: Not for use or disclosure outside McAfee without written permission. November 2012
Email Protection Administrator Guide Confirm Your Inbound Servers Setup
4. Set up Your Servers
This section describes how to ensure your inbound and outbound servers are set up
correctly for Email Protection.
Confirm Your Inbound Servers Setup
Email Protection filters email destined for your inbound Simple Mail Transfer Protocol
(SMTP) email server or servers. Your provisioner should have already defined one or
more SMTP servers in the Control Console. To confirm that these servers are defined,
perform the following steps:
1 Click Email Protection | Setup.
2 From the domain drop-down menu on the Setup window, select the domain whose
SMTP server you want to check.
The SMTP Host Address field displays the domain name(s) or IP address(es) for the
domain’s SMTP server. In our example, domain denver.acme.com has an SMTP
server with a domain name of mail1.denver.acme.com.
The Inbound Servers Setup window is displayed.
3 Ensure the SMTP server listed are valid and correct.
4 Ensure that all other information on the window is correct, and select Save.
5 Repeat steps 2 through 4 for any other domains in your network.
Set up Additional Inbound Servers
You can configure additional inbound servers to receive inbound email from Email
Protection for the designated domain. All servers for a domain that receive inbound email
from Email Protection must be configured on the Inbound Servers Setup window.
November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission 29
Set up Additional Inbound Servers Email Protection Administrator Guide
Any server addresses designated here must be valid and available to connection from
Email Protection. After the Save Changes button is clicked, the Email Protection
immediately routes email to the active servers.
1 Click Email Protection | Setup.
2From the domain drop-down menu, select the domain whose SMTP server you want
to add.
3 Click Add New Host.
A new set of fields appears for the server
4In the SMTP Host Address field, type the fully qualified DNS or IP address of the
server host being configured. CIDR notation is not allowed.
If you do not have a registered and valid DNS name for your email servers, you must
enter the IP addresses of each server.
5In the Port field, type the port on the server to which the Email Protection will
connect. The default value is 25.
6In the Preference field, type the number indicating order of connection preference
between multiple servers. Email Protection attempts to connect first to the server with
the lowest preference number. If that server is not available (either down or too busy),
Email Protection tries the server with the next lowest preference number, and so on. If
multiple servers have the same preference number, Email Protection will randomly
route the email delivery between them.
7 Click the Active checkbox to allow the server is immediately start accepting email
traffic.
Caution: If all servers are set to inactive, all emails received for this domain will
be tempfailed.
8 Click Save.
Delete an Inbound Server
To delete an inbound server, perform the following steps:
1 Access the appropriate domain on the Inbound Server Setup window
2 Click the Delete checkbox next to the server you want to delete.
3 Click Save.
30 Proprietary: Not for use or disclosure outside McAfee without written permission. November 2012
Email Protection Administrator Guide Add IP Address of Outbound Server, If
Add IP Address of Outbound Server, If
Necessary
If your service includes Outbound Message filtering, you must identify one or more
outbound mail servers through which your users send outgoing mail. While your outbound
server might use a Domain Name Server (DNS) name within your network (for example,
lewisoutbound.acme.com), you identify the outbound sever within Email Protection with
an IP address (for example,
Inter-domain Routing (CIDR) address for a range of outbound servers (for example,
111.222.111.0/27) only. The address must be a public address.
Any server addresses designated here must be valid and available for a connection. After
the Save Changes button is clicked, Email Protection immediately accepts email traffic
from the active servers.
Note: If email is received from an outbound server that is not configured in the Email
Protection system, it will be refused. If no outbound package has been designated for the
selected domain, this window is unavailable.
1 Click Email Protection | Setup| Outbound Servers.
111.222.111.0). Alternatively, you can specify a Classless
The Outbound Server Setup window is displayed.
2 Click Add New Address, and add the address of the outbound server.
3 Click Save Changes.
4 Record the address listed under Recommended Smart Host Server Settings. You
should use this address to perform the next task,
Defense is Turned on).
Important: You or your network administrator should also do the following before or
immediately after adding your outbound server(s):
• Update Sender Policy Framework (SPF) records on your mail server(s) to ensure
only authorized sources are sending outbound email.
• Scan your network for open relays, viruses and malware.
• Refer to the Accepted Use Policy (AUP) at http://www.mxlogic.com/terms/aup/
index.cfm for information on bulk mail.
Set up a Smart Host (If Outbound Mail
November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission 31
Add IP Address of Outbound Server, If Necessary Email Protection Administrator Guide
Delete an Outbound Server
To delete an outbound server, perform the following steps:
1 Access the appropriate domain on the Outbound Server Setup window
2 Click the Delete checkbox next to the server you want to delete.
3 Click Save Changes.
Set up a Smart Host (If Outbound Mail
Defense is Turned on)
To ensure that your outbound email is filtered, you must designate, for each of your
outbound mail servers, an Email Protection server as your Smart Host. Your outbound
email is then relayed through Email Protection before continuing to its final destinations.
The outbound Smart Host address is listed at the bottom of the Outbound Server Setup
window, or you can refer to your Service Activation Guide for more details.
Note: This task is performed on your outbound email server or servers, on your network
router, or on some other server, depending on your network’s configuration.
Add an Outbound Email Disclaimer
You can create and assign text that will be appended to all outgoing emails that are filtered
by Email Protection for the designated domain. For example, you might want to specify
that the email sent from your company is the property of your company with all right
reserved.
Note: If no outbound package has been designated for the selected Domain, this window
is unavailable.
1 Click Email Protection | Setup | Outbound Servers.
32 Proprietary: Not for use or disclosure outside McAfee without written permission. November 2012
Email Protection Administrator Guide Redirect Your MX Records
The Outbound Server Setup window is displayed.
2 Click Display disclaimer in outbound email messages.
3In the Disclaimer Text field, type the text of the disclaimer. A maximum of 1000
characters is allowed.
4 Click Save.
Redirect Your MX Records
The Mail Exchange (MX) record for each of your mail servers is a specification within a
Domain Name Server (DNS Server) operated by your Internet Service Provider (ISP).
Each MX record specifies a host name and preference that determines where and how
your ISP routes your company’s email.
Your MX record or records at your ISP must be changed to fully-qualified domain names
(for example, denver.acme.com) within the Email Protection network. These changes
allow Email Protection to filter your email before it arrives at your company’s mail
servers.
Your Network Administrator or Domain Registrar is typically the individual responsible
for making these changes.
The information necessary for your company to make these changes is provided in your
Email Protection Activation Guide, which you receive when you first sign up for service.
November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission 33
Check Your MX Record Email Protection Administrator Guide
Check Your MX Record
Be aware that because of the nature of the Internet, it may take several days for your MX
record redirect to propagate to all the email servers that may be sending email to your
email server. During that time, your email server may still receive email directly from
those email servers until they are updated with your latest MX record information.
The MX Record Analysis window allows you to query Email Protection or your
company’s Authoritative DNS Name Server for the MX Records that are recognized for
the SMTP server names for a domain. You can then confirm that all the IP records that are
configured for your domain’s MX Records are correctly redirected to Email Protection.
The analysis indicates the following:
• All Authoritative Name Servers for the entered DNS name
• All MX Records that are recognized by the Authoritative Name Servers – this process
retrieves all the MX Records for a given domain
• Whether the hostname for each MX Record is a valid hostname, an outdated hostname
that will work but should be updated, or an unrecognized hostname which may be
allowing email to be routed around Email Protection
This window also indicates the recommended values (using the default values configured
at the system level for Email Protection) to assist you in determining whether your MX
Records are redirected correctly. For example, if all the SMTP servers defined for a
domain do not show the same information, this can indicate that your MX Records are not
defined correctly.
Note: This feature must be enabled at the system level to be available in Email Protection.
1 Click Email Protection | Setup| MX Records.
The MX Record Analysis window is displayed.
34 Proprietary: Not for use or disclosure outside McAfee without written permission. November 2012
Email Protection Administrator Guide Check Your MX Record
By default, the window shows the results of a DNS lookup by Email Protection on the
IP addresses you submitted to your Internet Service Provider. The column headings
show the following:
Field Description
MX Record Analysis Results
for
MX Records returned by
The domain for which a DNS lookup was performed.
The name of the DNS server, which can be the DNS
server of your Email Protection provider or a DNS
server from your company, if selected.
Under each MX
by your Internet Service Provider, along with the priority preference of the record, and the
status of the MX record.
• Valid –
• V
alid – recommend update – MX Record uses an older hostname standard. It still
works, but it is recommended that you update to the current hostname standard.
• Unrec
enter your system bypassing Email Protection. This situation, if occurring within 72
hours of the MX Record change, may indicated the changes are not yet complete.
Records returned by heading, MX records should be listed that were set
MX Record is current and fully authenticated.
ognized – MX Record could not be authenticated and may be allowing email to
November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission 35
Set up User Creation Mode — SMTP Discovery or Explicit Email Protection Administrator Guide
2 Check the Recommended MX Record Settings. This section indicates a list of
typical MX Record configurations using the system-defined default values and the
currently selected domain name. Note that this list may not match your actual MX
Record configurations. These values are configured at the system level.
You can alternatively enter a fully-qualified DNS Server name at your company in the
Target Authoritative Name Server field, then click Analyze. This capability is helpful if
the default display of MX records appears to be incomplete or in error.
Similar results to those returned by Email Protection provider’s DNS Server might occur.
Note: You can also select the View only this name server link to reduce the number of
DNS server lists of MX Records. Click the View all name servers link list all DNS
servers again.
Set up User Creation Mode — SMTP
Discovery or Explicit
Note: This procedure applies only if your service includes Email Protection.
Explicit user creation means that you must add user email addresses using one of the
methods that are described later. SMTP Discovery means that users are created
automatically based on SMTP transactions. That is, several incoming email messages to a
user indicate that the user exists for the customer. As a result, Email Protection creates that
user in the Control Console.
SMTP Discovery is the default setting for a new customer, such that at initial startup of
service, users might be created in the Control Console without any administration by you,
the Customer Administrator.
Note: Only messages delivered to recipient email addresses in a primary domain are
counted for the purpose of user creation. Messages sent to recipient email addresses in
alias domains are not counted. When the action is deny, the email is rejected and an error
message is displayed to the sender.
If you use Directory Integration, explicit user creation is highly-recommended.
To turn on Explicit User Creation, perform the following steps:
1 Click Email Protection | Setup.
2 Click User Creation Settings.
36 Proprietary: Not for use or disclosure outside McAfee without written permission. November 2012
Email Protection Administrator Guide Set up User Creation Mode — SMTP Dis-
3 Under the User Creation Mode heading, select Explicit.
4 Click Save.
November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission 37
Set up User Creation Mode — SMTP Discovery or Explicit Email Protection Administrator Guide
38 Proprietary: Not for use or disclosure outside McAfee without written permission. November 2012
Email Protection Administrator Guide Enterprise or Service Provider Customer
5. Customize Inbound Mail
Filters
Email Protection has default inbound and outbound mail filters to block and clean
malicious email and to quarantine email that might be malicious. The filters are
configured by using policies, which are the parameters for the filters Default policies are
automatically assigned to each of your domains.
You can customize the default inbound policy for any and each domain, or any and each
group, to fit your business needs.
To change customers, select the link in the upper right of the opened window. In the Select
window, begin entering the name of the entity you want and select that entity when a list
of entities appears.
Enterprise or Service Provider
Customer
Important: This document is for use by Enterprise customers only.
The way in which custom policies are applied to your users varies depending on whether
you are classified as a service provider or enterprise customer. If you are a service
provider customer, each domain can have one custom policy (see Figure 7). If you are an
enterprise customer, a single default policy applies to all domains. Thus, for an enterprise
customer, you must create a group or groups of users, and for each group, you can create a
custom policy. A group can be created according to domain membership (see Figure
according to any other user characteristics that may apply across multiple domains (see
Figure
Guide.
Note: Because a group defined by an enterprise customer can contain users from different
domains, a group policy does not apply to a domain, but rather to the group of users to
which it is defined. A custom group policy supersedes the default policy that is assigned to
all domains.
9). For procedures, see Create a Group in Account Management Administrator
8) or
November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission 39
Enterprise or Service Provider Customer Email Protection Administrator Guide
Figure 6: Service Provider Custom Policy Assignment
Figure 7: Enterprise Custom Policy Assignment (Groups by Domain)
40 Proprietary: Not for use or disclosure outside McAfee without written permission. November 2012
Email Protection Administrator Guide Create a Custom Policy (Enterprise Cus-
Figure 8: Enterprise Custom Policy Assignment (Groups by Other Attributes)
Create a Custom Policy (Enterprise
Customer Only)
Important Note: It is assumed that all domains within an Enterprise Customer will have
the same package assigned to them. If some domains have different packages, unexpected
results may occur. when a policy is applied to a group in which members reside within
different domains.
1 Click Email
2 Click Ne
The New Policy Set fields are displayed.
Protection | Policies | Inbound Policies link.
w to launch the New Policy window.
November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission 41
Create a Custom Policy (Enterprise Customer Only) Email Protection Administrator Guide
Field Description
Name Enter a name for the policy set you are creating. The
name should reflect
the name or purpose for the group or groups that you will assign to the
policy.
Owner The Owner heading indicates who can edit the policy
. If the owner is
Customer, only Customer Administrators can edit the policy. If the owner
is Group, then Group Administrators assigned to that group, as well as
Customer Administrators, can view or edit the policy.
Description Enter a description of the new policy set.
Direction From the drop-down menu, select the direction of email, in
bound SMTP
or outbound SMTP, for which this policy will be configured.
Copy From From the drop-down menu, select an existing policy set whose settings
want to copy to the new policy set. Most settings are copied based on
you
this selection. However, you must choose to copy some settings from the
existing policy separately by selecting the following fields.
Copy Sender
Allow List
Copy Sender Deny
List
Copy Recipient
ield List
Sh
Select to copy the Sender Allow list
Copy From field.
Selectto copy the Sender Deny list from the policy set selected in the
Copy Fr
om field.
Select to copy the Recipient Shield list from the policy set selected in the
Copy From field.
from the policy set selected in the
Copy ClickProtect
Allow List
3 Click Save.
The Policy Sets list is updated
policy to meet your business needs.
42 Proprietary: Not for use or disclosure outside McAfee without written permission. November 2012
Select to copy the ClickProtect Allow list
the Copy From field.
with the new policy. You can now modify the new
from the policy set selected in
Email Protection Administrator Guide Configure a Virus Filter
Configure a Virus Filter
Email Protection uses multiple virus scanning applications to analyze email to determine
if a virus may be present. In your custom policy, you can configure how Email Protection
handles an email that contains a known virus.
Important Note: If an email is detected that contains a wide-spread worm or virus (for
example, SoBig or MyDoom), Email Protection may automatically block that email,
regardless of the settings in your custom policy.
To create a new policy content filter, perform the following steps:
1 Click Email Protection | Policies.
2 Select the policy you want to change.
3 Click Virus.
The Actions window is displayed.
4 Complete the fields as described in the following table.
Field Description
November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission 43
Configure a Virus Filter Email Protection Administrator Guide
If a Message
Contains a Virus
If a Message
Cannot be Cleaned
Select an action Email Protection should take if an email contains a virus:
• Do nothing – Email Protection sends the email to the recipient with
no filtering or notification.
— Caution: This action is potentially hazardous because the email
will still contain the virus.
• Quarantine the message after attachment is stripped – Email
Protection strips an infected attachment from the email and sends the
email to quarantine with the message that an attachment had been
stripped. Email Protection does not send a separate notification to the
recipient.
• Strip the attachment – Email Protection strips the infected
attachment from the email and sends the email to the recipient. Email
Protection inserts text into the email to notify the recipient that an
attachment has been stripped.
• Deny delivery – Email Protection denies delivery of the email.
• Clean the message – Email Protection attempts to remove the virus
content and save the remainder of the message. If successful, Email
Protection sends the email to the recipient with the message that the
email had been cleaned of a virus. If you select this action, you must
also select an action for the If a Message Cannot be Cleaned field.
If you previously selected Clean the message, select an action Email
Protection should take if Email Protection fails to clean an infected email:
• Quarantine the message after attachment is stripped – The
infected attachment is stripped from the email and the email is sent to
the recipient’s virus quarantine area without notification to the
recipient. Text is inserted into the email indicating that an attachment
has been stripped.
• Strip the attachment – The infected attachment is stripped from the
email and the email is sent to the recipient. Text is inserted into the
email notifying the recipient that an attachment has been stripped.
• Deny delivery – The email is denied delivery.
5 Click Save or click on the Notifications under the Virus tab.
Set Email Protection to Notify Users about
Emails with Viruses
You can direct Email Protection to send notification emails to the recipient and/or sender
when an email is filtered because it contained a known virus. You can see the content of
notifications and change it in the Notifications tabs. See Define the Format and Text of
Notifications to Users.
Note: Virus notifications will not be sent out for emails that are infected with widespread
viruses or worms (for example, SoBig or MyDoom). These notifications will be
automatically disabled by the Email Protection.
1 Click Email Protection | Policies.
2 Select the policy you want to change.
3 Click Virus.
44 Proprietary: Not for use or disclosure outside McAfee without written permission. November 2012
Email Protection Administrator Guide Configure a Spam Filter
4 Click Notifications.
5 Complete the following fields:
Field Description
To the sender when
a message is … due
to a virus infection
To the recipient
when a message is
… due to a virus
infection
Select one or more conditions that will cause Email Protection to send a
notification email to the sender.
• Quarantined – The infected email was quarantined.
• Denied delivery – The infected email was denied delivery.
• Stripped – The infected attachment was stripped and the email sent
to the recipient.
Select one or more conditions that will cause Email Protection to send a
notification email to the recipient.
• Quarantined – The infected email was quarantined.
• Denied delivery – The infected email was denied delivery.
• Stripped – The infected attachment was stripped and the email sent
to the recipient.
Configure a Spam Filter
Email Protection spam filtering uses a large number of filtering processes, as well as
sophisticated statistical classification techniques, as part of its Stacked Classification
Framework® to determine if email is spam. Based on this analysis, Email Protection give
each email a score.
There are three scores are used to determine the likelihood
should be taken. Those scores are:
• Medi
um likelihood if default settings are used. This email is normally quarantined for
review.
November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission 45
of spam and what actions
Configure a Spam Filter Email Protection Administrator Guide
• High likelihood if default settings are used. This email is normally quarantined for
review.
• Critical likelihood. This spam is blocked.
If you specified an additional Realtime Blackhole List (RBL) in the Spam window of the
assigned policy, the RBL can influence the spam score as well.
Note: Occasionally, some emails might be marked as spam when in fact they are
legitimate emails. For these “false positive” email messages, you can help Email
Protection “tune” the spam thresholds and rules by sending a forwarded copy of the email
with all content and attachments to falsepositive@mxlogic.com
To configure a spam filter, you can perform the following tasks
• Define the Action to Take on Spam
• Spam – Content Groups Subtab
• Spam – Reporting Subtab
Define the Action to Take on Spam
1 Click Email Protection | Policies.
2 Select the policy you want to change.
3 Click Spam.
The Classification window is displayed.
4 Complete the following fields:
Field Description
46 Proprietary: Not for use or disclosure outside McAfee without written permission. November 2012
Email Protection Administrator Guide Configure a Spam Filter
If a Message is
Probably Spam
(Medium
likelihood) area
If a Message is
Probably Spam
(High likelihood)
area
Select an action Email Protection should take if an email has a spam score
of 90% or higher:
• Tag the message subject with “[SPAM]” – Email Protection adds
the phrase “[SPAM]” to the beginning of the email’s subject text and
sends the email to the recipient.
• Quarantine the message – Email Protection sends the email to
quarantine.
• Deny delivery – Email Protection denies delivery of the email.
Note: Emails that have the following actions applied will be
reported as Other in the Threats: Spam report.
• Do nothing – Email Protection sends the email to the recipient with
no filtering or notification.
Select an action Email Protection should take if an email has a spam score
of 99.9% or higher. These actions are the same as those for Medium
likelihood.
5 Click More Options if you want to enable a Real-time Black Hole List. Otherwise, go
to step 8.
Multiple real-time blackhole lists (RBLs) of known spammers are provided by the
industry, from which Email Protection creates a single RBL indicator to assess the risk
of an email originating from a known spammer. The use of multiple blackhole lists to
create a single vote and rate the reputation of each RBL for accuracy helps to
minimize the possibility of blocking a non-spammer by mistake.
6 If you clicked More Options, click the Enable Real Time Blackhole List (RBL)
checkbox.
Note: You can also block spammers by completing a Sender Deny List under the
policy’s Allow/Deny option.
7 Click Save or click on Content Groups under Virus.
Define Additional Words That Indicate
Spam
Email Protection spam content filtering controls spam by comparing the content (subject
and body) of an email against predefined lists of keywords or phrases (spam content
groups).
You can define a custom spam content group that contains additional lists of keywords
that are used to filter email as spam. For each content group, you also define the action to
take on email that contains a keyword. If the action is to send spam matches to quarantine,
users who receive Spam Quarantine Reports can view the matching messages in the
quarantine.
Note: A spam content group does not analyze the content within attachments.
November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission 47
Configure a Spam Filter Email Protection Administrator Guide
The action for a content group you define overrides spam actions for Email Protection
default spam filters. For example, if Email Protection determines that an email has a
medium likelihood of being spam and also contains a keyword that is in your spam content
group, the action defined for your spam content group is applied.
However, if you also define content filtering
on the Content – Content Groups window
(see Configure a Content Filter, that content filter overrides the keyword filtering you
define on the following Spam – Content Groups window. In addition, spam identified by
the Content – Content Groups filter is accessible only by Quarantine Managers or higher
level administrators. Users cannot view this spam.
1 Click Email
Protection | Policies.
2 Select the policy you want to change.
3 Click the Spam.
4 Click Content Groups.
5 Double-click the Content Group you wish to modify.
6In the Group Name field, type the name of your spam content group.
This name should summarize the kind of keywords you want Email Protection to look
for. For example, you might want to identify musical terms, such as concert, music,
rock, jazz, and so on, as spam. In this case, your group name might be music.
7From the Action drop-down menu, select an action to take if an email matches a
keyword:
• None – The email is forwarded to the recipient email address.
• Quarantine the message – The email is sent to the recipient's domain content
quarantine area.
• Deny Delivery – The email is denied delivery.
• Allow – The email is sent to the recipient email address.
Note: The Allow option is useful if you want to override standard Email Protection spam content
filtering for particular keywords.
48 Proprietary: Not for use or disclosure outside McAfee without written permission. November 2012
Email Protection Administrator Guide Configure a Spam Filter
Note: Emails that match keywords but are allowed will be reported as Other in the Threats: Spam
report.
• Tag the message subject with "[SPAM]"– The phrase "[SPAM]" is added to the
subject line of the email at the beginning of the subject text and the email is sent to the
recipient email address.
• Encrypt Message– is also available for Outbound content groups, if the Customer
has subscribed to Encryption.
• Silent Copy – allows you to forward a copy of the original message. To send a copy,
select a predefined distribution list from the drop-down.
8 Content List the content keywords needed to define your Custome Content Group.In
the Content field, type any keywords you want to search for in email. Use the
following rules for entering keywords.
• Each entry must be on its own line (separated by a hard return).
• If an entry contains multiple words, the entire phrase is used as a literal string (as
is).
• If individual words are desired, each word must be on its own line.
• Letter-case (for example, upper case or lower case) is ignored.
• The wildcards question mark (?) and asterisk (*) can be used to designate the
following:
— ? – designates any single character, including white space characters (for
example, menu, space, line break, etc.).
— For example, w?y would catch way, why, and w y.
— * – at the end of the string designates multiple characters until a white space
character is encountered.
For example, refi* would catch refinance, refinancing and refine.
— * – followed by a literal character designates multiple characters, including
white space characters, until the designated character is encountered.
For example, refi*d would catch refinanced, but would also catch refinishing
is a great way to save d.
— If the literal asterisk or question mark is desired, it must be preceded by a
backslash (for example, \* or \?).
9 For example, why\? (without quotes) would catch the string why? and the question
mark would not be used as a wildcard.Click the Enable checkbox to turn on the spam
content group.
10 Click Save for the new spam content group.
11 Click Save for the policy or continue to the Reporting tab.
To change a policy’s existing spam content group, click Edit.
November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission 49
Configure a Spam Filter Email Protection Administrator Guide
Set up Spam Quarantine Reports
When Email Protection scores email and determines that email might be problematic, but
the email is not clearly a security risk, Email Protection place the email into quarantine.
You can set up quarantine reports so that users can see which of their messages were
filtered and placed in quarantine. You can also determine how much control users have
over these reports, including:
• How reports are formatted.
• How often reports are sent
•
How Spam is filtered
• What actions users can take on quarantined email
See the E
To set up quarantine reports for use
1 Click Email
mail Protection User Guide on how users might manage quarantine reports.
rs, perform the following steps:
Protection | Policies.
2 Select a policy set for which the quarantine reports will apply.
3 Click Spam | Reporting.
4 Under the Enable Spam
Quarantine Reporting for heading, select one of the
following options:
• All users –
Quarantine Reports.
Note: Users
quarantine areas.
• Selected users – Only those user accounts configured for Spam Quarantine
Reports on the User Management windows receive the reports.
• No use
Reports.
50 Proprietary: Not for use or disclosure outside McAfee without written permission. November 2012
All user accounts associated with the policy set receive Spam
must be able to log into the Control Console to manage their spam
rs – No users associated with this policy set receive Spam Quarantine
Email Protection Administrator Guide Configure a Spam Filter
5 Under the Default Settings heading, complete the following field:
Field Description
Frequency
From the Frequency drop-down menu, select
how often users
receive Spam Quarantine Reports if they have email in spam
quarantine.
Report Type From the Report Type drop-down menu, select the content that
each Spam Quarantine Report should contain:
HTML – All Quarantined – All emails in your spam quarantine
area are listed in the Spam Quarantine Report.
HTML – New Items Since Last Report – Only those emails
received since the previous Spam Quarantine Report are listed in
the Spam Quarantine Report.
Text – Summary – A text-only email notification is sent to you
with a link to your spam quarantine, instead of the Spam
Quarantine Report. This option supports users with email
applications that do not support HTML content.
Text – New Items Since Last Report – A text-only email report is
sent to you that indicates how many new emails have been
quarantined as spam since the last report and the total number of
spam emails in your spam quarantine. The report also lists the
email messages that have been quarantined since the last report.
HTML Format From the HTML Format drop-down menu, select one of the
following:
HTML with Actions – The links Allow, Deny, and Release are
enabled in the Spam Quarantine Reports.
HTML without Actions – The links Allow, Deny, and Release are
disabled in the Spam Quarantine Reports. Users must log into the
Control Console to perform these actions.
Note: This field is ignored if the Report Type field is set to Textonly Summary.
6 Under the Spam Quarantine Report Security Settings heading, complete the
following fields:
Field Description
Report Links From the Report Links drop-down menu, select the number of days
after which the links in the Spam Quarantine Report become
inactive.
A low value may not give the users enough time to review their
Spam Quarantine Report and perform any spam management. A
high value might increase the security risk of unauthorized access
into the Control Console using an old Spam Quarantine Report.
November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission 51
Configure a Spam Filter Email Protection Administrator Guide
Field Description
Restrict user rights
when accessing
quarantine from spam
quarantine report
Select this field Selectso that administrator-level users will be
logged in with role of User when accessing the Spam Quarantine
Reports. If you leave the checkbox blank, administrator-level users
will be logged as their administrative role.
Note: Selecting this option is recommended to provide additional
security for the Control Console. This option applies to all
administrative levels, including Reseller Administrators, Customer
Administrators, Domain Administrators, Quarantine Managers,
and Reports Managers.
7 Under the Other Options heading, select any or all of the following options:
Field Description
Allow users to
personalize
spam filtering
actions
Allow users to
personalize
delivery
frequency
Select to allow users to customize actions that Email Protection takes on
email that is likely to be spam. Users actually select the actions on spam
from the Preferences window on the Control Console.
Select to allow users to change the frequency with which they receive
Spam Quarantine Reports. Users select the frequency of reports from the
Preferences window on the Control Console.
Allow users to
personalize
report type
Allow users to
“opt out” of
spam filtering
Enable “Always
Deny” shortcut
from spam
quarantine
report
Show spam
score on spam
quarantine
report
Allow users to
download Spam
Control For
Outlook®
Select to allow users to change the default settings you set in the Report
Type field on this window. Users can change the Report Type from the
Preferences windowwindow on the Control Console.
Select to allow users to turn filters for spam on or off. Users can turn off
spam filtering from the Preferences window on the Control Console.
Select to enable the Always Deny link in user’s Spam Quarantine
Reports, the Message Quarantine windows, and the Safe Message View
window.
If you leave the checkbox blank, users must go to the Allow/Deny Sender
Lists window to change their Allow or Deny lists.
Select to display the spam likelihood score for each quarantined message
in the Spam Quarantine Reports.
Select to display a link in Spam Quarantine Reports, from which users can
download the Spam Control For Outlook utility. The location from which
the utility is downloaded is configured in the Branding Settings window.
Note: This feature can be enabled or disabled at the system level.
52 Proprietary: Not for use or disclosure outside McAfee without written permission. November 2012
Email Protection Administrator Guide Configure a Content Filter
Field Description
Allow nonadmin users to
sign in directly
to the Control
Console
Display message
content in Safe
Message View
Display user
email addresses
in spam
quarantine
report
Allow users to
configure
alternate email
address for
spam report
delivery
Select to allow users to log into the Control Console using the Sign in
window.
Note: This feature does not affect the ability of users to log in by clicking
a link in a Spam Quarantine Report. If Control Console access is not
enabled and users do not receive the Spam Quarantine Report, the
Quarantine Manager or higher level roles must perform any changes to
the user settings, maintenance of the users’ spam quarantine, etc.
Select to allow users to view the body content of an email in the Safe
Message View window.
If you leave the checkbox blank, the user must release the email to see
what it contains in the body content.
Select to enable the view of user addresses in the HTML SQR report so
that users do not have to scroll through multiple addresses before they get
to the quarantine items.
Select to allow users to choose an alternate email address to reroute their
Spam Quarantine Report if needed. Users may go to Account
Management | User | Preferences to add their email alternate.
Alert! – Please be advised that redirecting a user's SQR allows the chosen
alternate recipient to have full access to their Control Console account,
including access to that user's Preferences. Therefore; please encourage
the user to choose their alternate email address carefully.
8 Click Save.
Configure a Content Filter
You can create a custom content filter. The content filter does the following:
• Blocks or quarantines the email that contains prohibited keywords.
• Notifies the sender or recipient when an email has been quarantined or blocked.
• Blocks HTML malicious tags or prohibited images.
• Manages the ability for users to click on links in email.
Note: Content filtering does not analyze the content within attachments.
Note: You also define content filtering on the Spam – Content Groups window (see
Configure a Spam Filter, the Content – Content Groups overrides the keyword filtering
you define on the following Spam – Content Groups window. In addition, spam
identified by the Content – Content Groups filter is accessible only by Quarantine
Managers or higher level administrators. Users cannot view this spam.
November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission 53
Configure a Content Filter Email Protection Administrator Guide
Note: Due to the nature of the content filtering, the window images may contain offensive
material.
To create a new policy content filter, perform the following steps:
1 Click Email Protection | Policies.
2 Select the policy you want to change.
3 Click Content.
The Content Groups window is displayed, showing the default content groups.
• Profanity
• Racially Insensitive
• Sexual Overtones
You cannot change the keywords in these groups.
The Content Group Policy fields are displayed.
Email Protection also provides predefined content groups that contain valid and
acceptable personal identifiable information that is allowed in email messages due to
specific policies. You cannot edit these content groups, but can designate whether or not
they are used. Following are the two types of predefined content groups:
• Credit Card Number
• Social Security Number
The Credit Cards that are supported include AMEX, VISA, MC, and DISC.
Note: Credit Card Numbers and Social Security Numbers can be represented or formatted in
various ways and Email Protection may not be able to capture all messages that contain
this information.
More Options
If a Customer or Domain subscribes to Email Encryption, then selecting this option can be
used to enforce Email Encryption if the outbound message contains the word [encrypt].
The word, [encrypt] can reside in the message subject line or the body of the outbound
message.
54 Proprietary: Not for use or disclosure outside McAfee without written permission. November 2012
Email Protection Administrator Guide Configure a Content Filter
Note: This option is only available on the Outbound Policy Content Group window.
1 Click Edit or double-click on your selected Content Group, you may perform the
following:
• Group Name This defaults to the name of your selected group.
• Content This field is disabled for Content Groups
2 From the drop-down Action list, the following actions may be applied to a Content
Group
• None – The email is forwarded to the recipient email address.
• Quarantine the message – The email is sent to the recipient's domain content
quarantine area.
• Deny Delivery – The email is denied delivery.
• Allow – The email is sent to the recipient email address.
• Tag the message subject with "[SPAM]" – The phrase "[SPAM]" is added to the
subject line of the email at the beginning of the subject text and the email is sent to
the recipient email address.
• Encrypt Message is also available for Outbound content groups, if the Customer
has subscribed to Encryption.
3 Silent Copy allows you to forward a copy of the original message. To send a copy,
select a predefined distribution list from the drop-down.
4 Click Save
Turn Off a Default Content Filter
You can deactivate any of the Email Protection default content filters if you want to allow
email containing those keywords to be delivered or you want to replace the list of
keywords with your own list.
Note: Instead of turning off the content filter, you can also choose the action None for the
filter. In this case, Email Protection filters email, but delivers matching email to users with
no other notifications or marking.
1 Click Email Protection | Policies.
2 Select the policy you want to change.
3 Click Content.
The Content Groups window is displayed, showing the default content groups.
• Profanity
• Racially Insensitive
• Sexual Overtones
4 Double-click one of the default content groups.
5 Uncheck the Enable checkbox.
6 Click Save.
November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission 55
Configure a Content Filter Email Protection Administrator Guide
Custom Content Group
The Custom Content Groups subtab allows customers to define their own custom
content keyword group and assist in monitoring their email. By configuring a Content
Group, the customer can determine how the system reacts if it receives an email that
contains text that violated that content policy. Customers can also define a different action
for each content group.
Note: If the content group is enabled, then email will be filtered for that content.
1 Click New or double-click your selected Custom Content Group,and perform the
following:
2 Gr
oup Name: select and type of your Custom Content Group.
3 Content List the content keywords needed to define your Custome Content Group.In
the Content field, type any keywords you want to search for in email. Use the
following rules for entering keywords.
• Each entry must be on its own line (separated by a ha
• If an entry contains multiple words, the entire phrase
rd return).
is used as a literal string (“as
is”).
• If individual words are desired, each word must be on its own line.
• Letter-case (for example, upper case or lower case) is ignored.
• The wildcards question mark (?) and asterisk (*) can be used to designate the
following:
— ? – designates any single character,
including white space characters (for
example, menu, space, line break, etc.).
— For example, w?y wou
— * (without quotes) at the end of the string designates multi
ld catch way, why, and w y.
ple characters until
a white space character is encountered.
For example, r
— * – followed by a literal character designates multiple
efi* would catch refinance, refinancing and refine.
characters, including
white space characters, until the designated character is encountered.
56 Proprietary: Not for use or disclosure outside McAfee without written permission. November 2012
Email Protection Administrator Guide Configure a Content Filter
For example, refi*d would catch refinanced, but would also catch refinishing
is a great way to save d.
— If the literal asterisk or question mark is desired, it must be preceded by a
backslash (for example, \* or \?).
For example, why\? (without quotes) would catch the string why? and the
question mark would not be used as a wildcard.
Caution: It is possible to create wildcard combinations that will filter valid email,
including all email, and/or will substantially slow email processing. Be very careful if you
use wildcards to ensure that only the desired content is filtered.
4From the Action drop-down menu, select an action to take if an email matches a
keyword:
• None – The email is forwarded to the recipient email address.
• Quarantine the message – The email is sent to the recipient's domain content
quarantine area.
• Deny Delivery – The email is denied delivery.
• Allow – The email is sent to the recipient email address.
Note: The Allow option is useful if you want to override standard Email Protection spam content
filtering for particular keywords.
Note: Emails that match keywords but are allowed will be reported as Other in the Threats: Spam
report.
• Tag the message subject with "[SPAM]"– The phrase "[SPAM]" is added to the
subject line of the email at the beginning of the subject text and the email is sent to the
recipient email address.
• Encrypt Message– is also available for Outbound content groups, if the Customer
has subscribed to Encryption.
• Silent Copy – allows you to forward a copy of the original message. To send a copy,
select a predefined distribution list from the drop-down.
5 Click the Enable checkbox to turn on the spam content group.
6 Click Save for the new spam content group.
7 Click Save for the policy or continue to the Notifications tab.
Notify Users about Spam Content
You can direct Email Protection to send notification emails to the recipient and/or sender
when an email is filtered because it contained spam content. You can see the content of
notifications and change it in the Notifications tabs. See Define the Format and Text of
Notifications to Users.
Note: Virus notifications will not be sent out for emails that are infected with widespread
viruses or worms (for example, SoBig or MyDoom). These notifications will be
automatically disabled by the Email Protection.
November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission 57
Configure a Content Filter Email Protection Administrator Guide
1 Click Email Protection | Policies.
2 Select the policy you want to change.
3 Click Content.
4 Click Notifications.
Complete the following fields:
Field Description
To the sender
when a
is … due to a
content group
violation
To the recipient
when a
is … due to a
content group
violation
message
message
Select one or more conditions that will
notification email to the sender.
• Q
uarantined – The infected email was quarantined.
• Denied delivery – The
Select one or more conditions that will
notification email to the recipient.
• Q
uarantined – The infected email was quarantined.
• Denied delivery – The
infected email was denied delivery.
infected email was denied delivery.
cause Email Protection to send a
cause Email Protection to send a
Configure a Filter for HTML, Java Script,
ActiveX, and Spam Beacons
You can configure how Email Protection filters email for HTML attachments or various
forms of HTML coding within email.
1 Click Em
ail Protection | Policies.
2 Select the policy you want to change.
3
Click Content.
4 Click HTML Shield.
58 Proprietary: Not for use or disclosure outside McAfee without written permission. November 2012
Email Protection Administrator Guide Configure a Content Filter
5Under HTML Shield Protection, select one of the following options:
Field Description
Low Select this option to remove only malicious HTML tags from the email
and forward the email to the recipient. Text is added to the email to
indicate that HTML content was removed.
Medium Select this option to remove the following HTML content from the email
and forward the email to the recipient:
• Malicious HTML tags
• HTML comments and attributes
• All Java, Javascript, and ActiveX code
Text is added to the email to indicate that HTML content was removed.
High Select this option to remove all HTML content, including scripts as in the
Medium option, from the email and to forward the email to the recipient.
Text is added to the email to indicate that HTML content was removed.
None Select this option to not perform HTML filtering on email.
6Under Options for Low and Medium Setting
, sSelectelect Enable spam “beacon”
and web bug blocking to block spam beacons and web bugs.
A spam beacon can reveal user activity to spammers while flagging the recipient’s
address as active. A Web bug is any one of a number of techniques used to track who
is reading a Web window or e-mail, when, and from what computer. A Web bug can
also be used to see if an e-mail was read or forwarded to someone else, or if a Web
window was copied to another Website.
Note: This option is available only if you picked the Low or Medium options for
HTML filtering.
7 Select Replace all image links with a default transparent image to eliminate
objectionable images in email.
This option replaces
pixel.
November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission 59
links to images in email with links to an image with one transparent
Configure a Content Filter Email Protection Administrator Guide
Note: This option is available only if you picked the Low or Medium options for
HTML filtering.
8 Click Save or continue to ClickProtect.
Configure Web Hyperlink Filters
(ClickProtect)
You can configure whether Web hyperlinks in email are blocked or can be clicked and
followed by the user. You can also designate a ClickProtect Allow List of URL addresses
that are excluded from the ClickProtect processing (for example, your corporate URLs).
As another option, you can set tracking of links that are clicked so that they are reported in
the ClickProtect: Click Log Report.
Caution:
which include HTML or Rich Text
1 Click Email
2 Select the policy you want to change.
3 Click Content.
4 Click ClickProtect.
ClickProtect only processes links in emails with accepted message formats,
Protection | Policies.
5 Click one of the following options:
• Disabl
click and access Web hyperlinks in the emails without logging information in the
system.
• Display warning me
customizable warning message. Users can then either stop the click-through
process or continue to the Web site.
• Display warnin
with a customizable warning message and does not allow users to continue with
the click-through process.
60 Proprietary: Not for use or disclosure outside McAfee without written permission. November 2012
e ClickProtect — Disables this feature completely and allows users to
ssage before redirecting — Displays a dialog box with a
g message and deny click-throughs — Displays a dialog box
Email Protection Administrator Guide Configure a Content Filter
6 If you clicked one of the last two options above, overtype the text in the Warning
Message text box. You can also leave the default text if desired
7In the Allow URL or IP field, type URL or IP addresses that you want to allow users
to access and bypass ClickProtect processing.
The following values are allowed:
• IP Address — Complete address (for example, 10.10.10.1) or partial address with
wild cards (for example, 10.10.10.*).
• Domain Name — Qualified domain name (for example, xyz.com) or subdomains
(for example, *@*.xyz.com denies emails from any subdomain of the XYZ
domain, such as user@abc.xyz.com). If you know you want to allow all emails
from this domain, then use this option instead of typing in each email address
associated with the domain. The following list provides some examples of
allowable URLs.
— www.domainname.com
— www.domainname.n*
— www.domainname.*
— www.domainname.example.com
— www.domainname.*.com
— www.domainname.xxx.xxx.xxx.xxx.com
— domainname.com
The following are not accepted in domain names:
— http://
—slashes
— IP addresses.
8 Click Add.
The value is added to the list box.
Note: (This step is only available to certain user roles, when a user-defined policy set
is selected.) If you want to include the values listed for the Default Inbound policy set,
select the check box located beneath the list.
Upload a List of Allowed URLs
You can create a list of allowed URLs and upload that list to the Control Console. To
upload a list, perform the following steps:
1 Create a file with a predefined list of URLs. The predefined list must be in the
following format:
• Must be a text file
• One entry per line
• File must be available for your browser to access
2 On the ClickProtect window, go to the More Options section.
November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission 61
Define an Attachment Filter Email Protection Administrator Guide
Additional fields are displayed.
3 To upload the file, click Browse next to the Upload List field and locate the file.
4 Click Upload Allow List.
The contents are added to the ClickProtect Allow List box.
5 Click Save.
Download a List of Allowed URLs from the
Control Console
If you want to download the list of allowed URLs to your local drive, click Download
ClickProtect Allow List. The downloaded list is a file in CSV format. You can open it in
Microsoft Excel.
Define an Attachment Filter
You can create a customer attachment filter. You can filter email for attachments based on
the following criteria:
• Filter by Attachment File Types, including file size.
• Filter by Attachment File Name
• Filter Zip File Attachments
Filter by Attachment File Types
To filter email by file type, you must define the following:
• What file types are allowed to be received
• File size restrictions on the allowed file types
62 Proprietary: Not for use or disclosure outside McAfee without written permission. November 2012
Email Protection Administrator Guide Define an Attachment Filter
• The email action that will be used if an email violates any of the file type attachment
policies
To create a new policy content filter, perform the following steps:
1 Click Email Protection | Policies.
2 Select the policy you want to change.
3 Click Attachments.
The Attachments: File Types window is displayed.
4 For each file type in the Allowed Attachment Types section, select one of the
following options from the drop-down menu:
• Disallow — All email containing this file type are blocked.
• A file size, such that an email with a file of this file type that exceeds the file size
is blocked.
— Max 500 KB
— Max 1 MB
—2 MB
—5 MB
—10 MB
—15 MB
• Any size — Email with this file type is allowed and delivered.
Note: By default, each listed attachment file type is allowed unless you specifically
select it to be disallowed, except for the types Executables and Scripts. These two
file types are relatively easy to self-invoke from an email, and thus increase the
security risk of a self-running virus or worm.
The following table lists the file extensions associated with each file type:
File Type Example File Extensions
Microsoft Word
Documents
*.doc, *.dot, *.rtf, *.wiz
November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission 63
Define an Attachment Filter Email Protection Administrator Guide
File Type Example File Extensions
Microsoft Powerpoint
*.pot, *.ppa, *.pps, *.ppt, *.pwz
Documents
Microsoft Excel
*.xla, *.xlb, *.xlc, *.xlk, *.xls, *.xlt, *.xlw
Documents
Microsoft Access Files *.adp, *.ldb, *.mad, *.mda, *.mdb, *.mdz, *.snp
Other Microsoft Office
Files
Adobe Acrobat (PDF)
*.cal, *.frm, *.mbx, *.mif, *.mpc, *.mpd, *.mpp, *.mpt,
*.mpv, *.win, *.wmf
*.abf, *.atm, *.awe, *.fdf, *.ofm, *.p65, *.pdd, *.pdf
Files
Macintosh Files *.a3m, *.a4m, *.bin, *.hqx, *.rs_
Compressed or Archived
Files
*.arj, *.bz2, *.cab, *.gz, *.gzip, *.jar, *.lah, *.lzh, *.rar,
*.rpm, *.tar, *.tgz, *.z, *.zip
Audio Files *.aff, *.affc, *.aif, *.aiff, *.au, *.m3u, *.mid, *.mod,
*.mp3, *.ra, *.rmi, *.snd, *.voc, *.wav
Video/Movie Files *.asf, *.asx, *.avi, *.lsf, *.lsx, *.m1v, *.mmm, *.mov,
*.movie, *.mp2, *.mp4, *.mpa, *.mpe, *.mpeg, *.mpg,
*.mpv2, *.qt, *.vdo
Image Files *.art, *.bmp, *.dib, *.gif, *.ico, *.jfif, *.jpe, *.jpeg,
*.jpg, *.png, *.tif, *.tiff, *.xbm
Executables Note: This file type defaults to Disallow.
*.bat, *.chm, *.class, *.cmd, *.com, *.dll, *.dmg, *.drv,
*.exe, *.grp, *.hlp, *.lnk, *.ocx, *ovl, *.pif, *.reg, *.scr,
*.shs, *.sys, *.vdl, *.vxd
Scripts Note: This file type defaults to Disallow.
*.acc, *.asp, *.css, *.hta, *.htx, *.je, *.js, *.jse, *.php,
*.php3, *.sbs, *.sct, *.shb, *.shd, *.vb, *.vba, *.vbe,
*.vbs, *.ws, *.wsc, *.wsf, *.wsh, *.wst
ASCII Text Files *.cfm, *.css, *.htc, *.htm, *.html, *.htt, *.htx, *.idc,
*.jsp, *.nsf, *.plg, *.txt, *ulx, *.vcf, *.xml, *.xsf
Postscript Files *.cmp, *.eps, *.prn, *.ps
All Other Files Any file extensions that are not included in the other
file types
5In the Action to take for Disallowed Attachments section, select one of the
following options:
• Do nothing – Email Protection sends the email to the recipient with no filtering or
notification.
• Deny delivery – Email Protection denies delivery of the email.
64 Proprietary: Not for use or disclosure outside McAfee without written permission. November 2012
Email Protection Administrator Guide Define an Attachment Filter
• Strip the attachment – Email Protection strips the attachment from the email and
the email is sent to the recipient. Text is inserted into the email notifying the
recipient that an attachment has been stripped.
• Quarantine the message – Email Protection sends
the email to quarantine.
6 Click Save
or continue to the Filename tab.
Filter by Attachment File Name
You can create custom filter to filter email for specific file names. This filter overrides any
conflicting file type policies you may have defined.
To define a filter for attachment file name, perform the following steps:
1 Click Email
2 Select the policy you want to change.
3 Click Attachments.
The Attachments: File Types window is displayed.
4 Click Filename Policies.
The Filename Policies window is displayed.
5 Click New.
The New Attachment Filename Policy section is displayed.
Protection | Policies.
6 From the Filter drop-down menu, select one of t
• Is –
Email Protection filters for file names that have an exact match to the text in
the Val ue field. For example, if you want to filter for the file name config.exe and
no others, you must select Is and then type config.exe in the Value field. For this
example,, the Is option has the meaning “File name IS config.exe.”
• Contains – Email
Va lu e description anywhere within the filename string. For example, if you want
to filter for any file that contains config in its name, like postconfig or config.ini,
select this option.
November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission 65
he following:
Protection filters for file names that contain the text in the
Define an Attachment Filter Email Protection Administrator Guide
• Ends with – Email Protection filters for file names that end with the text in the
Va lu e description. For example, if you want to filter for any executable files
ending with .exe, select this option.
7 In the Value field, type the name or partial name with
which Email Protection should
search incoming email. For example, if you want Email Protection to search for any
file containing the text config, type config.
8 From the Action drop-down menu, select one of the following options:
•Do nothing – Email Protection sends the email to the recipient with no filtering or
notification.
• Deny delivery – Email Protection denies delivery of the email.
• S
trip the attachment – Email Protection strips the attachment from the email and
the email is sent to the recipient. Text is inserted into the email notifying the
recipient that an attachment has been stripped.
• Quarantine the message – Email Protection sends
9 Ignore the Silent Copy drop-down list.
10 Click Save
11 Click Save for the
to save the new filename filter.
policy or continue to the Additional Policies tab to filter for zip file
No silent copy will be sent.
the email to quarantine.
attachments.
Filter Zip File Attachments
You can create a custom filter for zipped file or compressed file attachments. These
policies are ignored unless the Compressed or Archived Files filetype is allowed in the
Attachments: File Types window.
To define a filter for attachment file name, perform the following steps:
1 Click Email
Protection Policies.
2 Select the policy you want to change.
3 Click Attachments.
The Attachments: File Types window is displayed.
4 Click Additional Policies.
The Additional Attachment Policies window is displayed.
66 Proprietary: Not for use or disclosure outside McAfee without written permission. November 2012
Email Protection Administrator Guide Define an Attachment Filter
5From the Message contains high-risk attachment drop-down menu, select one of the
following options:
• Allow delivery – Email Protection sends the email to the recipient with no
filtering or notification.
• Quarantine the message – Email Protection sends the email to quarantine.
• Deny delivery – Email Protection denies delivery of the email.
This action applies if an email has an attachment that is a zipped file and that violates
any of the following rules:
• The zip file itself is too large ( > 500MB).
• A file contained in the zip file is too large ( > 100MB).
• The zip file contains too many files ( > 1500 files).
• The compression rate is too high ( > 95% compressed).
• The zip file contains too many levels of nesting ( > 3 levels).
6From the Message contains an encrypted zip attachment drop-down menu, select
one of the following options:
• Allow delivery – Email Protection sends the email to the recipient with no
filtering or notification.
• Quarantine the message – Email Protection sends the email to quarantine.
• Deny delivery – Email Protection denies delivery of the email.
The action applies if an email message has an attachment that is a zipped file and is
encrypted and password-protected. This format is commonly used to prevent scanning
for viruses in zipped files.
7From the File in zip attachment violates attachment policy drop-down menu, select
one of the following options.
• Attachment policy action – The action for the specific policy that was violated
will be performed on the entire attachment. If multiple policies were violated, the
policies defined in the Attachment – Filename Policies subtab override the
policies defined in this subtab.
• Do nothing – The email is sent to the recipient with no filtering applied.
The action applies if an email that has an attachment that is a zipped file and the
zipped file contains files that violate the previously-defined filters for attachments.
Notify Users about Attachment Violations
You can direct Email Protection to send notification emails to the recipient and/or sender
when an email is filtered because it contained an attachment violation. You can see the
content of notifications and change it in the Notifications tabs. See
Text of Notifications to Users.
1 Click Email Protection | Policies.
2 Select the policy you want to change.
3 Click Attachments.
Define the Format and
4 Click Notifications.
November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission 67
Allow or Deny Email to or from Specific Addresses Email Protection Administrator Guide
5 Complete the following fields:
Field Description
To the sender
when a message
is … due to an
attachment
policy violation
To the recipient
when a message
is … due to an
attachment
policy violation
Select one or more conditions that will cause Email Protection to send a
notification email to the sender.
• Quarantined – The email that contained an attachment violation was
quarantined.
• Denied delivery – The email that contained an attachment violation
was denied delivery.
• Stripped – The infected attachment was stripped and the email sent to
the recipient.
Select one or more conditions that will cause Email Protection to send a
notification email to the recipient.
• Quarantined – The email that contained an attachment violation was
quarantined.
• Denied delivery – The email that contained an attachment violation
was denied delivery.
• Stripped – The violating attachment was stripped and the email sent to
the recipient.
6 Click Save.
Allow or Deny Email to or from
Specific Addresses
You can define lists of sender email addresses, domain names, or IP addresses whose
email is always delivered to your users, or conversely, whose email is always denied
delivery. In addition, you can define lists of recipient email addresses that are always
denied receiving email.
68 Proprietary: Not for use or disclosure outside McAfee without written permission. November 2012
Email Protection Administrator Guide Allow or Deny Email to or from Specific
The Sender Allow and Sender Deny lists are used in combination with the user-level
Allow and Deny lists that can be defined for specific user accounts. In the case of a
conflicting entry (for example, the same email address is in the user-level Allow list and
the Sender Deny list at the policy set level), the lists defined in these tabs override the
user-level lists.
The allowed maximum of items for each list is defined at the system level and may vary
for different installations of Email Protection.
Allow Email from a Specific Address
You can define a list of sender addresses whose email will always be accepted without
email filtering. The exception is that virus filtering is always applied if licensed for that
policy set, unless overridden by the user-level policy configurations. In addition, the userlevel Deny list will override the policy set-level Sender Allow list.
You can add individual addresses one a time or you can add them with a batch file. See
Add Allow, Deny, or Recipient Shield Addresses with a Batch File.
1 Click Email Protection | Policies.
2 Select the policy you want to change.
3 Click Allow/Deny.
The Sender Allow window is displayed.
4In the Add Address field, type the address of a sender whose email should be
delivered without filtering.
The following values are allowed in the list entries:
• Email addresses – Complete sender email address or partial address with
wildcards (for example, gsmith@domain.com or g*@domain.com)
• Domain names – Complete domain name or partial name with wildcards (for
example, “domain.com”)
• IP addresses – Complete IP address or partial address with wildcards (for
example, 123.123.12.3 or 123.123.12.*)
Note: CIDR notation is not allowed. Each IP address must be designated separately.
November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission 69
Allow or Deny Email to or from Specific Addresses Email Protection Administrator Guide
5 Click Add.
The address is added to the allowed address box on the right.
6 Repeat steps 4 and 5 for each address you want to add.
7 Click Save.
You can save a copy of the list you created. See
Shield List.
Save a Copy of an Allow, Deny, or Recipient
Sender Policy Framework (SPF)
You are able to whitelist a specific email addess or domain and assign an SPF check to that
address. Subsequent mail coming from the whitelisted domain is then checked against
SPF records. Should the SPF check fail, the mail is denied.
The following conditions apply to an SPF verification:
• If the record can be verified, then content and spam filtering is skipped for the
sender’s inbound messages.
• If the record cannot be verified, then filtering is not skipped for the sender’s inbound
messages.
Note: If a sender on the allow list does not have an SPF record the inbound message is still
allowed.
Deny Email from a Specific Address
You can define a list of sender addresses whose email will always be denied regardless of
email filtering. This Deny list overrides the user-level Allow list.
You can add individual addresses one a time or you ca
Add Allow, Deny, or Recipient Shield Addresses with a Batch File.
1 Click Email
Protection | Policies.
2 Select the policy you want to change.
Click Allow/Deny.
3
n add them with a batch file. See
70 Proprietary: Not for use or disclosure outside McAfee without written permission. November 2012
Email Protection Administrator Guide Allow or Deny Email to or from Specific
The Sender Allow window is displayed.
4 Click Sender Deny.
The Sender Deny window is displayed.
5In the Add Address field, type the address of a sender whose email should be denied
without filtering.
The following values are allowed in the list entries:
• Email addresses – Complete sender email address or partial address with
wildc
ards (for example, gsmith@domain.com or g*@domain.com)
• Domain names – Complete domain name or partial
name with wildcards (for
example, domain.com)
• IP addresses – Complete IP address or partial address with wildcards (for
example, 12
Note: CIDR notation is not allow
3.123.12.3 or 123.123.12.*)
ed. Each IP address must be designated separately.
6 Click Add.
The address is added to the denied address box on the right.
7 Repeat steps 4 and 5 for each address you want to add.
8
In the If the Sender is on the Sender Deny List section, select one of the following
options:
• Accept and silently discard th
e message – The email is accepted, but is
discarded without notification.
• Deny de
livery – The email is denied delivery.
9 Click Save.
You can save a copy of the list you created. See
Shield List.
Save a Copy of an Allow, Deny, or Recipient
November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission 71
Allow or Deny Email to or from Specific Addresses Email Protection Administrator Guide
Deny Email to a Specific Recipient
You can define a list of recipient user addresses whose incoming email will always be
denied, regardless of email filtering. For example, you can designate that emails received
to an ex-employee’s user account are always denied. Email received for all alias email
addresses for the designated user account is also included in the Recipient Shield
processing.
You can add individual addresses one a time or you can add them with a batch file. See
Add Allow, Deny, or Recipient Shield Addresses with a Batch File.
1 Click Email Protection | Policies.
2 Select the policy you want to change.
3 Click Allow/Deny.
The Sender Allow window is displayed.
4 Click Recipient Shield.
The Recipient Shield window is displayed.
5In the Add Address field, type the address of a recipient whose email should be
denied.
You can type a complete recipient email address or partial address with wildcards (for
example, “gsmith@domain.com” or “g*@domain.com”).
Note: The email addresses must be defined in the primary Domain. Alias domain
names are not allowed.
6 Click Add.
The address is added to the recipient address box on the right.
7 Repeat steps 4 and 5 for each address you want to add.
8 In the If the Recipient is on the Recipient Shield List section, select one of the
following options:
• Accept and silently discard the message – The email is accepted, but is
discarded without notification.
72 Proprietary: Not for use or disclosure outside McAfee without written permission. November 2012
Email Protection Administrator Guide Email Authentication
• Deny delivery – The email is denied delivery.
• Do nothing – The email is forwarded to the recipient email address with no
processing applied.
9 Click Save.
You can save a copy of the list you created. See Save a Copy of an Allow, Deny, or Recipient
Shield List.
Save a Copy of an Allow, Deny, or Recipient
Shield List
You can download the allow or deny list you have created so you can store a copy. To
download a copy, perform the following steps.
1 On the Allow, Deny, or Recipient Shield window, click More Options.
2 Click Download [] List.
A download window is displayed. Email Protection automatically creates a Microsoft
Excel spreadsheet (*.csv file) containing the address list. You can choose to save the
file or open it directly.
Add Allow, Deny, or Recipient Shield
Addresses with a Batch File
1 Using a text editor, create a text file that contains one email address per line, and save
it to your computer.
2 On the Allow, Deny, or Recipient Shield window, click More Options.
Additional fields are displayed.
3 Click Browse and search for the text file you created.
4 Click Upload [] List.
5 Click Save.
Email Authentication
Transport Layer Security
Transport Layer Security (TLS) has routinely been supported and is still supported by our
Email Protection system. If a TLS connection can be negotiated between the sender and
the recipient MTAs, then the system delivers the email over TLS. If a TLS connection
CANNOT be established between the sender or the recipient MTA, then the mail transfer
November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission 73
Email Authentication Email Protection Administrator Guide
agent delivers, via SMTP, without encryption. Therefore, it is recommended that you
specify a Sender’s domain and/or sub-domain for this policy so that TLS is enforced.
Thus, if TLS cannot be established, then the message will not be delivered and a bounce
message will be generated to the sender, recipient, or both depending on the Notifications.
Note: Enforced TLS requires a negotiation between our mail transfer agent and yours
to be successful. You must have TLS turned on at your end to accomodate this
transaction. Refer to your MTA software manual on “How to enable/turn-on TLS”
to ensure TLS is implemented in your system prior to setting up your domain lists.
From the Policy Set window select Email Authentication | Enforce TLS tab and complete
the following steps.
Add Domain
6 To enter values into the TLS domain list enter the full address of the Sender/
Recipient’s domain and/or sub-domain.
NOTE: To enter values into the TLS domain list enter the full address of the Sender/
Recipient's domain and/or sub-domain. Any Sender/Recipient's domain or
subdomain must be explicitly specified for enforced TLS. Specifying a Sender/
Recipient's domain doesn't automatically include any sub-domains of that domain.
7 Click the Add » button. The value is added to the list box.
NOTE: The maximum number of values allowed in the Add Domain list is specified. This
limit is defined at the system level (see the online help for the specific count). Any
duplicate or invalid values are discarded automatically.
74 Proprietary: Not for use or disclosure outside McAfee without written permission. November 2012
Email Protection Administrator Guide Email Authentication
More Options
• Upload Enforced TLS List (appends to existing list): To Upload a file with a
predefined list, click the Browse button. After you select the file and it's path appears
in the text field, click the Upload button. The contents are added to the Add Domain
box above.
• Download Enforced TLS List (be sure to save changes first): To Download a domain
list in a csv file, click the Download button, select the list you wish to download and
click Save.
8 Subscribe to Default TLS List By checking the subscription to the TLS default list you
will be adding the appropriate Inbound/Outbound Default domain policy to your
customized Enforced TLS domain list. The default list can be viewed by clicking the
corresponding Inbound/Outbound Default selection under the Policies tab. This option
is only available in custom (non-default) policy sets.
NOTE: If the default list changes, your subscription to the default is updated to reflect
those changes.
Save
9 Click the Save button to save your information.
Download
To Download a domain list in a csv file, click the Download button, select the list you
wish to download and click Save.
Enforced SPF
Sender Policy Framework (SPF) can be used by email recipients to determine if the
messages they receive were sent from someone authorized by the domain owner, which
can help detect spoofing. SPF only works when domain owners implement and maintain it
voluntarily.
To implement SPF, domain owners must create special DNS entries which list the IP
addresses that are authorized to send email from their domain. Email recipients must
compare an email's source IP address to the IP address in the domain owner's DNS SPF
records. If they match, it is reasonable to assume that the message was sent by the domain
owner or an authorized third party.
Important SPF information:
• SPF implementation is voluntary and many domain owners have not implemented
DNS SPF records, including many well-known commercially used domains.
• Even those that have implemented SPF might have outdated or inaccurate records,
resulting in false positives. The only way to resolve this is to contact the domain
owner and ask them to correct the issue.
November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission 75
Email Authentication Email Protection Administrator Guide
• Nothing prevents spammers and hackers from implementing SPF, so it is not a
reliable spam indicator - Many organizations allow third parties to send mail on behalf
of their domain (authorized spoofing). These third parties must be authorized by the
domain owner as part of their SPF records in order for recipients to successfully
validate the third party messages.
• Hosted email providers often give the same SPF records to all their customers, making
it impossible to distinguish one customer from the another, thus reducing usefulness
of the technology.
• Even when SPF is implemented and enforced, it is still possible for spammers to
create very convincing spoofed emails; therefore, continued user training and caution
is advised.
Create an Enforced SPF Domain
Go to the Email Authentication | Enforced SPF tab and complete the following
information to implement an SPF domain.
To enter values for the SPF domain list, enter the full address of the Sender domain and/or
sub-domain, or use part of the domain using wildcards. Any Sender domain or subdomain
must be explicitly specified for enforced SPF. Specifying a Sender domain doesn't
automatically include any sub-domains of that domain. Examples of Wildcard use include
any of the following:
•*.example.com
•e
xample.*
• mysubdomain.*.*
• subdomain.*.example.com
1 Click the Add » button. T
Note: The maximum number of values allowed in the Add Domain list is 1500. This limit is defined
at the system level. Any duplicate or invalid values are discarded automatically.
he value is added to the list box.
2 To remove a value from the list, select it in the list box and click the « Remove button.
Note: To select more than one value from the list, press Ctrl on your keyboard, click each entry
you want to remove, and then click the « Remove button.
76 Proprietary: Not for use or disclosure outside McAfee without written permission. November 2012
Email Protection Administrator Guide Email Authentication
Note: All entries are removed when clicking the button Remove All.
More Options
• Regardless of Sender Domain – From the drop-down lists, select the appropriate
SPF action (Deliver, Deny, Tag Subject) for the following criteria:
• when SPF is available but validation fails
• when SPF is not available
• when SPF is available and validation succeeds
Note: When the action is tag subject, tags are applied to the end of the subject. The tags are:
WARNING: SPF validation failed, SPF verified, WARNING: SPF validation unavailable .
• Upload Enforced SPF List (appends to existing list): – To Upload a file with a
predefined list, click the Upload Browse button. After you select the file and it's path
appears in the text field, click the Upload button. The contents are added to the Add
Domain box above.
• Download Enforced SPF List (be sure to save changes first): – To Download a
domain list in a csv file, click the Download button, select the list you wish to
download and click Save.
NOTE: If the default list changes, your subscription to the default is updated to reflect
those changes.
Enforced DKIM
DomainKeys Identified Mail (DKIM) is part of the Email Authentication suite designed to
verify the email sender and the message integrity. The DomainKeys specification has
adopted aspects of Identified Internet Mail to create an enhanced protocol called
DomainKeys Identified Mail.
November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission 77
Email Authentication Email Protection Administrator Guide
Create a DKIM Domain
Complete the following information to implement a DKIM domain.
Add Domain To enter values for the DKIM domain li
st, enter the full address of the sender
domain and/or sub-domain, or use part of the domain using wildcards. Specifying a sender
domain does not automatically include any sub-domains of that domain. The following list
demonstrates different examples of entries using a wildcard (*).
•*.example.com
xample.*
•e
• mysubdomain.*.*
• subdomain.*.example.com
If the sub-domain is not going to be entered usi
ng the wildcard character, the sub-domain
must be explicitly defined.
1 Click the Add » button. The value is added to the list box.
Note: The maximum number of values allowed in the Add Domain list is 1500. This limit is
defined at the system level. Any duplicate or invalid values are discarded automatically.
2 To remove a value from the list, select it in the list box and click the « Remove button.
Note: To select more than one value from the list, press Ctrl on your keyboard, click each entry
you want to remove, and then click the « Remove button.
Note: All entries are removed when clicking the button Remove All
More Options
Regardless of Sender Domain From the drop-down lists, select the appropriate DKIM
action (Deliver, Deny, Tag Subject) for the following criteria:
78 Proprietary: Not for use or disclosure outside McAfee without written permission. November 2012
Email Protection Administrator Guide Email Authentication
• when a DKIM signature is present but is not valid.
• when no DKIM signature is present.
• when a valid DKIM signature is present.
NOTE: When the action is tag subject, tags are applied to the end of the subject. The tags are:
WARNING: DKIM validation failed, DKIM verified, WARNING: DKIM validation unavailable.
Upload Enforced DKIM List (appends to existing list):
3 To Upload a file with a predefined list, click t
he Upload Browse button. After you
select the file and it's path appears in the text field, click the Upload button. The
contents are added to the Add Domain box above.
Download Enforced DKIM List (be
4 To Download a domain list in a csv file, click the Download
sure to save changes first):
button, select the list you
wish to download and click Save.
5 Click the Save button to save your information.
By checking the Subscribe to Default Inbound
policy Enforced DKIM list subscription,
you will be adding the appropriate Inbound/Outbound Default domain policy to your
customized Enforced DKIM domain list. The default list can be viewed by clicking the
corresponding Inbound Default selection under the Policies tab. This option is only
available in custom (non-default) policy sets.
NOTE: If the default list changes, your subscription to the default is updated to reflect those
changes.
Email Authentication Notifications tab
November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission 79
Define the Format and Text of Notifications to Users Email Protection Administrator Guide
Send Email Notifications
6 Check the box “Denied Delivery “regarding the heading “To the sender when a
message is” to notify the sender is unable to send their message due to an Email
Authentication violation.
7 Click Save
8 Check the box “Denied Delivery “regarding the heading “To the recipient when a
message is” to notify the recipient is unable to receive their message due to a Email
Authentication violation
9 Click Save
View your selection Click the Notifications Tab in the Policy Set window.
Define the Format and Text of
Notifications to Users
You can configure templates for the notification emails that are sent to the sender and/or
recipient when an email message is filtered for:
• Viruses
• Content
• Attachments
Default notification templates are provided for all the notification scenarios. You can
change these templates if you wish.
One notification email template is defined for each combination of the following:
• Filtering type — For viruses, content, or attachments
• Destination of the notification — Sender or recipient
• Email Action — Deny, strip, or quarantine
Variables within a Notification
Within the notification emails, variables automatically insert content from the system. For
example, the variable $(DATE) inserts the date when the notification email was sent.
Default variables already exist for the default notifications. If you want to use a different
variable, you must manually type the variable as shown below and the variables are casesensitive.
$(SUBJECT)
$(FROM)
80 Proprietary: Not for use or disclosure outside McAfee without written permission. November 2012
Inserts a variable that automatically indicates the subject of the email that
violated the policy.
Inserts a variable that automatically indicates the sender’s email address
(From: address) from the email that violated the policy. This variable
inserts the From: address that is displayed in the email.
Email Protection Administrator Guide Define the Format and Text of Notifica-
$(SENDER)
$(TO)
$(DATE)
$(REASON)
$(ACTION)
$(DOMAIN)
$(MSG_HEAD
ER)
$(SIZE)
$(POSTMAST
ER)
Inserts a variable that automatically indicates the sender’s email address
(From: address) from the email that violated the policy. This variable
inserts the SMTP envelope From: address received from the sending email
server.
Inserts a variable that automatically indicates the recipient’s email address
(To: address) from the email that violated the policy.
Inserts a variable that automatically indicates the date when the email was
received that violated the policy.
Inserts a variable that automatically indicates the reason why the email
violated the policy.
Inserts a variable that automatically indicates the action that was applied
to the email that violated the policy.
Inserts a variable that automatically indicates the domain that received the
email that violated the policy.
Inserts a variable that automatically indicates the email header information
from the email that violated the policy.
Inserts a variable that automatically indicates the size, including
attachments, of the email that violated the policy.
Inserts the contact email address configured for the domain.
The set of Notifications tabs includes the following subtabs:
• Notifications – Virus Notifications subtab (see window 1)
• Notifications – Content Notifications subtab
• Notifications – Attachment Notifications subtab
In addition, each subtab will have a separate Edit area for each of its notification
templates.
Because all the individual notification templates offer the same functionality, only one set
of subtabs in the Notifications tabs will be described to reduce redundancy. Be aware that
the same features are used to modify the remaining notification templates, the only
difference being the combinations of filter type, destinations, and email actions. Be sure to
modify the navigation and information accordingly.
Define the Format and Text of Virus
Notifications
1 Click Email Protection | Policies.
2 Select the policy you want to change.
3 Click Notifications.
The Notifications: Virus window is displayed.
November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission 81
Define the Format and Text of Notifications to Users Email Protection Administrator Guide
4 Click on a notification in the Virus Notifications box.
5 Either double-click on a subject or highlight a subject and click Edit.
The Edit section of the window is displayed.
6 Change, if desired, the text or variables in any or all of the following fields:
From Designates what email address is listed as the From: address in the
notification email. Optionally, you can type variables that insert system
information into this content.
Reply-To Designates what email address is used
email clicks the Reply button in his/her email application. Optionally, you
can type variables that insert system information into this content.
Subject Type the text to be used as the subject
Optionally, you can type variables that insert system information into this
content.
Body Type the text to be used as the body text for the notification email
plate. Optionally, you can type variables that insert system information
tem
into this content.
82 Proprietary: Not for use or disclosure outside McAfee without written permission. November 2012
if the recipient of the notification
for the notification email template.
Email Protection Administrator Guide Define the Format and Text of Notifica-
7 Click Save.
Define the Format and Text of Content
Violation Notifications
1 Click Email Protection | Policies.
2 Select the policy you want to change.
3 Click Notifications.
The Virus Notifications window is displayed.
4 Click Content.
The Content Notifications window is displayed.
5 Click on a notification in the Content Notifications box.
6 Either double-click on a subject or highlight a subject and click Edit.
The Edit section of the window is displayed.
7 Change, if desired, the text or variables in any or all of the following fields:
From Designates what email address is listed as the From: address in the
Reply-To Designates what email address is used if the recipient of the notification
Subject Type the text to be used as the subject for the notification email template.
November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission 83
notification email. Optionally, you can type variables that insert system
information into this content.
email clicks the Reply button in his/her email application. Optionally, you
can type variables that insert system information into this content.
Optionally, you can type variables that insert system information into this
content.
Define the Format and Text of Notifications to Users Email Protection Administrator Guide
Body Type the text to be used as the body text for the notification email
template. Optionally, you can type variables that insert system information
into this content.
8 Click Save.
Define the Format and Text of Attachment
Violation Notifications
1 Click Email Protection | Policies.
2 Select the policy you want to change.
3 Click Notifications.
The Virus Notifications window is displayed.
4 Click Attachment.
The Attachment Notifications window is displayed.
5 Click on a notification in the Attachment Notifications box.
6 Either double-click on a subject or highlight a subject and click Edit.
The Edit section of the window is displayed.
7 Change, if desired, the text or variables in any or all of the following fields:
From Designates what email address is listed as the From: address in the
notification email. Optionally, you can type variables that insert system
information into this content.
Reply-To Designates what email address is used if the recipient of the notification
84 Proprietary: Not for use or disclosure outside McAfee without written permission. November 2012
email clicks the Reply button in his/her email application. Optionally, you
can type variables that insert system information into this content.
Email Protection Administrator Guide Define the Format and Text of Notifica-
Subject Type the text to be used as the subject for the notification email template.
Optionally, you can type variables that insert system information into this
content.
Body Type the text to be used as the body text for the notification email
plate. Optionally, you can type variables that insert system information
tem
into this content.
8 Click Save.
Email Authentication
The Notifications | Email Authentication subtab allows you to configure a template of
how the notification email will appear that is sent to the sender and/or recipient.
Within the notification emails, there
are available variables that will automatically insert
content from the system. For example, the variable $(DATE) will insert the date when the
notification email was sent. You must manually type the variables as shown below and the
variables are case-sensitive.
9 Highlight the message you wish to review and Click Edit to launch the edit template.
Variables within the template include:
$(SUBJECT) – The Subject field is blank because the message was blocked before the
email content
message, edit the Subject: field, otherwise the Subject appears as: 'Delivery Notification
had been sent. If you wish to have a Subject value for the Notification
'.
$(FROM) – Inserts a variable that automatic
(From: address) from the email that violated the policy. This variable inserts the From:
address that is displayed in the email.
$(SENDER) – Inserts a variable that automatically
(From: address) from the email that violated the policy. This variable inserts the SMTP
envelope From: address received from the sending email server.
$(TO) – Inserts a variable that automatically indica
address) from the email that violated the policy.
November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission 85
ally indicates the sender's email address
indicates the sender's email address
tes the recipient's email address (To:
Define the Format and Text of Notifications to Users Email Protection Administrator Guide
$(DATE) – Inserts a variable that automatically indicates the date when the email was
received that violated the policy.
$(REASON) – Inserts a variable that automatically indicates
the reason why the email
violated the policy.
$(ACTION) – Inserts a variable that automatically
indicates the action that was applied to
the email that violated the policy.
$(DOMAIN) – Inserts a variable
that automatically indicates the Domain that received
the email that violated the policy.
$(POSTMASTER) – Inserts postmaster (ex. postmaster@domain.com) email address
for
the Domain.
Variable syntax requires $({name_of_variable
}), where {name_of_variable} is replaced
with the predefined variable name (without the curly brackets).
Email Authentication Subject Headers
As mentioned, the Subject field in the Email Authentication Email Subject Line, the Email
Authentication Email Header, and the Email Authentication Notification Message Body
will not contain Subject data since the email was denied and no data was retrieved.
The following examples demonstrate the Subject Field
displaying Delivery Notification. Again, this is because the $(SUBJECT) variable is an
empty variable.
Email Subject Line
or Subject Notification only
86 Proprietary: Not for use or disclosure outside McAfee without written permission. November 2012
Email Protection Administrator Guide Disaster Recovery
Email Subject Header
Email Authentication Notification Subject Header Response
Disaster Recovery
Disaster Recovery allows you to specify what actions to take when email cannot be
delivered. There are three available options:
• Defer to domain-based Email Continuity access control configured under Disaster
Recovery Setup
Select this option to use the configuration settings from the Disaster Recovery Setup
window.
• Allow users to use the Email Continuity webmail client
Select this option to allow users to use the Email Continuity webmail client when
email cannot be delivered.
• Do not allow users to use the Email Continuity webmail client
Select this option if you do not wish to allow users to use the Email Continuity
webmail client when email cannot be delivered.
November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission 87
Assign a Group to the Custom Policy Email Protection Administrator Guide
Assign a Group to the Custom Policy
To perform this task, you must first create the group of users who are to be assigned to the
policy. See “Managing Groups” in Account Management Administrator Guide.
1 Click Email Protection |
2 Select the custom policy to which
3 Click Group Subscriptions.
The Policy Configuration Groups window is displayed.
4 Select the group you want to assign.
5 Click Ad
d.
Policies.
you want to assign a group.
88 Proprietary: Not for use or disclosure outside McAfee without written permission. November 2012
Email Protection Administrator Guide Create a Custom Outbound Policy
6. Customize Outbound Mail
Filters
You can customize the default outbound policy for any and each domain, or any and each
group, to fit your business needs.
Note: Outbound email i
lists for outbound email. You can, however, copy allow or deny lists from an existing
inbound policy.
s not filtered for spam. You also can not customize allow or deny
Create a Custom Outbound Policy
Important Note: It is assumed that all domains within an Enterprise Customer will have
the same package assigned to them. If some domains have different packages, unexpected
results may occur. when a policy is applied to a group in which members reside within
different domains.
1 Click Email
2 Click New.
The New Policy Set fields are displayed.
Protection | Policies | Outbound Policies link.
Field Description
Name Enter a name for the policy set you are creating. The
Description Enter a description of the new policy set.
November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission 89
name should reflect
the name or purpose for the group or groups that you will assign to the
policy.
Configure a Virus Filter Email Protection Administrator Guide
Direction From the drop-down menu, select the direction of email, outbound
SMTP, for which this policy will be configured.
Copy From From the drop-down menu, select an existing policy set whose settings
you want to copy to the new policy set. Most settings are copied based on
this selection. However, you must choose to copy some settings from the
existing policy separately by selecting the following fields.
Copy Sender
Allow List
Copy Sender Deny
List
Copy Recipient
Shield List
Copy ClickProtect
Allow List
Select to copy the Sender Allow list from the policy set selected in the
Copy From field.
Select to copy the Sender Deny list from the policy set selected in the
Copy From field.
Select to copy the Recipient Shield list from the policy set selected in the
Copy From field.
Select to copy the ClickProtect Allow list from the policy set selected in
the Copy From field.
3 Click Save.
The Policy Sets list is updated with the new policy. You can now modify the new
policy to meet your business needs.
Configure a Virus Filter
You configure a virus filter for outbound email in the same way as that for inbound email.
For more information, see
Configure a Virus Filter Policy
Configure a Content Filter
You can create a custom content filter for outbound email. You can only set up Content
Groups and Notifications. HTML Shield and ClickProtect are not available for outbound
email. You set up content groups and notifications in the same way as that for inbound
email. For more information, see
90 Proprietary: Not for use or disclosure outside McAfee without written permission. November 2012
Create a Custom Policy.
Email Protection Administrator Guide Configure a Content Filter
Email Encryption for Content Groups
Group Names
You are able to send regular email based on your selected policies but, you may also
encrypt messages for a specific Group Name under Content Groups if desired. Select the
group name you wish to encrypt, from the Action drop-down list select to have that Group
encrypted.
More Options
If a Customer or Domain subscribes to Email Encryption, t
used to enforce Email Encryption if the outbound message contains the word ‘[encrypt]’.
This word, [encrypt] can reside in the message Subject line or the body of the outbound
message.
This option can be found under Emai
Content |Content Groups.
l Protection | Policies | Outbound (default) |
hen selecting this option can be
November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission 91
Define an Attachment Filter Email Protection Administrator Guide
Define an Attachment Filter
You configure an attachment filter for outbound email in the same way as that for inbound
email. For more information, see
Define an Attachment Filter Policy.
Define the Format and Text of
Notifications to Users
You configure notifications for outbound email in the same way as that for inbound email.
For more information, see
Define the Format and Text of Notifications to Users Policy.
Assign a Group to the Custom Policy
You assign a group to a policy for outbound email in the same way as that for inbound
email. For more information, see
Disaster Recovery.
92 Proprietary: Not for use or disclosure outside McAfee without written permission. November 2012
Loading...