4. Mail Settings

📖 Overview

The Mail Settings section allows administrators to configure detailed filtering and enforcement rules for email messages. These rules can be applied based on file attachment types, message body content, or sender domain — providing a flexible, policy-driven approach to mail security.

Each submodule here is proactive: instead of waiting for a threat to be detected, you can pre-define what should be blocked or allowed.

🔒 Why It Matters

Reactive protection (signature detection, heuristic scanning) is vital — but without strong preventive filters, many threats can still reach users.

Mail Settings enables you to:

  • Define what content is acceptable

  • Block specific threats before analysis

  • Reduce false negatives through custom logic

  • Enforce organization-specific compliance (e.g., no .exe, block profanity, whitelist partners)

📂 What’s Included

📁 4.1 File

Purpose: Control what types of files are allowed or denied in email attachments.

Features:

  • Block by file extension (e.g., .exe, .js, .scr)

  • Allow only safe formats (e.g., .pdf, .docx)

  • Apply to inbound, outbound, or internal email traffic

  • Define rules based on filename patterns or hashes

Use Cases:

  • Block delivery of dangerous executables

  • Allow Office documents, deny archives like .rar

  • Prevent delivery of macro-enabled files

🛡️ Combine with 3.1 Files module to analyze verdicts of previously seen files.

📝 4.2 Mail Body

Purpose: Filter incoming or outgoing emails based on the presence of specific keywords or phrases in the message body.

Features:

  • Keyword-based content detection

  • Case-sensitive and pattern-based matching

  • Custom blacklist enforcement

  • Word-based sensitivity control

Use Cases:

  • Block profanity or internal data leakage

  • Detect business-sensitive phrases (e.g., “wire transfer”, “invoice attached”)

  • Filter unwanted marketing language or banned slogans

  • Enforce legal compliance (GDPR-sensitive data mentions)

📌 Blocked terms are logged under the “BLOCKED WORDS IN CONTENT” verdict in 3.3 Mail and 2. Reporting.

🌐 4.3 Sender Domain

Purpose: Manually manage a list of allowed or blocked sending domains.

Features:

  • Maintain dynamic whitelist and blacklist of sender domains

  • Override automated classification (e.g., always allow trustedpartner.com)

  • Protect users from known malicious sender domains

Use Cases:

  • Block domains used in persistent phishing attacks

  • Allow mission-critical external partners regardless of content filters

  • Isolate third-party marketing platforms that trigger spam rules

🚫 Domains marked as blacklisted will result in all emails being blocked automatically — even if the message content is clean.

🧠 Best Practices

Category
What to Do

File Filtering

Block .exe, .js, .vbs, .scr, .iso by default

Mail Body

Monitor and regularly update keyword list

Sender Domain

Review reputation data before whitelisting

🎯 The Mail Settings module helps you stay one step ahead — by deciding what should never enter your inbox in the first place.

Previous3.4 DomainNext4.1 File

Last updated