Purpose: Configure email security profiles to bolster your
gateway security against email-based threats. This procedure configures settings for
email security that are effective for cloud-based email security using Cloud Message
Scan (CMS). If email security is set to local scan, the effective settings differ
from the configuration settings. See Cloud Message Scan (CMS) and Local
Scan. Cloud Edge does not scan IPv6 email traffic
using local scan or cloud scan. IPv6 email traffic passes through the gateway
without scanning.
Location:
Policies > SECURITY PROFILES > Security Profiles > Email Security
Procedure
- Optionally enable the security profile.
- Configure Anti-malware settings for email.
Option Description EnableTurn on or off.Enable Virtual AnalyzerSend suspicious email attachments to cloud-based Virtual Analyzer for sandbox analysis to determine if the attachment contains malware.Note
Before you can enable Virtual Analyzer, anti-malware must be enabled.Cloud Edge devices can submit suspicious files for sandbox analysis only if the Virtual Analyzer license is activated for those devices.For more information, see Virtual Analyzer.ActionBlock or tag email messages with malicious content.Tag SubjectTag that you want to use in the email subject.Tag BodyTag that you want to use in the email body.Enable Predictive Machine LearningSend suspicious email attachments to the cloud-based Predictive Machine Learning engine that uses advanced analytics to detect and eliminate threats.Before you can enable Predictive Machine Learning, anti-malware must be enabled.For more information, see Predictive Machine Learning.Action (Predictive Machine Learning)Monitor, block, or tag email messages that Predictive Machine Learning determines contain attachments with malicious content.Note
If the option is set to monitor, the entire email is allowed and an entry is recorded in the log.Tag Subject (Predictive Machine Learning)Tag that you want to use in the email subject.Tag Body (Predictive Machine Learning)Tag that you want to use in the email body.Tag emails with encrypted attachmentsNotify users when the email contains an unscannable attachment.Tag Body (Tag emails with encrypted attachments) Tag that you want to use in the email body. - Configure Anti-Spam settings.
Option Description Enable Turn anti-spam email security on or off.-
Enabling anti-spam also enables detection of phishing violations. Cloud Edge records phishing violations as a separate message type in widgets and logs. Additionally, you can generate reports specific to phishing violations.
- For more information, see Phishing Detection.
Enable email reputationEnable Email Reputation Services.Anti-Spam Catch Rate (Sensitivity Level)High: Catches more spam. Select a high catch rate if too much spam gets through to clients.Medium: The standard setting.Low: Catches less spam. Select a low catch rate if Cloud Edge is tagging too many legitimate email messages as spam.Note
If needed, adjust the anti-spam catch rate at a later time.Enable BEC ScanningEnable Business Email Compromise (BEC) scanning.BEC compromises legitimate business email accounts through social engineering for the purpose of conducting unauthorized transfers of funds.Note
You must enable anti-spam email security to use BEC scanning.ActionBlock or tag spam email messages. This action also applies to BEC compromised emails.Tag Subject / Tag BodyTag that you want to use in the email subject and the email body for spam or BEC email messages. -
- Configure Content Filtering settings.
-
Filter by Message SizeThe maximum allowed message size.
-
Filter by Keywords/PatternsUse any combination of keywords and regular expressions to define a keyword expression when configuring filtering strings for the header, footer, and attachments. Specify a backslash \ immediately before the following characters:. \ | ( ) { } [ ] ^ $ * + or ?Separate keywords and regular expressions with a comma.You can filter messages by specifying keywords or patterns to match in the message header, the message body, and attachment names.
Note
The message header includes the From, To, CC, and Subject fields. -
Filter by My NumberEnable or disable individual MyNumber filters as required.My Number is a system used in Japan for administrative purposes related to social security administration, taxation, and disaster response. My Number numbers are assigned to local governments, individuals, registered and unregistered corporations, incorporate associates, and central government organizations and are used to enforce policies for social security and taxation.You can enable or disable the following My Number Filter Names:
-
Individual Number
-
Corporate Number: Registered corporations
-
Corporate Number: Unregistered corporations, incorporated associations without legal personality, and foundations without legal personality
-
Corporate Number: Central government organizations
-
Corporate Number: Local governments with Community Identification Number
-
Corporate Number: Local governments without Community Identification Number
-
-
ActionBlock or tag email messages with content filtering violations.
-
Tag Subject / Tag BodyTag that you want to use in the email subject and the email body.
-
- Configure Exception Lists settings.Exception Type: File Types
-
APPROVED FILE TYPESAttachments ending with a listed file type are allowed without malware scanning.
-
BLOCKED FILE TYPESAttachments ending with a listed file type are removed without malware scanning.
Exception Type: Email Senders-
APPROVED SENDERSApproved senders are excluded from spam and content filters and from Virtual Analyzer/Predictive Machine Learning analysis. Messages from these senders are still scanned for malware.
-
BLOCKED SENDERSAll email messages from these senders are blocked.
Note
Approved and blocked senders support all the protocols, including SMTP POP3 IMAP SMTPS POP3S and IMAPS. -
- Configure Advanced Settings.
-
SMTP, POP3, and IMAPTurn each protocol on or off.
-
SMTPS, POP3S, and IMAPSTurn each secure protocol on or off and specify custom SSL ports for each protocol as a comma-delimited list.
-
Send notification to internal email senders from SMTP server.Select if you want to send a notification to internal senders regarding spam and malware email messages that originated from them or if content filtering security restricts message content, and then specify the following:
-
SMTP server and port number.
-
If the server requires authentication, enable authentication, and then specify the user name and password for the SMTP server.
-
Other recipient email addresses as a comma-delimited list.
-
Email subject and message.
-
-
- Click Save.