Rule Type

About this task

Follow these steps

  1. Select one of the following rule types:
    • Encrypted attachments: Messages with attachments that could not be scanned specifically because of encryption. By default, encrypted attachments are delivered to all users. A banner is added advising users that the message is not guaranteed to be virus-free and should not be opened unless it is an expected message.
    • Unscannable attachments: Messages with attachments that cannot be scanned (for reasons other than encryption). By default, unscannable attachments are delivered to all users. A banner is added advising users that the message is not guaranteed to be virus-free and should not be opened unless it is an expected message.
    • SophosLabs suspect attachments: Messages with attachment types that are likely to contain viruses. By default, for all users, messages with suspect attachments are quarantined, the attachments are removed, and the messages are delivered. A banner is added advising users that potentially dangerous attachments were identified and removed.
    • Sender Policy Framework (SPF): SPF provides a way to verify that a message does not have a forged sender address. For senders that provide an SPF record, creating an inbound policy rule will ensure that the envelope sender address has not been forged.
    • DKIM (DomainKeys Identified Mail) verification: DKIM provides a way of verifying the reputation of senders using cryptographic authentication. Creating DKIM policy rules can attach an identifier to outbound messages, and can verify the identifier of incoming messages.
    • Sophos Sandstorm: Sandstorm provides a higher level of security by performing real-time, in-depth threat analysis of potentially malicious messages. Suspicious messages are sent for detailed threat analysis. If found to be malicious, messages are dropped, else delivered to the respective recipient.
    • Time-of-Click Protection: Time-of-Click Protection scans URLs contained in an email message at the time a user clicks. It dynamically blocks malicious links while genuine links can be accessed.
    • DMARC verification: DMARC verification is an email validation system built on top of SPF and DKIM. It detects and prevents email spoofing. It detects whether the sender email address legitimately originates from a domain.

    Reputation-based threat protection:

    Choose from the following:
    • For an outbound policy rule you can select Add DKIM signature.
    • For an inbound policy rule you can select Sender Policy Framework (SPF), DKIM verification or DMARC verification.
  2. Configure reputation-based threat protection.
    Choose from the following:
    • For an inbound policy rule you can select Sender Policy Framework (SPF), DKIM verification or DMARC verification.
      Note
      An SPF record is a type of Domain Name Service (DNS) record that identifies which mail servers are permitted to send email on behalf of your domain. DKIM provides a domain-level digital signature authentication framework for email. Both provide a way to determine if a message has been forged. DMARC is built on top of SPF and DKIM. It specifies when the information in the From: header field is valid.
    • For an outbound policy rule you can select Add DKIM signature. By adding a DKIM signature, you permit the verification of the signer of the mail, as well as the integrity of its contents.
      Note
      DMARC verification for outbound messages from your domain is not configured on the appliance. For information on how to create a DMARC DNS record see Related information.
  3. [Optional] Select Enable advanced policy options to make all additional wizard options available. Certain steps in the wizard are grayed out, according to the selected rule type.
  4. Click Next.