Views:
Purpose: Configure email security profiles to bolster your gateway security against email-based threats. This procedure configures settings for email security that are effective for cloud-based email security using Cloud Message Scan (CMS). If email security is set to local scan, the effective settings differ from the configuration settings. See Cloud Message Scan (CMS) and Local Scan. Cloud Edge does not scan IPv6 email traffic using local scan or cloud scan. IPv6 email traffic passes through the gateway without scanning.
Location: Policies > SECURITY PROFILES > Security Profiles > Email Security

Procedure

  1. Optionally enable the security profile.
  2. Configure Anti-malware settings for email.
    Option Description
    Enable
    Turn on or off.
    Enable Virtual Analyzer
    Send suspicious email attachments to cloud-based Virtual Analyzer for sandbox analysis to determine if the attachment contains malware.
    Note
    Note
    Before you can enable Virtual Analyzer, anti-malware must be enabled.
    Cloud Edge devices can submit suspicious files for sandbox analysis only if the Virtual Analyzer license is activated for those devices.
    For more information, see Virtual Analyzer.
    Action
    Block or tag email messages with malicious content.
    Tag Subject
    Tag that you want to use in the email subject.
    Tag Body
    Tag that you want to use in the email body.
    Enable Predictive Machine Learning
    Send suspicious email attachments to the cloud-based Predictive Machine Learning engine that uses advanced analytics to detect and eliminate threats.
    Before you can enable Predictive Machine Learning, anti-malware must be enabled.
    For more information, see Predictive Machine Learning.
    Action (Predictive Machine Learning)
    Monitor, block, or tag email messages that Predictive Machine Learning determines contain attachments with malicious content.
    Note
    Note
    If the option is set to monitor, the entire email is allowed and an entry is recorded in the log.
    Tag Subject (Predictive Machine Learning)
    Tag that you want to use in the email subject.
    Tag Body (Predictive Machine Learning)
    Tag that you want to use in the email body.
    Tag emails with encrypted attachments
    Notify users when the email contains an unscannable attachment.
    Tag Body (Tag emails with encrypted attachments)
    Tag that you want to use in the email body.
  3. Configure Anti-Spam settings.
    Option Description
    Enable
    Turn anti-spam email security on or off.
    • Enabling anti-spam also enables detection of phishing violations. Cloud Edge records phishing violations as a separate message type in widgets and logs. Additionally, you can generate reports specific to phishing violations.
    • For more information, see Phishing Detection.
    Enable email reputation
    Enable Email Reputation Services.
    Anti-Spam Catch Rate (Sensitivity Level)
    High: Catches more spam. Select a high catch rate if too much spam gets through to clients.
    Medium: The standard setting.
    Low: Catches less spam. Select a low catch rate if Cloud Edge is tagging too many legitimate email messages as spam.
    Note
    Note
    If needed, adjust the anti-spam catch rate at a later time.
    Enable BEC Scanning
    Enable Business Email Compromise (BEC) scanning.
    BEC compromises legitimate business email accounts through social engineering for the purpose of conducting unauthorized transfers of funds.
    Note
    Note
    You must enable anti-spam email security to use BEC scanning.
    Action
    Block or tag spam email messages. This action also applies to BEC compromised emails.
    Tag Subject / Tag Body
    Tag that you want to use in the email subject and the email body for spam or BEC email messages.
  4. Configure Content Filtering settings.
    • Filter by Message Size
      The maximum allowed message size.
    • Filter by Keywords/Patterns
      Use any combination of keywords and regular expressions to define a keyword expression when configuring filtering strings for the header, footer, and attachments. Specify a backslash \ immediately before the following characters:
      . \ | ( ) { } [ ] ^ $ * + or ?
      Separate keywords and regular expressions with a comma.
      You can filter messages by specifying keywords or patterns to match in the message header, the message body, and attachment names.
      Note
      Note
      The message header includes the From, To, CC, and Subject fields.
    • Filter by My Number
      Enable or disable individual MyNumber filters as required.
      My Number is a system used in Japan for administrative purposes related to social security administration, taxation, and disaster response. My Number numbers are assigned to local governments, individuals, registered and unregistered corporations, incorporate associates, and central government organizations and are used to enforce policies for social security and taxation.
      You can enable or disable the following My Number Filter Names:
      • Individual Number
      • Corporate Number: Registered corporations
      • Corporate Number: Unregistered corporations, incorporated associations without legal personality, and foundations without legal personality
      • Corporate Number: Central government organizations
      • Corporate Number: Local governments with Community Identification Number
      • Corporate Number: Local governments without Community Identification Number
    • Action
      Block or tag email messages with content filtering violations.
    • Tag Subject / Tag Body
      Tag that you want to use in the email subject and the email body.
  5. Configure Exception Lists settings.
    Exception Type: File Types
    • APPROVED FILE TYPES
      Attachments ending with a listed file type are allowed without malware scanning.
    • BLOCKED FILE TYPES
      Attachments ending with a listed file type are removed without malware scanning.
    Exception Type: Email Senders
    • APPROVED SENDERS
      Approved senders are excluded from spam and content filters and from Virtual Analyzer/Predictive Machine Learning analysis. Messages from these senders are still scanned for malware.
    • BLOCKED SENDERS
      All email messages from these senders are blocked.
    Note
    Note
    Approved and blocked senders support all the protocols, including SMTP POP3 IMAP SMTPS POP3S and IMAPS.
  6. Configure Advanced Settings.
    • SMTP, POP3, and IMAP
      Turn each protocol on or off.
    • SMTPS, POP3S, and IMAPS
      Turn each secure protocol on or off and specify custom SSL ports for each protocol as a comma-delimited list.
    • Send notification to internal email senders from SMTP server.
      Select if you want to send a notification to internal senders regarding spam and malware email messages that originated from them or if content filtering security restricts message content, and then specify the following:
      • SMTP server and port number.
      • If the server requires authentication, enable authentication, and then specify the user name and password for the SMTP server.
      • Other recipient email addresses as a comma-delimited list.
      • Email subject and message.
  7. Click Save.