FAQs and Instructions

Table 1. Frequently Asked Questions (FAQs)
Question Answer

What is Hosted Email Security?

Trend Micro Hosted Email Security provides always-up-to-the-minute email security with no maintenance required by IT staff to stop spam, viruses and other malware before they reach your network.

Trend Micro Hosted Email Security is a hosted service that can benefit any size organization. We provide the hardware, software, and messaging expertise to cleanse your email messages of spam, viruses, worms, Trojans, and phishing (identity theft) attacks. The cleaned email messages are sent directly to your MTA for final delivery to your end users. Hosted Email Security can also use LDAP directories to help prevent backscatter (or outscatter) spam and Directory Harvest Attacks (DHA).

What are the advantages of Hosted Email Security?

As a hosted, off-site service, Hosted Email Security can stop attacks before they get a chance to reach your network. In addition to stopping spam, viruses, worm, Trojans, and other malware, Hosted Email Security can protect your network from attacks that:

  • Attempt to block your Internet connection (Denial of Service)

  • Steal your email addresses for spammers (Directory Harvest Attacks)

How can I upgrade?

Hosted Email Security is a hosted service and so there is no need to buy additional hardware or software. The service is managed by security professionals, relieving your IT staff of the burden of installing, maintaining, and fine-tuning a complex email security system.

How can I migrate configurations from the trial Hosted Email Security management console to the production management console after purchasing Smart Protection Complete with a full license?

Attach the Customer Licensing Portal (CLP) account you created with the Hosted Email Security trial license to your Smart Protection Complete full license first.

  1. Log on to the CLP (https://clp.trendmicro.com) using your CLP account credentials.

  2. Go to My Products/Services and click Provide Key.

  3. On the License Key screen, type your registration key, not the activation code, in the Provide your Activation Code or product key text box, and then click Continue.

  4. Select the check box and click Continue to finish the process.

After you re-log on to the Hosted Email Security production management console, all configurations are migrated and your license is updated.

Will email message delivery be delayed?

The time required to process each message is measured in milliseconds. Any delay in the delivery of your messages is negligible and will not be noticed by the end user.

How much does the service cost?

Trend Micro Hosted Email Security is priced on a per user basis under an annual contract. The cost per user drops as the number of users increases.

There is no set-up fee or additional support costs from Trend Micro. There may be a small fee (unlikely) associated with changing your MX record. Contact your web-hosting service to review their pricing policies.

Is Hosted Email Security confidential? Who reads my mail?

All messages are processed automatically and transparently. Many messages are rejected before they are even received based on the reputation of the IP that is attempting to send the message. Messages that are received are processed through a multi-layered spam and virus filtering system that does not include any human intervention. Messages are never stored unless your MTA becomes unavailable.

What do I need in order to access the administrator console?

To use this service you only need to have an existing Internet gateway or workgroup email connection and a web browser for accessing the online reporting and administrator console.

To access the console through Trend Micro Licensing Management Platform (LMP), you need the service web address and account information.

How do I get started using Hosted Email Security?

To get started using Hosted Email Security, do the following:

  1. Submit account activation information

  2. Log on the Hosted Email Security administrator console

  3. Add one or more domains to manage

  4. Confirm mail delivery through Hosted Email Security

  5. Redirect the MX record for your domain

  6. Configure your MTA, if applicable

A simple redirection of your MX record is needed to start the service. Your email messages are processed by Trend Micro Hosted Email Security to remove spam, viruses, worms, Trojans, and phishing attacks; the clean messages are then sent directly to your MTA.

How do I redirect my mail exchanger record (MX record)?


Add and configure your domain to your Hosted Email Security account before redirecting your MX record to the service.

If you manage your own DNS, you can manually redirect your MX record. If your DNS is managed by a third-party or ISP, either they can do this for you or they may have a simple web interface allowing you to make the change yourself. It can take up to 48 hours for any changes to propagate throughout the system.

Below are the MX records for the Hosted Email Security MTA for your region:

  • For Europe, the Middle East, Africa: in.hes.trendmicro.eu

  • For all other regions: in.hes.trendmicro.com

To redirect your MX record:

  1. For details about adding an MX record for the Hosted Email Security server, see step 1 in Configuring a Domain.

  2. Check Hosted Email Security welcome email message, which contains the specific MX record information.

  3. Do one of the following:

    • Manual configuration

      If you manage your own DNS, you can manually edit your MX record (this applies to self-managed, smaller accounts).

    • Through a support technician

      If you are unsure how to configure the MX records for your domain, contact your Internet Service Provider's (ISP) helpdesk or your Domain Name Service (DNS) technician for assistance. If your DNS is managed by a third-party or ISP, either they can do this for you or they may have a simple Web interface allowing you to make the change yourself. It can take up to 48 hours for any changes to propagate throughout the system.

After making the modifications to the MX record, Hosted Email Security becomes the point of entry of messages for your domain. After the DNS record modifications take effect (up to 48 hours), all inbound email traffic is routed through Hosted Email Security.


After the modifications take affect, test the message route by sending messages from another email service provider (for example, Yahoo! Mail or Gmail) to a recipient in your domain. If you receive the message from that email service provider, the MX record is configured correctly.

Where can I locate the instruction to redirect the MX record to point to Hosted Email Security?

The MX record determines the message routing for all email messages sent to your domain.

The Hosted Email Security welcome email message from Trend Micro specifically provides details about where to redirect your MX record.

How do I accept email messages from the service?

To ensure that you are able to receive email messages processed by the service:

  • Configure your firewall to accept traffic from Hosted Email Security IP addresses

  • Configure your MTA to accept transactions from these IP addresses

Can I try Hosted Email Security on a limited number of email addresses?



Trend Micro recommends that you use a test domain for trial purposes. Doing so allows you to experience the service and test how it functions for different types of users.

Does Hosted Email Security store or archive email messages?

Hosted Email Security does not store or archive email messages by default. All messages are processed and immediately passed through to the customer's MTA. Messages are not spooled or stored in memory unless your MTA becomes unavailable. However, if you create a policy to quarantine messages (spam for example) these email messages will be stored at our data center for up to 30 days.

How do I reset or resend an End User Quarantine console password?

One of my users lost or cannot remember their password.

Go to Administration > End-User Management > Passwords and fill out the form. The end user will receive an email message with an activation web address and will need to click the activation web address and then enter the appropriate email address and a new password on the Hosted Email Security End User Quarantine console logon screen.

For more information, see Changing End User Passwords.

What does the service do when my MTA is unavailable?

If your MTA becomes unavailable for whatever reason, your message stream is automatically queued for up to ten (10) days or until such time that your server comes back online.

You should not lose any of your valuable email messages due to hardware or software failure, power outages, network failure or simple human error.

Where does outgoing mail go?

By default, your outbound email messages are handled directly by your own MTA and passed out to other networks as it is currently handled. However, with Hosted Email Security (full version) you can choose to redirect your outbound email traffic through Hosted Email Security services.

Opting for Outbound Filtering:

When you activate Hosted Email Security, you will be informed of what MTA to send your outbound messages to if you choose to utilize outbound filtering.

For complete instructions on enabling outbound filtering, see Managing Domains.

What happens when my license expires?

Immediately after your license expires, it will go through a grace period, wherein the service continues as expected. After the grace period, however, your inbound messages will be stamped with a notification and you will lose access to the administrator console. Eventually, your data will be permanently deleted. To prevent unnecessary disruptions to your email service, please renew your license before it expires.

How does Hosted Email Security implement the Transport Layer Security (TLS) protocol?

Hosted Email Security is configured in Opportunistic Transport Layer Security (TLS) mode. In this mode, the MTA servers will initially check if the sending or receiving MTA can perform SMTP transaction in TLS mode. If so, the entire session and process will be done in TLS mode.