web
You’re offline. This is a read only version of the page.
close

Online Help Center
  • Search
  • Support
    • For Home
    • For Business
  • English (US)
    • Bahasa Indonesia (Indonesian)
    • Dansk (Danish)
    • Deutsch (German)
    • English (Australia)
    • English (US)
    • Español (Spanish)
    • Français (French)
    • Français Canadien
      (Canadian French)
    • Italiano (Italian)
    • Nederlands (Dutch)
    • Norsk (Norwegian)
    • Polski (Polish)
    • Português - Brasil
      (Portuguese - Brazil)
    • Português - Portugal
      (Portuguese - Portugal)
    • Svenska (Swedish)
    • ภาษาไทย (Thai)
    • Tiếng Việt (Vietnamese)
    • Türkçe (Turkish)
    • Čeština (Czech)
    • Ελληνικά (Greek)
    • Български (Bulgarian)
    • Русский (Russian)
    • עברית (Hebrew)
    • اللغة العربية (Arabic)
    • 日本語 (Japanese)
    • 简体中文
      (Simplified Chinese)
    • 繁體中文
      (Traditional Chinese)
    • 繁體中文 HK
      (Traditional Chinese)
    • 한국어 (Korean)
This website uses cookies for website functionality and traffic analytics. Our Cookie Notice provides more information and explains how to amend your cookie settings.
Learn More Yes, I agree
  • Online Help Center
  • Hosted Email Security Administrator's Guide
  • Hosted Email Security Administrator's Guide
  • Inbound and Outbound Protection
Table of Contents
The page you're looking for can't be found or is under maintenance
Try again later or go to the home page
Go to home page
  • Privacy and Personal Data Collection Disclosure
  • About Trend Micro Hosted Email Security
    • Service Requirements
    • What's New
    • Inbound Message Flow
      • Connection-Based Filtering at the MTA Connection Level
      • Content-Based Filtering at the Message Level
    • Outbound Message Protection
  • Getting Started with Hosted Email Security
    • Accessing the Hosted Email Security Administrator Console
    • Accessing the Cloud App Security Management Console
  • Working with the Dashboard
    • Threats Tab
      • Ransomware Details Chart
      • Threats Chart
      • Threats Details Chart
      • Virtual Analyzer Analysis Details Chart
      • Domain-based Authentication Details Chart
    • Top Statistics Tab
      • Top Business Email Compromise Threats Chart
      • Top Analyzed Advanced Threats Chart
      • Top Malware Detected by Predictive Machine Learning Chart
      • Top Malware Detected by Pattern-based Scanning Chart
      • Top Spam Chart
      • Top Data Loss Prevention (DLP) Incidents Chart
    • Other Statistics Tab
      • Volume Chart
      • Bandwidth Chart
      • Time-of-Click Protection Chart
  • About Domain Management
    • Adding a Domain
    • Configuring a Domain
      • Adding SPF Records
      • Adding Office 365 Inbound Connectors
      • Adding Office 365 Outbound Connectors
    • Editing or Deleting Domains
  • Inbound and Outbound Protection
    • Managing Recipient Filter
    • Managing Sender Filter
      • Sender Address Types
      • Configuring Approved and Blocked Sender Lists
        • Adding Senders
        • Editing Senders
        • Importing and Exporting Senders
    • Configuring Policy Objects
      • About Keyword Expressions
        • Using Keyword Expressions
        • Adding Keyword Expressions
        • Editing Keyword Expressions
      • Managing Notifications
      • Managing Stamps
      • Managing the Web Reputation Approved List
      • Data Loss Prevention (DLP)
        • Data Identifier Types
          • Expressions
            • Predefined Expressions
            • Customized Expressions
              • Criteria for Customized Expressions
              • Creating a Customized Expression
              • Importing Customized Expressions
          • Keywords
            • Predefined Keyword Lists
            • Customized Keyword Lists
              • Customized Keyword List Criteria
              • Creating a Keyword List
              • Importing a Keyword List
          • File Attributes
            • Predefined File Attributes List
            • Creating a File Attribute List
            • Importing a File Attribute List
        • DLP Compliance Templates
          • Predefined DLP Templates
          • Customized DLP Templates
            • Condition Statements and Logical Operators
            • Creating a Template
            • Importing Templates
    • Configuring High Profile Users
    • Configuring Scan Exceptions
      • Scan Exception List
      • Configuring "Scan Exceptions" Actions
    • Understanding IP Reputation
      • About Dynamic IP Reputation Settings
      • About Standard IP Reputation Settings
      • About Approved and Blocked IP Addresses
      • Troubleshooting Issues
    • About Transport Layer Security (TLS) Peers
      • Adding TLS Peers
      • Editing TLS Peers
    • About Sender Policy Framework (SPF)
      • Enabling or Disabling Sender Policy Framework (SPF)
      • Adding an SPF Peer to the Ignored List
      • Editing an SPF Peer in the Ignored List
      • Deleting SPF Peers from Ignored List
    • About DomainKeys Identified Mail (DKIM)
      • Adding DKIM Verification Settings
      • Editing DKIM Verification Settings
      • Adding DKIM Signing Settings
      • Editing DKIM Signing Settings
    • About Domain-based Message Authentication, Reporting & Conformance (DMARC)
      • Adding DMARC Settings
      • Editing DMARC Settings
    • How DMARC Works with SPF and DKIM
    • Configuring Time-of-Click Protection Settings
  • Configuring Policies
    • Managing Policy Rules
    • Customizing the Rule Order
    • Naming and Enabling a Rule
    • Specifying Recipients and Senders
      • Inbound Policy Rules
      • Outbound Policy Rules
    • About Rule Scanning Criteria
      • Configuring Malware or Malicious Code Criteria
        • About Advanced Threat Scan Engine
        • About Predictive Machine Learning
      • Configuring Spam Criteria
      • Configuring Business Email Compromise Criteria
      • Configuring Phishing Criteria
      • Configuring Graymail Criteria
      • Configuring Web Reputation Criteria
      • Configuring Social Engineering Attack Criteria
      • Configuring Data Loss Prevention Criteria
      • Configuring Advanced Criteria
        • Using Attachment Name or Extension Criteria
        • Using Attachment MIME Content-type Criteria
        • Using Attachment True File Type Criteria
        • Using Message Size Criteria
        • Using Subject Matches Criteria
        • Using Subject is Blank Criteria
        • Using Body Matches Criteria
        • Using Specified Header Matches Criteria
        • Using Attachment Content Matches Keyword Criteria
        • Using Attachment Size Criteria
        • Using Attachment Number Criteria
        • Using Attachment is Password Protected Criteria
        • Using the Number of Recipients Criteria
    • About Rule Actions
      • Specifying Rule Actions
      • "Intercept" Actions
        • Using the Delete Action
        • Using the Deliver Now Action
        • Using the Quarantine Action
        • Using the Change Recipient Action
      • "Modify" Actions
        • Cleaning Cleanable Malware
        • Deleting Matching Attachments
        • Insert an X-Header
        • Inserting a Stamp
          • Configuring Stamps
        • Tagging the Subject Line
        • Rule Tokens/Variables
      • "Monitor" Actions
        • Using the Bcc Action
      • Encrypting Outbound Messages
        • Reading an Encrypted Email Message
      • About the Send Notification Action
        • Configuring Send Notification Actions
        • Duplicating or Copying Send Notification Actions
        • Removing Notifications from Rule Actions
        • Deleting Notifications from Lists of Messages
  • Understanding Quarantine
    • Querying the Quarantine
    • Configuring End User Quarantine Console Settings
    • About the Quarantine Digest
      • Configuring the Quarantine Digest
  • Logs in Hosted Email Security
    • Understanding Mail Tracking
      • About Accepted Traffic
      • About Blocked Traffic
      • Social Engineering Attack Log Details
      • Business Email Compromise Log Details
    • Understanding Policy Events
      • Predictive Machine Learning Log Details
    • Understanding URL Click Tracking
    • Understanding Audit Log
  • Configuring Administration Settings
    • About Account Management
      • Adding and Configuring an Administrator Account
      • Editing Administrator Account Configuration
      • Deleting Administrator Accounts
      • Changing Administrator Passwords
      • Enabling or Disabling an Administrator Account
    • Changing End-User Passwords
    • About End-User Managed Accounts
      • Removing End-User Managed Accounts
    • About Logon Methods
      • Configuring Active Directory Federation Services 2.0
      • Configuring Azure Active Directory
      • Configuring Single Sign-On
      • Configuring Automatic Logon in Web Browsers
    • About Directory Management
      • Importing User Directories
      • Synchronizing User Directory
      • Verifying User Directories
    • Installing Web Services and Active Directory Synchronization Tool
    • About Co-Branding
      • Accessing the Co-Branded Administrator Console and End User Quarantine Console
    • Viewing Your Service Level Agreement
    • Viewing License Information
  • FAQs and Instructions
    • About MX Records and Hosted Email Security
    • General Order of Evaluation
    • Sender Filter Order of Evaluation
    • IP Reputation Order of Evaluation
    • How to Work with Non-AD Directories
    • Feature Limits and Capability Restrictions
    • Known Issues
  • Technical Support
    • Contacting Support
      • Using the Support Portal
      • Speeding Up the Support Call
    • Sending Suspicious Content to Trend Micro
      • Email Reputation Services
      • File Reputation Services
      • Web Reputation Services
    • Troubleshooting Resources
      • Threat Encyclopedia
      • Download Center
      • Documentation Feedback
Inbound and Outbound Protection

  • Managing Recipient Filter
  • Managing Sender Filter
  • Configuring Policy Objects
  • Configuring High Profile Users
  • Configuring Scan Exceptions
  • Understanding IP Reputation
  • About Transport Layer Security (TLS) Peers
  • About Sender Policy Framework (SPF)
  • About DomainKeys Identified Mail (DKIM)
  • About Domain-based Message Authentication, Reporting & Conformance (DMARC)
  • How DMARC Works with SPF and DKIM
  • Configuring Time-of-Click Protection Settings
Online Help Center
Support
For Home For Business
Privacy Notice
© 2025 Trend Micro Incorporated. All rights reserved.
Table of Contents
  • Privacy and Personal Data Collection Disclosure
  • About Trend Micro Hosted Email Security
    • Service Requirements
    • What's New
    • Inbound Message Flow
      • Connection-Based Filtering at the MTA Connection Level
      • Content-Based Filtering at the Message Level
    • Outbound Message Protection
  • Getting Started with Hosted Email Security
    • Accessing the Hosted Email Security Administrator Console
    • Accessing the Cloud App Security Management Console
  • Working with the Dashboard
    • Threats Tab
      • Ransomware Details Chart
      • Threats Chart
      • Threats Details Chart
      • Virtual Analyzer Analysis Details Chart
      • Domain-based Authentication Details Chart
    • Top Statistics Tab
      • Top Business Email Compromise Threats Chart
      • Top Analyzed Advanced Threats Chart
      • Top Malware Detected by Predictive Machine Learning Chart
      • Top Malware Detected by Pattern-based Scanning Chart
      • Top Spam Chart
      • Top Data Loss Prevention (DLP) Incidents Chart
    • Other Statistics Tab
      • Volume Chart
      • Bandwidth Chart
      • Time-of-Click Protection Chart
  • About Domain Management
    • Adding a Domain
    • Configuring a Domain
      • Adding SPF Records
      • Adding Office 365 Inbound Connectors
      • Adding Office 365 Outbound Connectors
    • Editing or Deleting Domains
  • Inbound and Outbound Protection
    • Managing Recipient Filter
    • Managing Sender Filter
      • Sender Address Types
      • Configuring Approved and Blocked Sender Lists
        • Adding Senders
        • Editing Senders
        • Importing and Exporting Senders
    • Configuring Policy Objects
      • About Keyword Expressions
        • Using Keyword Expressions
        • Adding Keyword Expressions
        • Editing Keyword Expressions
      • Managing Notifications
      • Managing Stamps
      • Managing the Web Reputation Approved List
      • Data Loss Prevention (DLP)
        • Data Identifier Types
          • Expressions
            • Predefined Expressions
            • Customized Expressions
              • Criteria for Customized Expressions
              • Creating a Customized Expression
              • Importing Customized Expressions
          • Keywords
            • Predefined Keyword Lists
            • Customized Keyword Lists
              • Customized Keyword List Criteria
              • Creating a Keyword List
              • Importing a Keyword List
          • File Attributes
            • Predefined File Attributes List
            • Creating a File Attribute List
            • Importing a File Attribute List
        • DLP Compliance Templates
          • Predefined DLP Templates
          • Customized DLP Templates
            • Condition Statements and Logical Operators
            • Creating a Template
            • Importing Templates
    • Configuring High Profile Users
    • Configuring Scan Exceptions
      • Scan Exception List
      • Configuring "Scan Exceptions" Actions
    • Understanding IP Reputation
      • About Dynamic IP Reputation Settings
      • About Standard IP Reputation Settings
      • About Approved and Blocked IP Addresses
      • Troubleshooting Issues
    • About Transport Layer Security (TLS) Peers
      • Adding TLS Peers
      • Editing TLS Peers
    • About Sender Policy Framework (SPF)
      • Enabling or Disabling Sender Policy Framework (SPF)
      • Adding an SPF Peer to the Ignored List
      • Editing an SPF Peer in the Ignored List
      • Deleting SPF Peers from Ignored List
    • About DomainKeys Identified Mail (DKIM)
      • Adding DKIM Verification Settings
      • Editing DKIM Verification Settings
      • Adding DKIM Signing Settings
      • Editing DKIM Signing Settings
    • About Domain-based Message Authentication, Reporting & Conformance (DMARC)
      • Adding DMARC Settings
      • Editing DMARC Settings
    • How DMARC Works with SPF and DKIM
    • Configuring Time-of-Click Protection Settings
  • Configuring Policies
    • Managing Policy Rules
    • Customizing the Rule Order
    • Naming and Enabling a Rule
    • Specifying Recipients and Senders
      • Inbound Policy Rules
      • Outbound Policy Rules
    • About Rule Scanning Criteria
      • Configuring Malware or Malicious Code Criteria
        • About Advanced Threat Scan Engine
        • About Predictive Machine Learning
      • Configuring Spam Criteria
      • Configuring Business Email Compromise Criteria
      • Configuring Phishing Criteria
      • Configuring Graymail Criteria
      • Configuring Web Reputation Criteria
      • Configuring Social Engineering Attack Criteria
      • Configuring Data Loss Prevention Criteria
      • Configuring Advanced Criteria
        • Using Attachment Name or Extension Criteria
        • Using Attachment MIME Content-type Criteria
        • Using Attachment True File Type Criteria
        • Using Message Size Criteria
        • Using Subject Matches Criteria
        • Using Subject is Blank Criteria
        • Using Body Matches Criteria
        • Using Specified Header Matches Criteria
        • Using Attachment Content Matches Keyword Criteria
        • Using Attachment Size Criteria
        • Using Attachment Number Criteria
        • Using Attachment is Password Protected Criteria
        • Using the Number of Recipients Criteria
    • About Rule Actions
      • Specifying Rule Actions
      • "Intercept" Actions
        • Using the Delete Action
        • Using the Deliver Now Action
        • Using the Quarantine Action
        • Using the Change Recipient Action
      • "Modify" Actions
        • Cleaning Cleanable Malware
        • Deleting Matching Attachments
        • Insert an X-Header
        • Inserting a Stamp
          • Configuring Stamps
        • Tagging the Subject Line
        • Rule Tokens/Variables
      • "Monitor" Actions
        • Using the Bcc Action
      • Encrypting Outbound Messages
        • Reading an Encrypted Email Message
      • About the Send Notification Action
        • Configuring Send Notification Actions
        • Duplicating or Copying Send Notification Actions
        • Removing Notifications from Rule Actions
        • Deleting Notifications from Lists of Messages
  • Understanding Quarantine
    • Querying the Quarantine
    • Configuring End User Quarantine Console Settings
    • About the Quarantine Digest
      • Configuring the Quarantine Digest
  • Logs in Hosted Email Security
    • Understanding Mail Tracking
      • About Accepted Traffic
      • About Blocked Traffic
      • Social Engineering Attack Log Details
      • Business Email Compromise Log Details
    • Understanding Policy Events
      • Predictive Machine Learning Log Details
    • Understanding URL Click Tracking
    • Understanding Audit Log
  • Configuring Administration Settings
    • About Account Management
      • Adding and Configuring an Administrator Account
      • Editing Administrator Account Configuration
      • Deleting Administrator Accounts
      • Changing Administrator Passwords
      • Enabling or Disabling an Administrator Account
    • Changing End-User Passwords
    • About End-User Managed Accounts
      • Removing End-User Managed Accounts
    • About Logon Methods
      • Configuring Active Directory Federation Services 2.0
      • Configuring Azure Active Directory
      • Configuring Single Sign-On
      • Configuring Automatic Logon in Web Browsers
    • About Directory Management
      • Importing User Directories
      • Synchronizing User Directory
      • Verifying User Directories
    • Installing Web Services and Active Directory Synchronization Tool
    • About Co-Branding
      • Accessing the Co-Branded Administrator Console and End User Quarantine Console
    • Viewing Your Service Level Agreement
    • Viewing License Information
  • FAQs and Instructions
    • About MX Records and Hosted Email Security
    • General Order of Evaluation
    • Sender Filter Order of Evaluation
    • IP Reputation Order of Evaluation
    • How to Work with Non-AD Directories
    • Feature Limits and Capability Restrictions
    • Known Issues
  • Technical Support
    • Contacting Support
      • Using the Support Portal
      • Speeding Up the Support Call
    • Sending Suspicious Content to Trend Micro
      • Email Reputation Services
      • File Reputation Services
      • Web Reputation Services
    • Troubleshooting Resources
      • Threat Encyclopedia
      • Download Center
      • Documentation Feedback
Close