# 4. Mail Settings #### 📖 Overview The **Mail Settings** section allows administrators to configure detailed filtering and enforcement rules for email messages. These rules can be applied based on **file attachment types**, **message body content**, or **sender domain** — providing a flexible, policy-driven approach to mail security. Each submodule here is **proactive**: instead of waiting for a threat to be detected, you can **pre-define what should be blocked or allowed**. *** #### 🔒 Why It Matters Reactive protection (signature detection, heuristic scanning) is vital — but without strong **preventive filters**, many threats can still reach users. Mail Settings enables you to: * Define what content is acceptable * Block specific threats before analysis * Reduce false negatives through custom logic * Enforce organization-specific compliance (e.g., no `.exe`, block profanity, whitelist partners) *** #### 📂 What’s Included *** ### 📁 4.1 File **Purpose:**\ Control what types of files are allowed or denied in email attachments. **Features:** * Block by file extension (e.g., `.exe`, `.js`, `.scr`) * Allow only safe formats (e.g., `.pdf`, `.docx`) * Apply to inbound, outbound, or internal email traffic * Define rules based on filename patterns or hashes **Use Cases:** * Block delivery of dangerous executables * Allow Office documents, deny archives like `.rar` * Prevent delivery of macro-enabled files > 🛡️ Combine with 3.1 Files module to analyze verdicts of previously seen files. *** ### 📝 4.2 Mail Body **Purpose:**\ Filter incoming or outgoing emails based on the presence of **specific keywords or phrases** in the message body. **Features:** * Keyword-based content detection * Case-sensitive and pattern-based matching * Custom blacklist enforcement * Word-based sensitivity control **Use Cases:** * Block profanity or internal data leakage * Detect business-sensitive phrases (e.g., “wire transfer”, “invoice attached”) * Filter unwanted marketing language or banned slogans * Enforce legal compliance (GDPR-sensitive data mentions) > 📌 Blocked terms are logged under the “BLOCKED WORDS IN CONTENT” verdict in 3.3 Mail and 2. Reporting. *** ### 🌐 4.3 Sender Domain **Purpose:**\ Manually manage a list of **allowed or blocked sending domains**. **Features:** * Maintain dynamic **whitelist** and **blacklist** of sender domains * Override automated classification (e.g., always allow `trustedpartner.com`) * Protect users from known malicious sender domains **Use Cases:** * Block domains used in persistent phishing attacks * Allow mission-critical external partners regardless of content filters * Isolate third-party marketing platforms that trigger spam rules > 🚫 Domains marked as blacklisted will result in all emails being blocked automatically — even if the message content is clean. *** #### 🧠 Best Practices | Category | What to Do | | -------------- | ------------------------------------------------------ | | File Filtering | Block `.exe`, `.js`, `.vbs`, `.scr`, `.iso` by default | | Mail Body | Monitor and regularly update keyword list | | Sender Domain | Review reputation data before whitelisting | *** > 🎯 The Mail Settings module helps you stay one step ahead — by deciding what should never enter your inbox in the first place. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.shieldsguard.com/shieldsguard-seg/4.-mail-settings.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.