You’re offline. This is a read only version of the page.
Online Help Center
Search
Support
For Home
For Business
English (US)
Bahasa Indonesia (Indonesian)
Dansk (Danish)
Deutsch (German)
English (Australia)
English (US)
Español (Spanish)
Français (French)
Français Canadien
(Canadian French)
Italiano (Italian)
Nederlands (Dutch)
Norsk (Norwegian)
Polski (Polish)
Português - Brasil
(Portuguese - Brazil)
Português - Portugal
(Portuguese - Portugal)
Svenska (Swedish)
ภาษาไทย (Thai)
Tiếng Việt (Vietnamese)
Türkçe (Turkish)
Čeština (Czech)
Ελληνικά (Greek)
Български (Bulgarian)
Русский (Russian)
עברית (Hebrew)
اللغة العربية (Arabic)
日本語 (Japanese)
简体中文
(Simplified Chinese)
繁體中文
(Traditional Chinese)
繁體中文 HK
(Traditional Chinese)
한국어 (Korean)
Cancel
This website uses cookies for website functionality and traffic analytics. Our Cookie Notice provides more information and explains how to amend your cookie settings.
Learn More
Yes, I agree
Table of Contents
The page you're looking for can't be found or is under maintenance
Try again later or go to the home page
Go to home page
Privacy and Personal Data Collection Disclosure
Pre-release disclaimer
Pre-release sub-feature disclaimer
Trend Micro Email Security data privacy, security, and compliance
About Trend Micro Email Security
What's new
Service requirements
Features and benefits
Available license versions
Data center geography
Inbound message protection
Inbound message flow
Outbound message protection
Integration with Trend Micro products
Apex Central
Registering to Apex Central
Checking Trend Micro Email Security server status
Unregistering from Apex Central
Remote Manager
Getting started with Trend Micro Email Security
Accessing the Trend Micro Email Security administrator console
Resetting local account passwords
Selecting a serving site for first time use
Provisioning a Trend Micro Business Account
Setting up Trend Micro Email Security
Working with the dashboard
Threats tab
Ransomware details chart
Threats chart
Threats details chart
Virtual Analyzer file analysis details chart
Virtual Analyzer URL analysis details chart
Virtual Analyzer quota usage details
Domain-based authentication details chart
Blocked message details
Top statistics tab
Top bec attacks detected by antispam engine chart
Top BEC attacks detected by Writing Style Analysis chart
Top targeted high profile users
Top analyzed advanced threats (files) chart
Top analyzed advanced threats (URLs) chart
Top malware detected by Predictive Machine Learning chart
Top malware detected by pattern-based scanning chart
Top spam chart
Top Data Loss Prevention (DLP) incidents chart
Other statistics tab
Volume chart
Bandwidth chart
Time-of-click protection chart
DMARC compliance chart
Managing domains
Adding a domain
Configuring a domain
Adding SPF records
Adding Office 365 inbound connectors
Adding Office 365 outbound connectors
Editing or deleting domains
Inbound and outbound protection
Managing recipient filter
Managing sender filter
Configuring approved and blocked sender lists
Adding senders
Deleting senders
Importing senders
Exporting senders
Sender filter settings
Transport Layer Security (TLS) peers
Adding domain TLS peers
Editing domain TLS peers
Understanding IP reputation
About quick IP list
About standard IP reputation settings
About approved and blocked IP addresses
Managing approved and blocked IP addresses
IP reputation order of evaluation
Troubleshooting issues
Managing reverse DNS validation
Configuring reverse DNS validation settings
Adding reverse DNS validation settings
Editing reverse DNS validation settings
Configuring the blocked PTR domain list
Adding PTR domains
Editing PTR domains
Domain-based authentication
Sender IP match
Adding sender IP match settings
Editing sender IP match settings
Sender policy framework (SPF)
Adding SPF settings
Editing SPF settings
Domainkeys identified mail (DKIM)
Adding DKIM verification settings
Editing DKIM verification settings
Adding DKIM signing settings
Editing DKIM signing settings
Domain-based message authentication, reporting & conformance (DMARC)
Adding DMARC settings
Editing DMARC settings
Monitoring DMARC
Monitoring DMARC setup
Generating a DMARC record
Generating a BIMI record and Implementing BIMI
Analyzing DMARC reports
How DMARC works with SPF and DKIM
File password analysis
Configuring file password analysis
Adding user-defined passwords
Importing user-defined passwords
Configuring scan exceptions
Scan exception list
Configuring "scan exceptions" actions
High profile domains
Configuring high profile domains
High profile users
Configuring high profile users
Configuring time-of-click protection settings
Data Loss Prevention
Data identifier types
Expressions
Predefined Expressions
Customized Expressions
Criteria for custom expressions
Creating a Customized Expression
Importing Customized Expressions
Keywords
Predefined Keyword Lists
Custom keyword lists
Custom keyword list criteria
Creating a Keyword List
Importing a Keyword List
File Attributes
Predefined file attributes list
Creating a file attribute list
Importing a file attribute list
DLP Compliance Templates
Predefined DLP Templates
Custom DLP templates
Condition statements and logical pperators
Creating a Template
Importing Templates
Configuring policies
Policy rule overview
Default policy rules
Managing policy rules
Reordering policy rules
Naming and enabling a policy rule
Specifying recipients and senders
Inbound policy rules
Outbound policy rules
About policy rule scanning criteria
Configuring virus scan criteria
About Advanced Threat Scan Engine
About Predictive Machine Learning
Configuring spam filtering criteria
Configuring spam criteria
Configuring Business Email Compromise criteria
Configuring phishing criteria
Configuring graymail criteria
Configuring Web Reputation criteria
Configuring social engineering attack criteria
Configuring unusual signal criteria
Unusual signals
Configuring Correlated Intelligence criteria
Configuring Data Loss Prevention criteria
Configuring content filtering criteria
Using envelope sender is blank criteria
Using message header sender differs from envelope sender criteria
Using message header sender differs from header reply-to criteria
Using attachment file name or extension criteria
Using attachment mime content type criteria
Using attachment true file type criteria
Using message size criteria
Using subject matches criteria
Using subject is blank criteria
Using body matches criteria
Using body is blank criteria
Using specified header matches criteria
Using attachment content matches keyword criteria
Using attachment size criteria
Using attachment number criteria
Using attachment is password protected criteria
Using attachment contains active content criteria
Using the number of recipients criteria
About policy rule actions
Specifying policy rule actions
intercept actions
Using the delete action
Using the deliver now action
Using the quarantine action
Using the change recipient action
modify actions
Cleaning cleanable malware
Deleting matching attachments
Sanitizing attachments
Inserting an X-Header
Inserting a stamp
Configuring stamps
Tagging the subject line
Tokens
monitor actions
Using the bcc action
Encrypting outbound messages
Reading an encrypted email message
About the send notification action
Configuring send notification actions
Duplicating or copying send notification actions
Removing notifications from policy rule actions
Deleting notifications from lists of messages
Understanding quarantine
Querying the quarantine
Configuring end user quarantine settings
Quarantine digest settings
Adding or editing a digest rule
Adding or editing a digest template
Logs in Trend Micro Email Security
Understanding mail tracking
Social engineering attack log details
Business Email Compromise log details
Antispam engine scan details
Understanding policy events
Predictive Machine Learning log details
Understanding URL click tracking
Understanding audit log
Configuring syslog settings
Syslog forwarding
Syslog server profiles
Content mapping between log output and CEF syslog type
CEF detection logs
CEF audit logs
CEF mail tracking logs (accepted traffic)
CEF URL click tracking logs
Querying log export
Reports
Generated reports
Report settings
Configuring administration settings
Policy objects
Managing address groups
Managing the URL keyword exception list
Managing the Web Reputation approved list
Managing correlation rules and detection signals
Adding a custom correlation rule
Keyword expressions
About regular expressions
Characters
Bracket expression and character classes
Boundary matches
Greedy quantifiers
Logical operators
Shorthand and meta-symbol
Using keyword expressions
Adding keyword expressions
Editing keyword expressions
Managing notifications
Managing stamps
Administrator management
Account management
Accessible features of the local accounts
Adding and configuring a subaccount
Adding and configuring a superadmin account
Editing a subaccount
Editing a superadmin account
Deleting subaccounts or superadmin accounts
Changing the password of a subaccount or superadmin account
Enabling or disabling a subaccount or superadmin account
Logon methods
Configuring local account logon
Setting up two-factor authentication
Configuring single sign-on
Configuring Active Directory Federation Services
Configuring Microsoft ENTRA ID
Configuring Okta
End user management
Local accounts
Managed accounts
Removing end user managed accounts
Logon methods
Configuring local account logon
Configuring single sign-on
Configuring Active Directory Federation Services
Configuring Microsoft ENTRA ID
Configuring Okta
Email Continuity
Adding an Email Continuity record
Editing an Email Continuity record
Logon access control
Configuring access control settings
Configuring approved IP addresses
Directory management
Synchronizing user directories
Importing user directories
Exporting user directories
Installing the directory synchronization tool
Co-branding
Service integration
API access
Obtaining an API key
Log retrieval
Apex Central
Configuring suspicious object settings
Trend Vision One
Configuring suspicious object settings
Remote Manager
Phishing simulation
Email reporting add-in for Outlook
Deploying the add-in in the Microsoft 365 admin center
Deploying the add-in in the Exchange admin center
Updating the add-in in the Microsoft 365 admin center
License information
Activating Sandbox as a Service
Migrating data from IMSS or IMSVA
Data that will be migrated
Data that will not be migrated
Prerequisites for data migration
Migrating data to Trend Micro Email Security
Verifying data after migration
Email Recovery
FAQs and instructions
About mx records and Trend Micro Email Security
About mta-sts records for inbound protection
Feature limits and capability restrictions
Viewing your service level agreement
Technical support
Contacting support
Using the support portal
Speeding up the support call
Sending suspicious content to Trend Micro
Email Reputation Services
File Reputation Services
Web Reputation Services
Troubleshooting resources
Threat encyclopedia
Download center
Documentation feedback
Configuring spam criteria
Procedure
Select
Spam
.
Choose a baseline spam catch rate.
Lowest (most conservative)
Low
Moderately low (the default setting)
Moderately high
High
Highest (most aggressive)
Table of Contents
Privacy and Personal Data Collection Disclosure
Pre-release disclaimer
Pre-release sub-feature disclaimer
Trend Micro Email Security data privacy, security, and compliance
About Trend Micro Email Security
What's new
Service requirements
Features and benefits
Available license versions
Data center geography
Inbound message protection
Inbound message flow
Outbound message protection
Integration with Trend Micro products
Apex Central
Registering to Apex Central
Checking Trend Micro Email Security server status
Unregistering from Apex Central
Remote Manager
Getting started with Trend Micro Email Security
Accessing the Trend Micro Email Security administrator console
Resetting local account passwords
Selecting a serving site for first time use
Provisioning a Trend Micro Business Account
Setting up Trend Micro Email Security
Working with the dashboard
Threats tab
Ransomware details chart
Threats chart
Threats details chart
Virtual Analyzer file analysis details chart
Virtual Analyzer URL analysis details chart
Virtual Analyzer quota usage details
Domain-based authentication details chart
Blocked message details
Top statistics tab
Top bec attacks detected by antispam engine chart
Top BEC attacks detected by Writing Style Analysis chart
Top targeted high profile users
Top analyzed advanced threats (files) chart
Top analyzed advanced threats (URLs) chart
Top malware detected by Predictive Machine Learning chart
Top malware detected by pattern-based scanning chart
Top spam chart
Top Data Loss Prevention (DLP) incidents chart
Other statistics tab
Volume chart
Bandwidth chart
Time-of-click protection chart
DMARC compliance chart
Managing domains
Adding a domain
Configuring a domain
Adding SPF records
Adding Office 365 inbound connectors
Adding Office 365 outbound connectors
Editing or deleting domains
Inbound and outbound protection
Managing recipient filter
Managing sender filter
Configuring approved and blocked sender lists
Adding senders
Deleting senders
Importing senders
Exporting senders
Sender filter settings
Transport Layer Security (TLS) peers
Adding domain TLS peers
Editing domain TLS peers
Understanding IP reputation
About quick IP list
About standard IP reputation settings
About approved and blocked IP addresses
Managing approved and blocked IP addresses
IP reputation order of evaluation
Troubleshooting issues
Managing reverse DNS validation
Configuring reverse DNS validation settings
Adding reverse DNS validation settings
Editing reverse DNS validation settings
Configuring the blocked PTR domain list
Adding PTR domains
Editing PTR domains
Domain-based authentication
Sender IP match
Adding sender IP match settings
Editing sender IP match settings
Sender policy framework (SPF)
Adding SPF settings
Editing SPF settings
Domainkeys identified mail (DKIM)
Adding DKIM verification settings
Editing DKIM verification settings
Adding DKIM signing settings
Editing DKIM signing settings
Domain-based message authentication, reporting & conformance (DMARC)
Adding DMARC settings
Editing DMARC settings
Monitoring DMARC
Monitoring DMARC setup
Generating a DMARC record
Generating a BIMI record and Implementing BIMI
Analyzing DMARC reports
How DMARC works with SPF and DKIM
File password analysis
Configuring file password analysis
Adding user-defined passwords
Importing user-defined passwords
Configuring scan exceptions
Scan exception list
Configuring "scan exceptions" actions
High profile domains
Configuring high profile domains
High profile users
Configuring high profile users
Configuring time-of-click protection settings
Data Loss Prevention
Data identifier types
Expressions
Predefined Expressions
Customized Expressions
Criteria for custom expressions
Creating a Customized Expression
Importing Customized Expressions
Keywords
Predefined Keyword Lists
Custom keyword lists
Custom keyword list criteria
Creating a Keyword List
Importing a Keyword List
File Attributes
Predefined file attributes list
Creating a file attribute list
Importing a file attribute list
DLP Compliance Templates
Predefined DLP Templates
Custom DLP templates
Condition statements and logical pperators
Creating a Template
Importing Templates
Configuring policies
Policy rule overview
Default policy rules
Managing policy rules
Reordering policy rules
Naming and enabling a policy rule
Specifying recipients and senders
Inbound policy rules
Outbound policy rules
About policy rule scanning criteria
Configuring virus scan criteria
About Advanced Threat Scan Engine
About Predictive Machine Learning
Configuring spam filtering criteria
Configuring spam criteria
Configuring Business Email Compromise criteria
Configuring phishing criteria
Configuring graymail criteria
Configuring Web Reputation criteria
Configuring social engineering attack criteria
Configuring unusual signal criteria
Unusual signals
Configuring Correlated Intelligence criteria
Configuring Data Loss Prevention criteria
Configuring content filtering criteria
Using envelope sender is blank criteria
Using message header sender differs from envelope sender criteria
Using message header sender differs from header reply-to criteria
Using attachment file name or extension criteria
Using attachment mime content type criteria
Using attachment true file type criteria
Using message size criteria
Using subject matches criteria
Using subject is blank criteria
Using body matches criteria
Using body is blank criteria
Using specified header matches criteria
Using attachment content matches keyword criteria
Using attachment size criteria
Using attachment number criteria
Using attachment is password protected criteria
Using attachment contains active content criteria
Using the number of recipients criteria
About policy rule actions
Specifying policy rule actions
intercept actions
Using the delete action
Using the deliver now action
Using the quarantine action
Using the change recipient action
modify actions
Cleaning cleanable malware
Deleting matching attachments
Sanitizing attachments
Inserting an X-Header
Inserting a stamp
Configuring stamps
Tagging the subject line
Tokens
monitor actions
Using the bcc action
Encrypting outbound messages
Reading an encrypted email message
About the send notification action
Configuring send notification actions
Duplicating or copying send notification actions
Removing notifications from policy rule actions
Deleting notifications from lists of messages
Understanding quarantine
Querying the quarantine
Configuring end user quarantine settings
Quarantine digest settings
Adding or editing a digest rule
Adding or editing a digest template
Logs in Trend Micro Email Security
Understanding mail tracking
Social engineering attack log details
Business Email Compromise log details
Antispam engine scan details
Understanding policy events
Predictive Machine Learning log details
Understanding URL click tracking
Understanding audit log
Configuring syslog settings
Syslog forwarding
Syslog server profiles
Content mapping between log output and CEF syslog type
CEF detection logs
CEF audit logs
CEF mail tracking logs (accepted traffic)
CEF URL click tracking logs
Querying log export
Reports
Generated reports
Report settings
Configuring administration settings
Policy objects
Managing address groups
Managing the URL keyword exception list
Managing the Web Reputation approved list
Managing correlation rules and detection signals
Adding a custom correlation rule
Keyword expressions
About regular expressions
Characters
Bracket expression and character classes
Boundary matches
Greedy quantifiers
Logical operators
Shorthand and meta-symbol
Using keyword expressions
Adding keyword expressions
Editing keyword expressions
Managing notifications
Managing stamps
Administrator management
Account management
Accessible features of the local accounts
Adding and configuring a subaccount
Adding and configuring a superadmin account
Editing a subaccount
Editing a superadmin account
Deleting subaccounts or superadmin accounts
Changing the password of a subaccount or superadmin account
Enabling or disabling a subaccount or superadmin account
Logon methods
Configuring local account logon
Setting up two-factor authentication
Configuring single sign-on
Configuring Active Directory Federation Services
Configuring Microsoft ENTRA ID
Configuring Okta
End user management
Local accounts
Managed accounts
Removing end user managed accounts
Logon methods
Configuring local account logon
Configuring single sign-on
Configuring Active Directory Federation Services
Configuring Microsoft ENTRA ID
Configuring Okta
Email Continuity
Adding an Email Continuity record
Editing an Email Continuity record
Logon access control
Configuring access control settings
Configuring approved IP addresses
Directory management
Synchronizing user directories
Importing user directories
Exporting user directories
Installing the directory synchronization tool
Co-branding
Service integration
API access
Obtaining an API key
Log retrieval
Apex Central
Configuring suspicious object settings
Trend Vision One
Configuring suspicious object settings
Remote Manager
Phishing simulation
Email reporting add-in for Outlook
Deploying the add-in in the Microsoft 365 admin center
Deploying the add-in in the Exchange admin center
Updating the add-in in the Microsoft 365 admin center
License information
Activating Sandbox as a Service
Migrating data from IMSS or IMSVA
Data that will be migrated
Data that will not be migrated
Prerequisites for data migration
Migrating data to Trend Micro Email Security
Verifying data after migration
Email Recovery
FAQs and instructions
About mx records and Trend Micro Email Security
About mta-sts records for inbound protection
Feature limits and capability restrictions
Viewing your service level agreement
Technical support
Contacting support
Using the support portal
Speeding up the support call
Sending suspicious content to Trend Micro
Email Reputation Services
File Reputation Services
Web Reputation Services
Troubleshooting resources
Threat encyclopedia
Download center
Documentation feedback