Important: The features described in this article are available only as a part of the Email Protection + DLP package. See details on how to change your package here.
DLP stands for Data Loss Prevention. This part of Outbound Email Filtering will help you to control the messages sent from users on the account to external recipients by filtering the content of the outbound emails. You can set up filtering rules by creating content filters on your Outbound Email Policy.
With Email Protection + DLP package, you'll be able to manage:
- Outbound policies
- Spam settings
- Content filters
- Blocked Recipients Management
- Safe Recipients Management
- Bypassing individual checks
- Notifications to senders
- Domain Key Identified Mail
- Domain-based Message Authentication, Reporting & Conformance
To modify your default Outbound policy, log into CONTROL PANEL > Services > Email Protection > Outbound policies > Default policy. You can also create additional policies and set the priority for them. If multiple policies apply to a mailbox, the policy with the highest priority will be applied.
The default outbound policy cannot be removed. Outbound policies can be assigned to domains, Distribution Lists, mailboxes, Resource Mailboxes but not to Public Folders.
To define spam settings, navigate to Email Protection > Outbound policies > select the policy > Spam. There are three actions that can be used against Certain spam and Probable spam:
- Permanently delete
- Move to Admin quarantine
- Deliver to Recipient
- Deliver to Recipient with tag
Read about Outbound Admin Quarantine Management for more information.
To add or remove contact filters, navigate to Email Protection > Outbound policies > select the policy > Content filters.
There are some predefined filters such as Credit Cards Number and Social Security Number which can be enabled. If multiple filters are applied to one policy, all actions associated with them will be employed. E.g. if a message matches both Credit Cards Number and Social Security Number filters which trigger Deliver to recipient and Move to Admin quarantine actions, the message will be sent both to the recipient and Admin quarantine.
To restrict users to email particular recipients, navigate to CONTROL PANEL > Services > Email Protection > Outbound policies > select the policy > Blocked Recipients.
You can add an email address or domain of the recipient you want to block.
You can enter blocked recipients manually or import list from .TXT file:
- The file should have .TXT extension.
- Entries must be separated by commas, semicolons, spaces or lines.
Emails that match any of the blocked recipients will be dropped.
Safe Recipients Management
To manage safe recipients, navigate to Inbound Policy > select the policy > Safe Recipients.
You can add an email address or domain of the recipient you want to whitelist.
You can manage the bypassed checks for every recipient. To select which checks will be bypassed for an individual Safe Recipient, click Manage next to the required entry.
The following checks can be bypassed:
- Dangerous attachment
- Emails that have no checks to be bypassed will go through all checks as normal.
- If email triggers more than 1 safe recipient, all the bypass checks will be applied accordingly. For example: Safe Recipient email@example.com has Spam and Dangerous attachment checks bypassed. And Safe Recipient domain.com has Virus check bypassed. An email is coming from firstname.lastname@example.org. The email triggers both Safe Recipients entries. The email will bypass: Spam, Dangerous attachment and Virus checks.
Bulk import of Safe Recipients
You can enter safe recipients manually or import list from file. Safe recipients can be imported in bulk in two ways:
1) Via .TXT file – it will import recipients with default bypass settings. Entries must be separated by lines only.
2) Via .CSV file – it will import recipients with the specified bypassed checks, where 1 - check is bypassed, 0 - check is NOT bypassed. Each recipient entry must be on a separate line with their bypass settings separated by commas. Headers with the bypassed checks names must be valid.
Note: Please use TXT and CSV templates to make sure the data is properly uploaded.
||New entries||Matching entries||Missing entries|
|Import and Merge||will be added with the default checks||will be kept with their current checks||will be kept with their current checks|
|Import and Overwrite||will be added with the default checks||will be rewritten with the default checks||will be removed|
||Recipients and their bypass settings
||Import and Merge||will be added with the bypassed checks from the file. If check column is missing from the file – default values will be applied||will be kept, but their bypassed checks will be re-written with the checks from the file. If check column is missing from the file – current value will be kept||will be kept with their current bypassed checks|
|Import and Overwrite||will be added with the bypassed checks from the file. If check column is missing from the file – default values will be applied||will be kept, but their bypassed checks will be re-written with the checks from the file. If check column is missing from the file – default values will be applied||will be removed|
Note: you can use this option to change bypassed checks for all Recipients in bulk. For example, to bypass Marketing check for all recipients instead of Dangerous attachment check, you need to set 1 in the Bypass Marketing column and leave Dangerous attachment column and other columns with 0.
You will see these notification signs if the same sender is added to both Blocked Recipients and Safe Recipients lists simultaneously.
Note: Safe Recipients list overrides Blocked Recipients list. A recipient added to both lists will be considered as safe.
To manage or view attachment settings, navigate to CONTROL PANEL > Services > Email Protection > Outbound policies > select the policy > Attachments. You can select one action to apply to a message containing a dangerous attachment: either Drop it or Move to Admin quarantine.
To modify the list of attachments which are classified as dangerous, select a checkbox next to the file type and save changes.
You can specify file types which should be considered as dangerous even if their file type group is NOT selected in Dangerous attachments section.
Note: press space bar after you entered file type to finish editing.
For example, MS PowerPoint group is not selected, but if we add .ppt file type, it will be blocked, though other MS PowerPoint file types such as .pps, .ppsx etc. won't be blocked.
You can specify file types which should be considered as safe even if their file type group IS selected in Dangerous attachments section.
Note: press space bar after you entered file type to finish editing.
For example, Executables group is selected, but if we add .reg file type here, it won't be blocked, though other executable files such as .exe, .scr etc. will be blocked.
To let the senders know that their message was rejected by Outbound filter, you can enable notifications via the Notifications tab.
The notification will be sent if one of the following conditions are matched:
- a message was considered as spam
- a message contained dangerous attachments
- a message had 'not safe' content
- a message was sent to a blocked recipient
- a message contained a virus
This authentication technology allows senders to “sign” a message to prove it really did come from them. Once DKIM signing has been enabled for a domain, all outbound email messages from that domain will be signed using the current DKIM key.
Read the Knowledge Base article on Domain Keys Identified Mail (DKIM) with Outbound Email Filtering for more information.
Important: DMARC is not supported in Smarsh Hosted Services environment.
You can find some information on what DMARC is here: https://dmarc.org/