Policy Management Guidelines

Consider the following when configuring policies in Deep Discovery Email Inspector:

  • Before you create a policy, create content filtering, data loss prevention (DLP), antispam, and threat protection rules.

  • Activate the Gateway Module license to enable content filtering and antispam rules. Activate the Threat Protection license to enable threat protection rules. If the license for Gateway Module is not activated, Deep Discovery Email Inspector disables content filtering and antispam rules.

    For more information, see Licenses.

  • If the domain of a sender address is in the internal domain list, Deep Discovery Email Inspector considers messages from the sender as outbound messages. Deep Discovery Email Inspector applies policies based on the message direction.
  • When you configure multiple rules in a policy, Deep Discovery Email Inspector applies the rules on messages in the following order:

    • Content filtering rules

    • Data loss prevention (DLP) rules

    • Antispam protection rules

    • Advanced threat protection rules

  • In policies, the terminal actions are Delete message, Block and quarantine, and Deliver directly. For policies with multiple rules, Deep Discovery Email Inspector applies only one terminal action on detected messages. After applying a terminal action on a message for a matched rule, Deep Discovery Email Inspector does not match the message against subsequent rules in the policy.

    For more information, see Policy Actions.

  • To quarantine phishing messages, select Quarantine the original message when attachments cannot be stripped in a threat protection rule.

    For more information, see Configuring a Threat Protection Rule and Policy Actions.

  • A policy must include one threat detection rule. Content filtering, DLP, and antispam rules are optional in a policy.

  • If you specify multiple content filtering, data loss prevention (DLP), or antispam rules in a policy, you can set the rule matching priority.

  • You can create a policy that applies to all incoming messages to any email addresses in your domain (for example, specify *@domain.com for recipients).

  • You can create a policy that applies to all outgoing messages from any email addresses in your domain (for example, specify *@domain.com for senders).

  • To prevent a virus leak and ensure that all messages are scanned, Trend Micro recommends that you create one policy that applies to inbound or outbound messages for all recipients and senders, and with the lowest priority in the Policy List.

  • If Active Directory query times out or an email address is invalid for a message, Deep Discovery Email Inspector applies the policy for all recipients and senders to the message.

  • If you configure more than one policy to apply to the same message direction for all recipients and senders in the Policy List, Deep Discovery Email Inspector applies the policy with the highest priority.