Configuring Email Security Profiles

Purpose: Configure email security profiles to bolster your gateway security against email-based threats. This procedure configures settings for email security that are effective for cloud-based email security using Cloud Message Scan (CMS). If email security is set to local scan, the effective settings differ from the configuration settings. See Cloud Message Scan (CMS) and Local Scan. Cloud Edge does not scan IPv6 email traffic using local scan or cloud scan. IPv6 email traffic passes through the appliance without scanning.

Location: Policies > Gateway Profiles > Email Security

  1. Optionally enable the profile.
  2. Configure Anti-malware settings for email.
    Option Description

    Enable

    Turn on or off.

    Enable Virtual Analyzer

    Send suspicious email attachments to cloud-based Virtual Analyzer for sandbox analysis to determine if the attachment contains malware.

    Note:

    Before you can enable Virtual Analyzer, anti-malware must be enabled.

    Cloud Edge devices can submit suspicious files for sandbox analysis only if the Virtual Analyzer license is activated for those devices.

    For more information, see Virtual Analyzer.

    Action

    Block or tag email messages with malicious content.

    Tag Subject

    Tag that you want to use in the email subject.

    Tag Body

    Tag that you want to use in the email body.

    Enable Predictive Machine Learning

    Send suspicious email attachments to the cloud-based Predictive Machine Learning engine that uses advanced analytics to detect and eliminate threats.

    Before you can enable Predictive Machine Learning, anti-malware must be enabled.

    For more information, see Predictive Machine Learning.

    Action (Predictive Machine Learning)

    Monitor, block, or tag email messages that Predictive Machine Learning determines contain attachments with malicious content.

    Note:

    If the option is set to monitor, the entire email is allowed and an entry is recorded in the log.

    Tag Subject (Predictive Machine Learning)

    Tag that you want to use in the email subject.

    Tag Body (Predictive Machine Learning)

    Tag that you want to use in the email body.

  3. Configure Anti-Spam settings.
    Option Description
    Enable

    Turn anti-spam email security on or off.

    • Enabling anti-spam also enables detection of phishing violations. Cloud Edge records phishing violations as a separate message type in widgets and logs. Additionally, you can generate reports specific to phishing violations.

    • For more information, see Phishing Detection.

    Enable email reputation

    Enable Email Reputation Services.

    Anti-Spam Catch Rate (Sensitivity Level)

    High: Catches more spam. Select a high catch rate if too much spam gets through to clients.

    Medium: The standard setting.

    Low: Catches less spam. Select a low catch rate if Cloud Edge is tagging too many legitimate email messages as spam.

    Note: If needed, adjust the anti-spam catch rate at a later time.

    Enable BEC Scanning

    Enable Business Email Compromise (BEC) scanning.

    BEC compromises legitimate business email accounts through social engineering for the purpose of conducting unauthorized transfers of funds.

    Note:

    You must enable anti-spam email security to use BEC scanning.

    Action

    Block or tag spam email messages. This action also applies to BEC compromised emails.

    Tag Subject / Tag Body

    Tag that you want to use in the email subject and the email body for spam or BEC email messages.

  4. Configure Content Filtering settings.
    • Filter by Message Size

      The maximum allowed message size.

    • Filter by Keywords/Patterns

      Use any combination of keywords and regular expressions to define a keyword expression when configuring filtering strings for the header, footer, and attachments. Specify a backslash \ immediately before the following characters:

      . \ | ( ) { } [ ] ^ $ * + or ?

      Separate keywords and regular expressions with a comma.

      You can filter messages by specifying keywords or patterns to match in the message header, the message body, and attachment names.

      Note:

      The message header includes the From, To, CC, and Subject fields.

    • Filter by My Number

      Enable or disable individual MyNumber filters as required.

      My Number is a system used in Japan for administrative purposes related to social security administration, taxation, and disaster response. My Number numbers are assigned to local governments, individuals, registered and unregistered corporations, incorporate associates, and central government organizations and are used to enforce policies for social security and taxation.

      You can enable or disable the following My Number Filter Names:

      • Individual Number

      • Corporate Number: Registered corporations

      • Corporate Number: Unregistered corporations, incorporated associations without legal personality, and foundations without legal personality

      • Corporate Number: Central government organizations

      • Corporate Number: Local governments with Community Identification Number

      • Corporate Number: Local governments without Community Identification Number

    • Action

      Block or tag email messages with content filtering violations.

    • Tag Subject / Tag Body

      Tag that you want to use in the email subject and the email body.

  5. Configure Exception Lists settings.

    Exception Type: File Types

    • APPROVED FILE TYPES

      Attachments ending with a listed file type are allowed without malware scanning.

    • BLOCKED FILE TYPES

      Attachments ending with a listed file type are removed without malware scanning.

    Exception Type: Email Senders

    • APPROVED SENDERS

      Approved senders are excluded from spam and content filters and from Virtual Analyzer/Predictive Machine Learning analysis. Messages from these senders are still scanned for malware.

    • BLOCKED SENDERS

      All email messages from these senders are blocked.

    Note: Approved and blocked senders only support SMTP and POP3.
  6. Configure Advanced Settings.
    • SMTP, POP3, and IMAP

      Turn each protocol on or off.

    • SMTPS, POP3S, and IMAPS

      Turn each secure protocol on or off and specify custom SSL ports for each protocol as a comma-delimited list.

    • Send notification to internal email senders from SMTP server.

      Select if you want to send a notification to internal senders regarding spam and malware email messages that originated from them or if content filtering security restricts message content, and then specify the following:

      • SMTP server and port number.

      • If the server requires authentication, enable authentication, and then specify the user name and password for the SMTP server.

      • Other recipient email addresses as a comma-delimited list.

      • Email subject and message.

  7. Click Save.