4. Mail Settings

📖 Overview

The Mail Settings section allows administrators to configure detailed filtering and enforcement rules for email messages. These rules can be applied based on file attachment types, message body content, or sender domain — providing a flexible, policy-driven approach to mail security.

Each submodule here is proactive: instead of waiting for a threat to be detected, you can pre-define what should be blocked or allowed.

🔒 Why It Matters

Reactive protection (signature detection, heuristic scanning) is vital — but without strong preventive filters, many threats can still reach users.

Mail Settings enables you to:

Define what content is acceptable
Block specific threats before analysis
Reduce false negatives through custom logic
Enforce organization-specific compliance (e.g., no .exe, block profanity, whitelist partners)

📂 What’s Included

📁 4.1 File

Purpose: Control what types of files are allowed or denied in email attachments.

Features:

Block by file extension (e.g., .exe, .js, .scr)
Allow only safe formats (e.g., .pdf, .docx)
Apply to inbound, outbound, or internal email traffic
Define rules based on filename patterns or hashes

Use Cases:

Block delivery of dangerous executables
Allow Office documents, deny archives like .rar
Prevent delivery of macro-enabled files

🛡️ Combine with 3.1 Files module to analyze verdicts of previously seen files.

📝 4.2 Mail Body

Purpose: Filter incoming or outgoing emails based on the presence of specific keywords or phrases in the message body.

Features:

Keyword-based content detection
Case-sensitive and pattern-based matching
Custom blacklist enforcement
Word-based sensitivity control

Use Cases:

Block profanity or internal data leakage
Detect business-sensitive phrases (e.g., “wire transfer”, “invoice attached”)
Filter unwanted marketing language or banned slogans
Enforce legal compliance (GDPR-sensitive data mentions)

📌 Blocked terms are logged under the “BLOCKED WORDS IN CONTENT” verdict in 3.3 Mail and 2. Reporting.

🌐 4.3 Sender Domain

Purpose: Manually manage a list of allowed or blocked sending domains.

Features:

Maintain dynamic whitelist and blacklist of sender domains
Override automated classification (e.g., always allow trustedpartner.com)
Protect users from known malicious sender domains

Use Cases:

Block domains used in persistent phishing attacks
Allow mission-critical external partners regardless of content filters
Isolate third-party marketing platforms that trigger spam rules

🚫 Domains marked as blacklisted will result in all emails being blocked automatically — even if the message content is clean.

🧠 Best Practices

4. Mail Settings

📖 Overview

Each submodule here is proactive: instead of waiting for a threat to be detected, you can pre-define what should be blocked or allowed.

🔒 Why It Matters

Reactive protection (signature detection, heuristic scanning) is vital — but without strong preventive filters, many threats can still reach users.

Mail Settings enables you to:

Define what content is acceptable
Block specific threats before analysis
Reduce false negatives through custom logic
Enforce organization-specific compliance (e.g., no .exe, block profanity, whitelist partners)

📂 What’s Included

📁 4.1 File

Purpose: Control what types of files are allowed or denied in email attachments.

Features:

Block by file extension (e.g., .exe, .js, .scr)
Allow only safe formats (e.g., .pdf, .docx)
Apply to inbound, outbound, or internal email traffic
Define rules based on filename patterns or hashes

Use Cases:

Block delivery of dangerous executables
Allow Office documents, deny archives like .rar
Prevent delivery of macro-enabled files

🛡️ Combine with 3.1 Files module to analyze verdicts of previously seen files.

📝 4.2 Mail Body

Purpose: Filter incoming or outgoing emails based on the presence of specific keywords or phrases in the message body.

Features:

Keyword-based content detection
Case-sensitive and pattern-based matching
Custom blacklist enforcement
Word-based sensitivity control

Use Cases:

Block profanity or internal data leakage
Detect business-sensitive phrases (e.g., “wire transfer”, “invoice attached”)
Filter unwanted marketing language or banned slogans
Enforce legal compliance (GDPR-sensitive data mentions)

📌 Blocked terms are logged under the “BLOCKED WORDS IN CONTENT” verdict in 3.3 Mail and 2. Reporting.

🌐 4.3 Sender Domain

Purpose: Manually manage a list of allowed or blocked sending domains.

Features:

Maintain dynamic whitelist and blacklist of sender domains
Override automated classification (e.g., always allow trustedpartner.com)
Protect users from known malicious sender domains

Use Cases:

Block domains used in persistent phishing attacks
Allow mission-critical external partners regardless of content filters
Isolate third-party marketing platforms that trigger spam rules

🚫 Domains marked as blacklisted will result in all emails being blocked automatically — even if the message content is clean.