What's New

Support for Authenticated Received Chain (ARC)

Trend Micro Email Security adds support for ARC in DMARC authentication. If ARC is enabled and an ARC chain is present and validated, some legitimate messages that fail DMARC authentication due to intermediate processing will pass the authentication.

For details, see Domain-based Message Authentication, Reporting & Conformance (DMARC).

Policy Event Log Enhancement

Trend Micro Email Security enhances its policy event logs by providing more details about Virtual Analyzer scan exceptions.

Email Attachment Sanitizing

Trend Micro Email Security supports email attachment sanitizing for both incoming and outgoing messages. When configuring a content filtering policy, you can choose whether to set actions specifically for email messages that contain active content such as macros in Microsoft Office attachments.

For details, see Removing Active Content from Attachments.

Layout Optimization for Quarantine Digest Notifications

Trend Micro Email Security is optimized to make the layout for quarantine digest notifications more mobile-friendly.

Stamp Enhancement

Trend Micro Email Security further supports HTML stamps besides already supported plain text stamps. You can customize HTML stamps based on predefined styles, and view an automatic plain text version of the customized stamps in real time.

For details, see Managing Stamps.

Quarantined Message Management Enhancement

Trend Micro Email Security allows you to configure settings for end users to view quarantined messages and take action on the End User Console and in the quarantine digest notifications. In addition, quarantined message query is optimized to provide a reasonable and consistent user experience.

For details, see Configuring End User Quarantine Settings.

Support for Wildcard Domain in Address Groups

Trend Micro Email Security supports wildcard domains for email addresses in hybrid address groups. In addition, when you search for address groups by email address, wildcard search is used instead of partial search.

For details, see Managing Address Groups.

Keyword Expression Test Support

Trend Micro Email Security now enables you to test the keyword expression functionality when you add a new keyword expression.

For details, see Adding Keyword Expressions

Log Search Enhancement

Trend Micro Email Security enhances its log search feature by allowing you to search mail tracking logs by sender IP address and destination IP address.

For details, see Understanding Mail Tracking.

Keyword Expression Enhancement

Trend Micro Email Security is enhanced to add another match condition to the Keywords and Expressions feature under Administration > Policy Objects. With this enhancement, Trend Micro Email Security will trigger actions when the combined score of all matched keyword expressions reaches the specified threshold.

For details, see Adding Keyword Expressions.

Redirect Page Customization Support for Time-of-Click Protection

Trend Micro Email Security enhances Time-of-Click Protection settings by allowing you to customize redirect pages for suspicious, dangerous, and untested URLs in inbound messages. The redirect page customization settings apply to incoming messages of the entire organization.

For details, see Configuring Time-of-Click Protection Settings.

High Profile Domains

Trend Micro Email Security allows you to add high profile domains, for example, your partners' domains or domains of famous brands, to leverage the improved Trend Micro Antispam Engine to detect cousin domains. A cousin domain looks deceptively similar to a legitimate target domain and is often used in phishing attacks to steal sensitive or confidential information from users.

For details, see High Profile Domains.

Renaming from "Business Email Compromise (BEC)" to "High Profile Users"

With the launch of the High Profile Domains feature, Trend Micro Email Security renames the Business Email Compromise (BEC) menu under Inbound Protection to High Profile Users to provide a more accurate description of the feature.

Support for Enabling/Disabling Log Retrieval

Trend Micro Email Security allows you to decide whether to retrieve policy event logs and mail tracking logs via REST APIs for third-party SIEM application integration.

For details, see Log Retrieval.

File Password Analysis Result Visibility in Mail Tracking Logs

Trend Micro Email Security shows the password analysis result of email attachments in mail tracking logs.

Support for %HEADERS%

Trend Micro Email Security now supports the %HEADERS% token, which will be replaced with message headers in stamps and notification body.

DNS-Based Authentication of Named Entities (DANE) Support for Outgoing TLS Connections

Trend Micro Email Security now supports DANE for outgoing TLS connections.

For details, see Transport Layer Security (TLS) Peers.

SPF Action Enhancement

For details, see Adding SPF Settings.

License Information Optimization

Trend Micro Email Security is optimized to show all the licenses that you have purchased under Administration > License Information. In addition, a grace end date is provided in the license information.

Organization-Level Policy

Trend Micro Email Security is enhanced to allow you to create inbound and outbound protection policies at the organization level. These policies automatically apply to all domains in your organization including the new ones added in the future. Organization-level policies make policy management easier than otherwise.

For details, see Configuring Policies.

Predictive Machine Learning Support in Outbound Protection

Trend Micro Email Security adds support for Predictive Machine Learning in outbound protection, allowing you to specify Predictive Machine Learning settings in virus scan rules.

Syslog Enhancement

In addition to detection logs, audit logs and mail tracking logs, Trend Micro Email Security can now forward URL click tracking logs to syslog servers.

Quarantine Digest Template Enhancement

For details, see Adding or Editing a Digest Template.

Log Search Enhancement

Trend Micro Email Security enhances its log search feature by allowing you to search policy event logs by message header address and threat name, and search mail tracking logs by message header address.

For details, see Understanding Mail Tracking and Understanding Policy Events.

IP Reputation Enhancement

Trend Micro Email Security enhances its IP Reputation feature by allowing you to search, import, and export approved and blocked IP addresses.

For details, see Understanding IP Reputation.

REST API Support Enhancement

Trend Micro Email Security enhances its REST API Support feature by opening two more APIs, allowing you to retrieve policy event logs and mail tracking logs from Trend Micro Email Security. These logs can be aggregated with other security data by security information and event management (SIEM) applications to detect abnormal behaviors or potential threats.

For details, refer to the Trend Micro Email Security REST API Online Help at http://docs.trendmicro.com/en-us/enterprise/trend-micro-email-security.aspx for details.

Address Group Support

Trend Micro Email Security supports local address groups, which can be used in policy routing. If some email addresses are used in multiple policies, maintaining an address group that contains the email addresses facilitates policy management.

For details, see Managing Address Groups.

Message Size Limit Raised to 150 MB

Trend Micro Email Security has increased the maximum message size limit to 150 MB for both inbound and outbound email messages. For customers with the Trend Micro Email Security Standard license, the message size limit remains 50 MB.

Quarantine Digest Enhancement

Trend Micro Email Security enhances its Quarantine Digest feature by allowing you to:

• Customize digest rules for different recipients

• Apply digest rules to LDAP groups besides domains

• Perform one more inline action “Block Sender” from digest notifications

For details, see Quarantine Digest Settings.

Domain-based Authentication Enhancements

Trend Micro Email Security provides the following enhancements to Domain-based Authentication features under Inbound Protection:

• Adding the Search, Import and Export functions to SPF, DKIM verification, and DMARC settings

• Refining both the user interface design and text for all Domain-based Authentication features

For details, see Domain-based Authentication.

Virtual Analyzer Submission Quota Increase

Trend Micro Email Security has increased the submission quota limiting the number of files and URLs that can be sent to Virtual Analyzer within 24 hours.

For details, see Configuring Virus Scan Criteria and Configuring Web Reputation Criteria.

DKIM and DMARC Enhancement

Trend Micro Email Security is enhanced to enable DKIM verification or DMARC authentication for all sender domains, and exclude some of them by configuring ignored peers. Besides, Trend Micro Email Security supports DKIM signing for outbound messages that have no envelope sender addresses.

For details, see DomainKeys Identified Mail (DKIM) and Domain-based Message Authentication, Reporting & Conformance (DMARC).

Mail Traffic Support for TLS 1.3

Trend Micro Email Security supports transmitting mail traffic with TLS 1.3.

SSO Enhancement

For details, see Logon Methods for administrator subaccounts and Logon Methods for end user accounts.

Quarantined Message Query by Quarantine Reason or Rule Name

Trend Micro Email Security allows you to query quarantined messages by quarantine reason or matched policy rule name.

Widget Available to Show Blocked Message Statistics

Trend Micro Email Security allows you to view blocked message statistics on the dashboard.

Violating URL Extraction from QR Code

Trend Micro Email Security supports extracting violating URLs from QR code.

IMSS or IMSVA Data Migration

A migration tool is provided for existing customers of InterScan Messaging Security Suite (IMSS) or InterScan Messaging Security Virtual Appliance (IMSVA) to smoothly migrate to Trend Micro Email Security, giving them the opportunity to benefit from more advanced and enhanced functionality.

For details, see Migrating Data from IMSS or IMSVA.

Scan Exception Enhancement

Trend Micro Email Security provides a new type of scan exception to deal with the situation where the number of submissions to Virtual Analyzer exceeds the allocated quota.

For details, see Scan Exception List and Virtual Analyzer Quota Usage Details.

Approved Sender X-Header

Trend Micro Email Security allows you to choose whether to insert an X-Header in the message header for email messages matching approved senders. With this feature enabled, you can do extra actions based on the message header on their own MTA or mail server.

For details, see Managing Sender Filter and Sender Filter Settings.

Spam Detection Enhancement

Trend Micro Email Security enhances the phishing and bulk email message detection using the Trend Micro Email Behavior Analysis (EBA) module.

For details, see Configuring Graymail Criteria.

Approved Sender Details Available in Logs

For email messages matching approved senders, Trend Micro Email Security shows the match details in mail tracking logs.

More Types of Logs That Can Be Exported as CSV

Trend Micro Email Security can export mail tracking logs, policy event logs, and URL click tracking logs to CSV files from the log result page.

For details, see Logs in Trend Micro Email Security.

TLS Mutual Authentication for Syslog

To securely forward logs to syslog servers, Trend Micro Email Security allows you to choose whether to authenticate peer certificates, and supports client certificate authentication if required by syslog servers.

For details, see Syslog Server Profiles.

Directory Synchronization Enhancement

Trend Micro Email Security enhances its directory synchronization tool by allowing an administrator to customize search filters and specify a primary email alias in advanced settings.

For details, refer to the Directory Synchronization Tool User's Guide at http://docs.trendmicro.com/en-us/enterprise/trend-micro-email-security.aspx.

Policy Event Log Enhancements

Trend Micro Email Security provides the following enhancements to its policy event logs:

• Extending the sliding window for log search from 30 days to 60 days

• Extending the log retention period from 30 days to 90 days

For details, see Understanding Policy Events.

DMARC and DKIM Enhancement

Trend Micro Email Security now supports organizational domains in DKIM verification, DMARC record query, as well as identifier alignment of DMARC in relaxed mode.

For details, see DomainKeys Identified Mail (DKIM) and Domain-based Message Authentication, Reporting & Conformance (DMARC).

Data Loss Prevention Support in Inbound Protection

Trend Micro Email Security adds support for Data Loss Prevention (DLP) in inbound protection, allowing you to create DLP policies to better manage your incoming email messages that may contain sensitive data.

For details, see Data Loss Prevention.

Syslog Enhancement

Trend Micro Email Security allows you to choose whether to forward specific detection logs about spam violations to syslog servers.

For details, see Syslog Forwarding.

Policy Event Log Enhancements

Policy event logs have been enhanced to include spam as a new threat type, show reorganized threat details, and provide more flexible search criteria to help you learn details about threat detections in email messages received or sent by Trend Micro Email Security.

For details, see Understanding Policy Events.

Syslog Enhancement

In addition to detection logs and audit logs, Trend Micro Email Security can now forward mail tracking logs (accepted traffic only) to syslog servers.

For details, see Configuring Syslog Settings.

Language Support for Italian

In addition to English, Japanese, German, French, Spanish and Brazilian Portuguese, Trend Micro Email Security End User Console adds language support for Italian.