Policy Overview Parent topic

The streamlined policy architecture provides security controls that ensure protection against threats without complex policy rules.
Policy controls determine the action applied to detected threats. By default, the policy actions block and quarantine high-risk messages. You can fine-tune policy actions, notifications, message tags, and redirect pages to customize traffic handling behavior.
Policy exceptions reduce false positives. Configure exceptions to classify certain email messages as safe. Specify the safe senders, recipients, and X-header content, or add files, URLs, IP addresses and domains, and URL keywords. Safe email messages are discarded (BCC and SPAN/TAP mode) or delivered to the recipient (MTA mode) without further investigation.
Related information

Configuring the Actions Parent topic

Procedure

  1. Go to PolicyPolicyActions.
  2. In Actions by Risk Level, configure the settings for High, Medium, and Low risk messages.
    1. Specify the Action.
      Option
      Actions Taken
      Block and quarantine
      • Does not deliver the email message
      • Stores a copy in the quarantine area
      Strip attachments, redirect links to blocking page, and tag
      • Delivers the email message to the recipient
      • Replaces suspicious attachments with a text file
      • Redirects suspicious links to a blocking page
      • Tags the email message subject with a string to notify the recipient
      Strip attachments, redirect links to warning page, and tag
      • Delivers the email message to the recipient
      • Replaces suspicious attachments with a text file
      • Redirects suspicious links to a warning page
      • Tags the email message subject with a string to notify the recipient
      Pass and tag
      • Delivers the email message to the recipient
      • Tags the email message subject with a string to notify the recipient
      Pass with no action
      • Delivers the email message to the recipient
    2. (Optional) Select Notify recipients to inform recipients about the applied policy action.
      Important
      Important
      TippingPoint Advanced Threat Protection for Email only sends recipient notifications when you select Notify recipients.
    3. (Optional) In the Subject tag field, specify the string to insert in the subject of email messages.
    4. (Optional) In the X-Header field, specify the string to add to the X-header.
  3. In Other Actions, configure the following:
    1. (Optional) Select Quarantine a copy of the original message when stripping attachments or redirecting links to store the email message with the attachment and URL in the quarantine for further investigation.
    2. (Optional) Select Apply action to messages with unscannable attachments to apply either Block and quarantine or Pass and tag policy actions. These actions apply to password-protected archives that could not be extracted and scanned using the password list or heuristically obtained passwords.
      Option
      Actions Taken
      Block and quarantine
      • Does not deliver the email message
      • Stores a copy in the quarantine area
      Pass and tag
      • Delivers the email message to the recipient
      • Tags the email message subject with a string to notify the recipient
    3. (Optional) Select Notify recipients to inform recipients about the applied policy action.
      Important
      Important
      TippingPoint Advanced Threat Protection for Email only sends recipient notifications when you select Notify recipients.
    4. If required, specify the string to insert into the subject of the email messages.
  4. Click Save.