To provide an outstanding level of protection against known and emerging email threats, Email Protection uses a combination of complementary technologies, including multiple industry-leading email security engines.
First, messages are assessed and categorized according to the collective results of all checks and then routing actions are applied according to policy configuration.
All messages processed by Email Protection receives one of the following primary categories:
- Certain Spam: The message was classified as SPAM with high certainty.
- Probable Spam: The message was classified as SPAM with less certainty.
Note: you can adjust the sensitivity level of this category to be more aggressive, relaxed, or moderate. Read the KB article Email Protection: Message Routing for more information.
- Virus: One or more engine determined the message to contain a virus or other malware.
Note: all emails with viruses are delivered to the Admin Quarantine by default and must be manually released if needed.
- Legitimate: The message was not classified as spam and did not contain malware. The message will be still subjected to additional checks and additional categories may be applied.
- Error: Email Protection encountered an irrevocable error during the scanning process. All messages with this category are delivered to the Admin Quarantine.
- Uncategorized: Engine scanning was not performed, and the message will not be subjected to any additional processing. Messages sent from Blocked Senders will receive this category and will be dropped.
Note: it is not possible to retrieve messages that got dropped. The sender will have to re-send them.
Depending on the Email Protection policy settings, other checks may be run and the message may receive one or more of the following additional categories:
- Dangerous Attachment
- Failed Authentication
- Error – this will be accompanied with an error reason attribute
- Content (for outbound emails only)
Messages from Safe Senders will still be scanned by the Email Protection engines, however, any actions will not be taken for checks that are bypassed.
- By default, only the spam and marketing actions are bypassed for Safe Senders. This can be adjusted for each sender depending on the security risk associated with the sender
- Enable the Require Authentication condition to ensure that safe senders are not being spoofed.
Note: this requires the sender to have correctly configured SPF.
- You can check a specific user's personal Safe & Blocked Senders Lists with the User Quarantine Takeover tool. Read the KB article on Email Protection: User Quarantine Management In CONTROL PANEL for more information.
- Note: the User Quarantine message routing option must be enabled. Senders on the personal safe list will only ever bypass the spam and marketing actions.
- Restrict permissions for users to add items to their personal Safe & Blocked lists in the User Quarantine that can be found under CONTROL PANEL > Email Protection > Settings > Default user settings.
Some actions do not affect how a message is delivered, but may instead modify the email. These modifeers are:
- Tag Subject: the subject line will be prepended with a text string.
- Re-write URLs: links within a message will be modified so they can be scanned when the user clicks them.
- Send silent copy: a blind copy of the message will be sent to a designated recipient.
After all filters and checks have been considered it is possible for a message to have multiple delivery options. In this situation Email Protection will use most restrictive destination according to the following order:
- Admin Quarantine
- User Quarantine / Junk Email folder (depending on Message Routing settings selected on your account)