McAfee SMEFCE-AI-DA - Email Security Service Inbound Administration Manual

Brand: McAfee

Model: SMEFCE-AI-DA - Email Security Service Inbound

Category: Software

Type: Administration Manual

This manual is also suitable for

SaaS Email Protection

McAfee SaaS Email

Protection Administrator

Guide

Updated: November 2012

Proprietary and Confidential

RESTRICTION ON USE, PUBLICATION,

OR DISCLOSURE OF PROPRIETARY

INFORMATION.

This document contains information that is

proprietary and confidential to McAfee. No

part of this document may be reproduced,

stored in a retrieval system, or transmitted, in

any form or by any means (electronic,

mechanical, photocopying, recording, or oth-

erwise) without prior written permission

from McAfee. All copies of this document

are the sole property of McAfee and must be

returned promptly upon request.

McAfee, Inc.

9781 South Meridian Blvd., Suite 400

Englewood, CO 80112 USA

Direct +1 720-895-5700

Fax +1 720-895-5757

Email Protection Administrator Guide

November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission 2

Email Protection Administrator Guide

November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission iii

Contents

Overview.....................................................................................................................1

Differences in Administration for Service Providers ............................................1

Account Management Necessary for Email Protection ........................................1

MX Record Validation ...........................................................................................2

Alias Domain Names ............................................................................................2

Auto-creation of Users .............................................................................................2

Email Filtering Policies ............................................................................................2

Types of Inbound Email Filtering ..........................................................................3

Types of Outbound Email Filtering .......................................................................8

Configurable Actions for Filtered Email ................................................................8

User-level Policy Configurations ..........................................................................10

Quarantine ...............................................................................................................10

Customizing the Interface ......................................................................................11

Licensed Branding ..............................................................................................11

Language Localization ........................................................................................12

Outbound Disclaimer ..........................................................................................12

Notifications ........................................................................................................13

Monitoring and Reporting ......................................................................................13

Optional Utilities .....................................................................................................13

Spam Control for Outlook® ...............................................................................13

Disaster Recovery Services ...................................................................................14

Fail Safe .............................................................................................................14

Email Continuity ..................................................................................................14

Access Email Protection Administration 15

Email Protection Administrator Guide

November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission iv

Who Can Access Email Protection Administration windows .............................15

Other Documents You Might Need .......................................................................19

Email Protection Documents ..............................................................................19

Web Protection Service Documents ...................................................................20

Message Archiving Documents ..........................................................................20

User Guides ........................................................................................................20

Ensure You Can Receive Email from Your Service Provider .............................20

Log on to the Control Console ..............................................................................20

Reset Your Password from the log on window ...................................................21

Check the Status of Email Protection on the Overview 25

Set up Your Servers 29

Confirm Your Inbound Servers Setup .................................................................29

Set up Additional Inbound Servers .......................................................................29

Delete an Inbound Server ...................................................................................30

Add IP Address of Outbound Server, If Necessary .............................................31

Delete an Outbound Server ................................................................................32

Set up a Smart Host (If Outbound Mail Defense is Turned on) ..........................32

Add an Outbound Email Disclaimer ....................................................................32

Redirect Your MX Records ....................................................................................33

Check Your MX Record ..........................................................................................34

Set up User Creation Mode — SMTP Discovery or Explicit ................................36

Customize Inbound Mail Filters 39

Email Protection Administrator Guide

November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission v

Enterprise or Service Provider Customer ............................................................39

Create a Custom Policy (Enterprise Customer Only) ..........................................41

Configure a Virus Filter ..........................................................................................43

Set Email Protection to Notify Users about Emails with Viruses ........................44

Configure a Spam Filter .........................................................................................45

Define the Action to Take on Spam ....................................................................46

Define Additional Words That Indicate Spam .....................................................47

Set up Spam Quarantine Reports ......................................................................50

Configure a Content Filter .....................................................................................53

Turn Off a Default Content Filter ........................................................................55

Custom Content Group .......................................................................................56

Notify Users about Spam Content ......................................................................57

Configure a Filter for HTML, Java Script, ActiveX, and Spam Beacons .............58

Configure Web Hyperlink Filters (ClickProtect) ..................................................60

Define an Attachment Filter ...................................................................................62

Filter by Attachment File Types .........................................................................62

Filter by Attachment File Name ..........................................................................65

Filter Zip File Attachments ..................................................................................66

Notify Users about Attachment Violations ..........................................................67

Allow or Deny Email to or from Specific Addresses ...........................................68

Allow Email from a Specific Address ..................................................................69

Deny Email from a Specific Address .................................................................70

Deny Email to a Specific Recipient ....................................................................72

Save a Copy of an Allow, Deny, or Recipient Shield List ...................................73

Add Allow, Deny, or Recipient Shield Addresses with a Batch File ....................73

Email Authentication ..............................................................................................73

Transport Layer Security ....................................................................................73

Enforced SPF .....................................................................................................75

Define the Format and Text of Notifications to Users .........................................80

Variables within a Notification .............................................................................80

Define the Format and Text of Virus Notifications ..............................................81

Define the Format and Text of Content Violation Notifications ...........................83

Email Protection Administrator Guide

November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission vi

Define the Format and Text of Attachment Violation Notifications .....................84

Email Authentication ...........................................................................................85

Disaster Recovery ..................................................................................................87

Assign a Group to the Custom Policy ..................................................................88

Customize Outbound Mail Filters 89

Create a Custom Outbound Policy .......................................................................89

Configure a Virus Filter ..........................................................................................90

Configure a Content Filter .....................................................................................90

Email Encryption for Content Groups .................................................................91

Define an Attachment Filter ...................................................................................92

Define the Format and Text of Notifications to Users .........................................92

Assign a Group to the Custom Policy ..................................................................92

Managing Quarantine Reports 93

Set up Quarantine Reports ....................................................................................93

Monitor Users’ Quarantined Email ........................................................................93

Primary Email Addresses, Aliases, and Public Domain Addresses ....................94

Search for Quarantined Email ............................................................................94

Interpret the Search Results ...............................................................................95

Sort the Search Results ......................................................................................96

Delete Quarantined Messages ...........................................................................97

Release Quarantined Messages ........................................................................97

View Quarantines Messages ..............................................................................97

Monitor Your Own Quarantine ............................................................................99

Set up Disaster Recovery Services 101

Administer Disaster Recovery Services .............................................................101

Set up Spooling for Disaster Recovery .............................................................101

Set up Notifications of Disaster Recovery ........................................................102

User-Level Policy Configuration 103

System Reports 105

Email Protection Administrator Guide

November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission vii

Email Protection Reports .....................................................................................105

View an Email Protection Report ........................................................................106

Traffic Overview ................................................................................................107

Traffic: Enforced TLS Report ............................................................................109

Traffic: Encryption ................................................................................................110

Threats: Overview ............................................................................................111

Threats: Viruses ...............................................................................................113

Threats: Spam .......................................................................................................115

Threats: Content ...................................................................................................117

Threats: Attachments ...........................................................................................119

Enforced TLS: Details ..........................................................................................121

Enforced SPF Report ............................................................................................122

ClickProtect: Overview .........................................................................................123

ClickProtect: Click Log ........................................................................................125

Quarantine: Release Overview ............................................................................126

Quarantine: Release Log .....................................................................................128

View Details of Log Items ....................................................................................130

User Activity ..........................................................................................................131

Event Log ..............................................................................................................133

Audit Trail ..............................................................................................................134

Inbound Server Connections ...............................................................................135

Disaster Recovery: Overview ..............................................................................137

Disaster Recovery: Event Log .............................................................................138

Email Protection Administrator Guide

November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission viii

Administer MSP Connector .................................................................................139

Configure the MSP Connection ........................................................................139

Add Domains to the MSP Connection ..............................................................141

Turn on Exception Notifications for the MSP Connection .................................142

View an MSP Connector Audit Report .............................................................143

Administer Performance Reports .......................................................................147

Performance Report Descriptions ....................................................................148

Tips and Frequently Asked Questions 153

FAQs ................................................................................................................153

Tips/Techniques ...............................................................................................159

Email Protection Administrator Guide Differences in Administration for Service

November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission 1

1. Overview

McAfee

Saas Email Protection provides security services that safeguard corporations

from unsolicited spam email (junk mail), viruses, worms, and unwanted content at the

network perimeter before they can enter the internal network.

Multiple layers of McAfee Saas Email Protection provide secure and complete email

filtering to protect your users. You can enable or disable specific layers by changing the

licensed packages of features and/or through configuring the specific email policies in the

Control Console, the comprehensive graphical interface into McAfee Saas Email

Protection.

This document describes the tasks necessary to configure and maintain your McAfee Saas

Email Protection.

Differences in Administration for

Service Providers

This document is for use by Enterprise customers only. Service Provider customers do not

administer groups for Email Protection and therefore, do not assign groups to email

filtering policies. Instead, Service Provider customers assign policies directly to domains.

The capabilities for managing policies and groups, as described in this document, apply

only to Enterprise customers.

Account Management Necessary for

Email Protection

Account Management is a set of administrative windows you use to configure and manage

the entities that use or are affected by Email Protection (Email Protection), as well as the

Web Protection Service (WDS) and Message Archiving products. These entities include:

• Domains

•Users

• Other administrators, including other Customer Administrators, Domain

Administrators, Quarantine Managers, and Reports Managers

In addition, for Email Protection only, you use Account Management to administer groups

of users that share a common email filtering policy.

For more information, see Account Management Administrator Guide.

Auto-creation of Users Email Protection Administrator Guide

2 Proprietary: Not for use or disclosure outside McAfee without written permission. November 2012

MX Record Validation

You can validate that the MX Records that are configured for your domain are properly

redirected by entering the specific DNS and/or IP address for your MTA server. The

Control Console displays the MX Record configuration as reported by the authoritative

DNS server.

See Check Your MX Record.

Alias Domain Names

You can configure alias domain names that act as virtual domains using the configurations

and email addresses defined in the primary Domain name. Email addresses are created

automatically for alias domains (for example, jsmith@yourcompanyalias.com is

automatically created for jsmith@yourcompany.com), allowing the single user to receive

email for both addresses.

For more information, see Account Management Administrator Guide.

Auto-creation of Users

The Email Protection automatically creates new user accounts if all the following is true:

• SMTP Discovery is enabled. SMTP Discovery, which is enabled by default, is a

convenient way to add users to your service. However, this capability might also add

users who are not real users at your company and not add users who are real.

• SMTP discovery creates users that receive eight valid emails within a 24 hour period.

• A user account does not exist for the email address in the designated Domain.

• The emails were not addressed to an alias domain name.

For more information, see Set up User Creation Mode — SMTP Discovery or Explicit.

Email Filtering Policies

Email Protection has default inbound and outbound mail filters to block and clean

malicious email and to quarantine email that might be malicious. The filters are

configured by using policies, which are the parameters for the filters default policies are

automatically assigned to each of your domains.

You can customize the default inbound policy for any and each domain, or any and each

group, to fit your business Email Protection.

For more information, see Customize Inbound Mail Filters.

Email Protection Administrator Guide Email Filtering Policies

November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission 3

Types of Inbound Email Filtering

Email Protection can filter both inbound and outbound email. Inbound filtering that is

available to be configured is as follows:

• Anti-Spam Filtering

• Real-time Blackhole List

• Anti-Virus Filter

• Content Filtering and ClickProtect

• Attachment Filtering

• Multi-Level Allow and Deny Lists

Anti-Spam Filtering

Spam is usually defined as unsolicited (and usually unwanted) and commercial email sent

to a large number of addresses. However, what one recipient may consider as spam,

another recipient would consider as legitimate email.

In addition, spam has become a tool of hackers and electronic terrorists who deliberately

attempt to gather proprietary information from computer systems and/or attempt to cause

harm to a company’s email system. Typically, these types of spammers deliberately use

naming standards, hijacked From: addresses, scrambled content, etc., to bypass spam

filters such as blacklists and keyword lists.

Using Stacked Classification Framework

, Email Protection provides the most

comprehensive and effective spam-blocking product on the market today—blocking 98%

of spam and providing an industry-leading low false positive rate (legitimate email

marked as spam).

The Stacked Classification Framework aggregates the most effective spam filters and

techniques in the industry into a spam likelihood. As appropriate, email is assigned a high

or medium likelihood of being spam. A separate email action can be assigned to each

likelihood.

The spam classification techniques include the following:

Spam FilterType Description

IP Reputation

Connection Manager

This filter operates at the front of the Stacked Classification

Framework. It rates the reputation of every incoming email, based

on IP reputation data collected by your Email Protection provider

on an on-going basis. Connections are dropped for all messages

which originate from IP addresses that are determined to carry a

reputation for sending spam.

Bayesian Statistical

Filtering

Statistical algorithms built by your Email Protection provider

identify and quantify the possibility that an email is spam based on

how often elements in that email have appeared in identified spam

emails.

Email Filtering Policies Email Protection Administrator Guide

4 Proprietary: Not for use or disclosure outside McAfee without written permission. November 2012

Real-time Blackhole List

The Real-time Blackhole List (RBL) is a system for creating intentional network outages

(blackholes) for the purpose of limiting the transport of known-to-be-unwanted mass

email. The RBL is a database of IP addresses that are reported to be spam sources.

Industry Heuristics Email Protection incorporates thousands of successful industry-

wide spam-fighting rules to recognize characteristics of spam.

Proprietary Heuristics Email Protection experts write and update thousands of proprietary

rules to block spam, including fraudulent phishing spam, using

real-time data from your service provider’s Threat Center.

URL Filtering URL filtering works by comparing embedded links found in emails

with URLs associated with identified spam.

Reputation Analysis Email Protection constantly monitors inbound email to build a list

of IP addresses and domain names to rate the reputation of the

sender based upon the percentage of spam emails received from

that address in the past.

Reputation-Based RBL

Filtering

Using up to 31 real-time blackhole lists (RBLs) of known

spammers provided by the industry, Email Protection creates a

single RBL indicator to help gauge the likelihood of an email being

sent by a known spammer. By using multiple black lists to create a

single vote and by rating the reputation of each RBL based on its

accuracy at distinguishing spammers from senders of legitimate

email helps to minimize the possibility of a non-spammer being

blocked by mistake.

Sender Policy

Framework (SPF)

The SPF classifier helps identify and block fraudulent spoofing

emails – those sent by spammers with forged “From” addresses –

from entering your email network. For each inbound email, the SPF

classifier will look up the sending domain’s Domain Naming

System (DNS) record and its list of authorized IP addresses.

Emails that carry an IP address not found on the authorized list will

be included within the Stacked Framework Classification System

for the detection of spam. By determining whether or not the

relationship between the DNS record and the IP address is

legitimate, Email Protection is able to more accurately filter out

fraudulent spoofed emails. As a result, Email Protection reduces

risk for users who might be duped by the email into divulging

confidential personal information.

Spam FilterType Description

Email Protection Administrator Guide Email Filtering Policies

November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission 5

Anti-Virus Filter

Email Protection provides highly effective, organization-wide virus and worm protection.

By identifying viruses and worms at your network perimeter—before they enter or leave

your messaging infrastructure— Email Protection minimizes outbreak and infection risks

to your enterprise messaging infrastructure. You can configure whether infected emails are

quarantined, denied, or stripped of infection.

• Provides maximum protection using multiple, industry-leading anti-virus engines to

allow Email Protection to customize the protection to meet the latest threats.

• Virus definition updates every 5 minutes provide up-to-the-minute defense against the

latest threats.

• Provides safe, external virus scanning and quarantine management for protection

against viruses before they reach your network. Protects your users, networks, and

data from harm

Content Filtering and ClickProtect

Email Protection protects your organization and reduces liability and risk by automatically

identifying unwanted and malicious content before it enters or leaves your network.

You can enable any of the following types of content filtering:

Content Filter Type Description

Predefined Content

Keyword Groups

You can enable or disable predefined content keyword groups

provided by Email Protection:

•Profanity

• Sexual Overtones

• Racially Insensitive

Customized Content

Keyword Groups

You can define customized content keyword groups containing

terms and phrases to satisfy the business and security Email

Protection of your organization.

Multiple Levels of

HTML Filtering

You can designate the level of HTML filtering to be used (low,

medium, or high), with predefined actions for each level.

Depending on the level, malicious HTML tags and scripting

options embedded in email are stripped.

Graphic Image

Replacement

You can enable or disable the automatic replacement of images

with a transparent 1x1 pixel GIF within HTML emails.

Email Filtering Policies Email Protection Administrator Guide

6 Proprietary: Not for use or disclosure outside McAfee without written permission. November 2012

Attachment Filtering

Email Protection provides you the ability to control the types and sizes of allowed

attachments entering your email network. You can control attachment filtering using any

of the following:

Attachment Filter

Type

Description

Attachment Filtering

File Type

You can enable or disable filtering of attachments by file type. File

type is determined using the file extension, MIME content type,

and binary composition.

Attachment Filtering

Size

You can designate a maximum allowed size for each enabled

attachment type.

Custom Attachment

Rules by

Filename

You can configure custom rules using filenames that override the

global settings for an attachment file type. You can designate that

the rule use the entire filename or any part of the filename.

Filtering for Files

Cont

ained within a Zip

File Attachment

You can configure custom rules to cause Email Protection to

analyze the files within a zip file attachment, if possible, to

determine if a file in the zip file violates attachment policies. If the

zip file cannot be analyzed, you can designate the email action to

be applied.

Encrypted or “High

Risk” Zip

File

Attachment Rules

You can configure custom rules for emails with encrypted zip files

and/or zip files that are considered high risk (too large, too many

nested levels, etc.).

Stripping of Spam

Beacons or

Web bugs

Spam beacons and web bugs are typically transparent, 1x1 pixel

graphics embedded in HTML content that send information about

your system to the source (usually a URL) of the spam beacon or

web bug. Typically, web bugs are used on Web sites to monitor

surfing behavior, but now spammers are hiding them in their mass

mailings as spam beacons. If the graphic is not removed before an

email is opened, the spam beacon sends a signal back to the

spammer’s URL that lets the spammer know whether the email

was opened and if the recipient’s email address is valid. If the

spammer gets this signal, the recipient is marked as a valid email

address and is guaranteed to receive more spam in the future.

You can enable or disable the auto

matic stripping of spam beacons

or Web bugs within HTML emails.

Disabling hyperlinks

within email

with

ClickProtect

allows you to monitor and disable or enable whether

Web hyperlinks received in emails can be clicked and followed by

the user. With multiple levels of ClickProtect policy control,

Administrators can customize the desired level of protection. This

feature supports blocking phishing sites and accidental downloads

of viruses and worms.

Content Filter Type Description

Email Protection Administrator Guide Email Filtering Policies

November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission 7

Multi-Level Allow and Deny Lists

Email Protection allows you to define lists of emails that will always be denied (blacklists)

or will always be accepted (whitelists) at multiple levels. In addition, you can enable third-

party Real-time Blackhole List to be used to filter unwanted emails.

The administrator-level lists override the user-level lists in a top-down manner: global lists

first, policy set lists next, and lastly user-level lists. For example, if the same address is

added to a user-level Allow list and the policy set Deny list, the address is always denied.

At the same level, the Allow list overrides the Deny list. For example, if you designate a

range of email addresses (for example, by designating an entire domain) in the Deny list,

but then designate a single email address from that domain in the Allow list, the email

from that single address will be always accepted while the email from any other address in

the domain in the Deny list will be always denied.

The same address string cannot be added multiple times in the same list or added to both

the Allow and Deny lists.

Be aware that emails that have been quarantined by Email Protection may not need to be

added to Deny lists because they are already being blocked from entering your email

network.

Following are the types of Allow and Deny lists that are available in Email Protection:

Allow/Deny List

Type

Description

Global Deny List If your Email Protection provider determines that a Sending

SMTP has sent too many invalid incoming emails within a

specified time period, it will add the IP address for that Sending

SMTP to a Global Deny List for a designated time period (default

is 2 hours). During the denial period, all emails received from that

Sending SMTP will be automatically denied. This process helps to

protect against dictionary harvest and Denial of Service attacks.

This process can be disabled at the system level.

Policy set-level

Sender Deny Lists

and Sender Allow

Lists

Sender Deny lists indicate sender addresses from which email is

denied automatically. Sender Allow lists indicate sender addresses

from which email is allowed without spam, content, or attachment

filtering (virus filtering is always enabled unless specifically

disabled).

You can designate a single email address, entire domains or IPs, or

use wildcards to designate ranges of addresses. Optionally, you

can save these lists to a spreadsheet file.

Each policy set affects the email filtering for all user accounts in

the groups that are subscribed to that policy set.

Email Filtering Policies Email Protection Administrator Guide

8 Proprietary: Not for use or disclosure outside McAfee without written permission. November 2012

Types of Outbound Email Filtering

You can add outbound filtering to each package, helping to ensure the safety and

appropriateness of information being sent from your corporate email system to valued

customers or business partners.

Filter Type Description

Content

Filtering

This feature automatically prevents inappropriate,

malicious, or

confidential content from leaving your corporate email system,

allowing you to monitor and enforce your corporate email

policies.

Attachment

Filtering

Outbound attachments can be filtered by size, by MIME content

type, or by

binary content, according to your corporate email

policies.

Virus

canning

Outbound virus scanning stops viruses and worms from leaving

your corporate email system, preventing your enterprise from

being the source of email-borne viruses to customers, suppliers,

and partners.

Configurable Actions for Filtered Email

In Email Protection, email filtering policies control how emails are filtered within a

specific Domain and how Email Protection will respond during email filtering and

reporting. Depending on the feature package that is licensed for a domain, specific email

filters will be available to be enabled and configured. Also, depending on the enabled

email filter, various actions must be configured that define how Email Protection will

respond if an email violates the specific filter policy.

User-level Deny Lists

and Allow Lists

Maintained by you and/or the user, Deny lists indicate sender

addresses from which email is denied automatically. Allow lists

indicate sender addresses from which email is allowed without

spam filtering (all other enabled filtering will be applied).

You can designate a single email address, entire domains or IPs, or

se wildcards to designate ranges of addresses. Optionally, you

can save these lists to a spreadsheet file.

These lists affect only the emails received for the designated user

account

and its alias addresses (user-level lists).

Recipient Shield List You can define a list of recipient em

ail addresses for which you

want to specify special email actions (for example, you want to

deny all emails for a user who is an ex-employee). You can also

specify the email action to take if the recipient email address is

invalid in your system (permfailed by your email server as an

invalid recipient).

Allow/Deny List

Description

Email Protection Administrator Guide Email Filtering Policies

November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission 9

Based on the defined policy configuration, each email that violated the specified policy

can have any of the following actions taken, depending on the type of policy:

Action Description

Quarantine The email is added to the respective quara

ntine area and is not sent to

the recipient email address. If the email violated a spam policy, the

email is reported in the user’s Spam Quarantine Report.

Tag The subject line of the email has a descri

ptive phrase (for example,

“[SPAM]”) added to the beginning of the subject text and the email is

sent to the recipient email address.

Deny Delivery The email is blocked automatically. Depending on the sending system’s

nfiguration, the email sender may or may not be notified with a 5xx

Deny email.

Do Nothing or Allow

elivery

The email is forwarded to the recipient email address with no

processing applied. The values in the reports and the

Overview

window will be incremented for the relevant email policy to indicate

that an email did trigger the specific policy.

Silent Copy A copy of the email is forwarded to a list of designated email address

with no notification to the sender or recipient.

Strip Attachment If the email had an attachment that vi

olated configured policies, this

action causes that attachment to be removed from the email and the

email is be sent to the recipient email address. Text is inserted into the

email notifying the recipient that an attachment has been stripped. Only

the attachment that violated the policy is stripped.

Clean If the email had an attachment that

contained a virus or worm, this

action attempts to remove the virus or worm and preserve the

attachment. If the clean is successful, text is inserted into the email

notifying the recipient that an attachment had contained a virus and

was cleaned. If this action is selected, a second fall-back action also

must be designated in case the Clean action fails. This action is specific

to the virus filtering policies.

Custom X-Header If the email was determined to have a high or medium likelihood of

being

spam, you can configure that a custom X-header be inserted into

the email. This X-header can be used by your email servers to perform

additional actions within your network, such as redirecting the email.

Each spam likelihood can have a different custom X-header. This

action is specific to the spam filtering policies.

Disable Filter A non-administrator user cannot disable virus filtering if it is licensed

and enabled

for a specific Domain or policy set. Only Administrators

can enable or disable virus filtering for a specific Domain or policy set.

You can designate that Email Protection first attempts to remove the

virus

from an infected attachment, and if the clean fails, perform

another action. You can designate that only the infected attachment is

stripped. and the remaining email contents and attachments are sent to

the recipient.

User-level Policy Configurations Email Protection Administrator Guide

10 Proprietary: Not for use or disclosure outside McAfee without written permission. November 2012

Notifications for Filtered Email

You can enable or disable email notifications to the sender and/or recipient email

addresses of email that was filtered because of virus, content keywords, or attachment.

For more information, see one of the following:

• Set Email Protection to Notify Users about Emails with Viruses

• Notify Users about Spam Content

• Notify Users about Attachment Violations

User-level Policy Configurations

By default, policy configurations are defined for each domain and group. All emails

received for all user accounts within a domain or group are processed using the same

policy configurations.

Optionally, user-level policy configurations can be defined for individual users that

override the Domain/Group policies. Thus, if there is a conflict between a user-level

policy and any of the other types of policy configurations, the user-level policy setting will

be used. These user-level policy configurations allow customization of email actions for

each user.

User-level policies are confined to the following policies:

• Enable or disable email processing for spam, virus, content keyword, attachments,

and/or HTML content.

• Specify actions to take for emails if they are determined to have a high or medium

likelihood of being spam.

• Configure the spam quarantine reporting

To manage the policy for an individual user, see User-Level Policy Configuration.

To establish user control of policies, see Set up Spam Quarantine Reports.

User also can have some control over their policies.

Quarantine

Email Protection provides multiple quarantine areas with different security accesses to

store and support review of suspect email outside of your email network.

Emails that violate configured policies and that have the Quarantine action applied are

sorted into multiple quarantines to ease email management and support security levels:

• Spam Quarantined Messages – Accessible to all users, with users with role of User or

Reports Manager allowed to access only their own personal spam quarantine

Email Protection Administrator Guide Customizing the Interface

November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission 11

• Virus Quarantined Messages – Accessible to only Administrators and Quarantine

Managers

• Attachment Quarantined Messages – Accessible to only Administrators and

Quarantine Managers

• Content Keyword Quarantined Messages – Accessible to only Administrators and

Quarantine Managers

Within each quarantine, you can do any of the following:

• Delete selected emails or all emails

• Release selected emails or all emails for delivery to the recipient

• View selected email in a Safe View window

• Add the sender email addresses to the recipients’ user-level Allow list and release the

emails (available only for quarantined spam emails)

Emailed Reports of Quarantined Spam Emails

Optionally, emails are sent to users to indicate that spam emails that have been

quarantined, using either of the following types of emails:

• Spam Quarantine Report

Spam Quarantine Reports are HTML-based email notifications of quarantined spam

emails that sent to users. Multiple links in the Reports allow management of

quarantined spam email based on policy set-level and user-level configurable control

settings. When the user clicks a link, the designated action is performed and the user is

automatically logged into the Control Console.

• Spam Quarantine Summary

Spam Quarantine Summaries are optional text-based email notifications of

quarantined spam email sent to users, to support email applications that are not

HTML-compatible. The user clicks the link provided in the email and is automatically

logged into the Control Console. Once logged in, the user can navigate to the relevant

window to manage the spam quarantine and modify personal settings.

Customizing the Interface

Licensed Branding

There are multiple branding levels that control the appearance and URL addresses used

within the Control Console and Spam Quarantine Reports and Summaries:

• Standard – Branding uses images and addresses provided by your service provider.

• Private – You control the images and addresses.

• Cobrand – Branding uses images provided by you and your service provider., and

addresses provided by you.

• White Label – Branding uses no identifying images and uses addresses provided by

you.

Customizing the Interface Email Protection Administrator Guide

12 Proprietary: Not for use or disclosure outside McAfee without written permission. November 2012

Branding levels other than Standard must be licensed separately.

For more information, see Rebrand Your User Interface in Account Management

Administrator Guide.

Language Localization

Within the Control Console, windows and features available to the non-administrative

user (whose role is User) can be provided in translated form supporting multiple

languages. When the user logs in via the log on window, he or she can select the desired

language in the Language field. Thereafter, all spam quarantine reporting emails and

window and field labels will be provided in the designated language.

The following languages are supported:

• Brazilian Portuguese

• Chinese Simplified

• Chinese Traditional

•Danish

•Dutch

• English

•Finnish

•French

•German

• Italian

• Japanese

• Korean

• Norwegian

• Portuguese

• Russian

• Spanish

•Swedish

•Turkish

This feature is available only to non-administrative user accounts. This feature must be

enabled at the system level to be available.

As a Customer Administrator, you can set the language for a user on the user’s Preferences

window. See Set User Display Preferences, Including Your Own in Account Management

Administrator Guide.

Outbound Disclaimer

You can define text that will be appended to the email content to support liability or legal

requirements for your organization. Every email that was sent from your organization to

Email Protection for email filtering will have the designated text added to the end of the

email content. This feature requires that outbound filtering be licensed.

Page is loading ...

McAfee SMEFCE-AI-DA - Email Security Service Inbound Administration Manual

Brand: McAfee

Model: SMEFCE-AI-DA - Email Security Service Inbound

Category: Software

Type: Administration Manual

This manual is also suitable for

SaaS Email Protection

Download PDF

report

McAfee SMEFCE-AI-DA - Email Security Service Inbound Administration Manual

This manual is also suitable for

McAfee SMEFCE-AI-DA - Email Security Service Inbound Administration Manual

Related papers

Other documents