Rule Type

  1. Select one of the following rule types:
    • Encrypted attachments: Messages with attachments that could not be scanned specifically because of encryption. By default, encrypted attachments are delivered to all users. A banner is added advising users that the message is not guaranteed to be virus-free and should not be opened unless it is an expected message.
    • Unscannable attachments: Messages with attachments that cannot be scanned (for reasons other than encryption). By default, unscannable attachments are delivered to all users. A banner is added advising users that the message is not guaranteed to be virus-free and should not be opened unless it is an expected message.
    • SophosLabs suspect attachments: Messages with attachment types that are likely to contain viruses. By default, for all users, messages with suspect attachments are quarantined, the attachments are removed, and the messages are delivered. A banner is added advising users that potentially dangerous attachments were identified and removed.
    • Sender Policy Framework (SPF): SPF provides a way to verify that a message does not have a forged sender address. For senders that provide an SPF record, creating an inbound policy rule will ensure that the envelope sender address has not been forged.
    • DKIM (DomainKeys Identified Mail) verification: DKIM provides a way of verifying the reputation of senders using cryptographic authentication. Creating DKIM policy rules can attach an identifier to outbound messages, and can verify the identifier of incoming messages.
    • Sophos Sandstorm: Sandstorm provides a higher level of security by performing real-time, in-depth threat analysis of potentially malicious messages. Suspicious messages are sent for detailed threat analysis. If found to be malicious, messages are dropped, else delivered to the respective recipient.
    • Time-of-Click Protection: Time-of-Click Protection scans URLs contained in an email message at the time a user clicks. It dynamically blocks malicious links while genuine links can be accessed.
    Reputation-based threat protection:
    • For an outbound policy rule you can select Add DKIM signature.
    • For an inbound policy rule you can select Sender Policy Framework (SPF) or DKIM verification.
  2. Configure reputation-based threat protection.
    • For an outbound policy rule you can select Add DKIM signature. By adding a DKIM signature, you permit the verification of the signer of the mail, as well as the integrity of its contents.
    • For an inbound policy rule you can select Sender Policy Framework (SPF) or DKIM verification.
    Note
    An SPF record is a type of Domain Name Service (DNS) record that identifies which mail servers are permitted to send email on behalf of your domain. DKIM provides a domain-level digital signature authentication framework for email. Both provide a way to determine if a message has been forged.
  3. [Optional] Select Enable advanced policy options to make all additional wizard options available. Certain steps in the wizard are grayed out, according to the selected rule type.
  4. Click Next.