About Policies

A policy is a set of rules that Deep Discovery Email Inspector uses to evaluate email messages. Use policies to determine the actions applied to detected threats and unwanted contents in email messages.

You can configure policies in Deep Discovery Email Inspector to scan messages based on the message direction (inbound, outbound, or inbound or outbound).

The following table describes the required components for a policy.

Table 1.

Component

Description

Policy rules

You can create the following types of rules to enforce your organization’s antivirus and other security goals:

  • Content filtering rules: Evaluates message contents to prevent undesirable content from being delivered to recipients and remove active content (such as macros) from Microsoft Office or PDF file attachments

  • DLP rules: Prevents the transmission of digital assets through email messages

  • Antispam rules: Scans messages for spam or graymail

  • Threat protection rules: Scans messages for viruses and other malware such as spyware and worms

By default, Deep Discovery Email Inspector comes with a Default Policy that includes default rule settings to help protect your network from viruses and related Internet threats.

Note:
  • A threat protection rule does not protect against spam. For best protection against spam, configure an antispam rule and activate Sender Filtering.

  • To use the content filtering, data loss prevent (DLP), and antispam features, activate the license for Gateway Module. For more information, see Licenses.

Policy objects

You can configure the following types of objects to customize traffic handling behavior in policies:

  • Notifications

  • Message tags

  • Redirect pages

  • Data identifiers

  • DLP templates

  • Archive servers

Policy exceptions

Policy exceptions reduce false positives. Configure exceptions to set the limits and actions for email encryption, or classify certain email messages as safe. Specify the safe senders, recipients, and X-header content, add files, URLs, IP addresses and domains, add URL keywords, or specify senders to bypass graymail scanning. Safe email messages are discarded (BCC and SPAN/TAP mode) or delivered to the recipient (MTA mode) without further investigation.

Follow the procedure to create policies in Deep Discovery Email Inspector:

  1. (For content filtering and DLP rules) Create data identifiers.

    For more information, see Data Identifiers.

  2. Create policy rules and notification templates.

    For more information, see Policy Rules and Configuring Recipient Notification.

  3. Create policies to apply on target senders and recipients.

    For more information, see Configuring a Policy and Address Groups.

  4. Specify trusted senders/recipients or objects for policy exceptions.

    For more information, see Policy Exceptions.