The feature is available for McAfee Email Protection Advanced Plan (and higher).
This article describes how to create and customize Email Protection policies in the McAfee Control Console.
To access McAfee Control Console, log in to HostPilot® Control Panel, navigate to Services > Protection > click Manage.
McAfee is using 6 types of policies:
- Virus policy
- Spam policy/content policy
- Attachment policy
- Email Authentication policy
- ClickProtect policy
- Allow/deny lists (both on policy level and user level)
Policy creation and customization
To create a new policy, navigate to Email Protection > Policy > New. Enter policy name, copy settings from existing policy (that is by design to have basic protection enabled) and click Save:
Note: allow up to 20 minutes for policy propagation.
To edit policy settings and to subscribe user groups to the policy, select the policy and click Edit. On the Group Subscribtions tab, select a group and click Add > Save:
Read the Knowledge Base article on McAfee: User Management for more information about grouping users.
Select action against a message containing a virus and choose if you want to send out notificatication to the sender/recipient when a certain type of action is taken:
Select action against a spam-like message depending on how spammy it is. You can also create Content Groups and modify reporting settings. Read the Knowledge Base article on McAfee Spam Reports for more information.
Note: the Block unrecognized bounce messages ("backscatter") option works only for the McAfee Email Data Loss Protection and Email Continuity plan. For the Advanced plan, all such messages will be rejected since the original outbound email does not pass McAfee servers and they have no ways of knowing it is legitimate (From field will show as empty).
ClickProtect policy protects you from the dangerous links in the body of the message. Depending on the reputation of the website to which the link leads, different scan-time and click-time action can be taken.
You can also customize warning message for the recipients and include certain domains, URLs and IP addresses to the Allow list.
You can review default Content Groups and create Custom ones. A content group is a list of keywords.
HTML Shield allows you to apply an additional layer of security to HTML formatted emails by eliminating varying levels of potentially harmful HTML content.
Note: Content Group is not a whitelist or a blacklist. It can only ensure passing/failing content check.
You can allow or block specific attachment file types and select which action to take on the emails containing them.
You can also create Filename Policies which would search for specific filenames in the emails.
Additionaly, you can create additional rules for predifined file types and refine the policies for allowed file types. You can also send out notificatications to the sender/recipient when a certain type of action is taken.
You can define the list of email addresses, domains or IP addresses which are always denied or allowed.
Recipient Shield allows you to create a list of email addresses in your organization and select which action to take on the messages sent to those addresses.
Note: Domain-level Allow and Deny lists are applied before user-level lists:
- if the sender is in the Allow list in the default policy, but in the Blocked Senders list in the personal, the email will be rejected once the personal list is applied
- if the sender is in the Deny list in the default policy, but in the Allowed Senders list on the user level, the email will be rejected by the Inbound Policy
- if the action for spam with high likelihood is to reject the email (or any other reject action) on the domain level, the user-level allow list will not be applied
- in case the email triggers the quarantine action in the Inbound Policy (domain-level), it will be delivered to Inbox due to personal Allow list settings (without the Quarantine action)
Email Authentication feature provides additional validation of email senders and is useful for indetifying forged or spoofed messages and phishing attempts.
To enforce TLS/SPF/DKIM, enter the domain name of the sender and click Add > Save.
- Enforced TLS
Transport Layer Security (TLS) is used to encrypt inbound and outbound emails. Enforced TLS can require that TLS is used to receive an inbound email from or, deliver an outbound email to the specified domains. If Enforced TLS is specified and TLS cannot be negotiated, the message is denied and notifications can optionally be sent to the sender, recipient, or both.
- Enforced SPF
Sender Policy Framework (SPF) can be used by email recipients to determine if the messages they receive were sent from an IP address authorized by the domain owner, which can help detect spoofing. SPF can only help detect spoofing when domain owners implement and maintain SPF records in Domain Name Server (DNS).
Read the Knowledge Base article on What Is An SPF Record? How Do I Change It? for more information.
- Enforced DKIM
DomainKeys Identified Mail (DKIM) is part of the Email Authentication suite designed to verify the email sender and the message integrity. The DomainKeys specification has adopted aspects of identified internet mail to create an enhanced protocol called DomainKeys Identified Mail.