Email Protection Administrator Guide
November 2012
Proprietary: Not for use or disclosure outside McAfee without written permission
155
To help prevent this situation, you can use wildcards to designate an entire domain or part
of an email address (if there is a common pattern) to be added in the Allow
list, thus
accepting all mail from the domain or email addresses that matched the designated pattern.
Question: What are the default email policies?
Answer:
You can view the current default policy configurations in the
Policy
Configurations
set of windows. The default settings are designed to minimize the
possibility that email will be blocked while still providing reasonable protections against
attacks and viruses.
Question: How does Email Protection score spam? What about “false
positives”?
Answer:
The Anti-Spam filtering technology detects the likelihood that an email is spam
by processing the email through thousands of heuristics, rules, and tests, as well as
sophisticated statistical classification techniques, as part of its Stacked Classification
Framework
®
. Each test provides a weighted score that is added to the overall “spam
score.” We have pre-defined two threshold scores for your Anti-Spam policy, “high” and
“medium.” You can designate a separate action to be performed for each threshold.
It is important to note that some emails might be marked as spam when in fact they are
legitimate emails (“false positive”). While we believe that this false positive tagging will
not be a frequent occurrence, it may happen occasionally, especially to mailing-list and
newsletter traffic. In such cases, we ask that you help us “tune” our spam thresholds and
rules by sending a forwarded copy of the email with all content and attachments to
. Your interaction is crucial in helping us build better Anti-
Spam rules.
Using the Control Console, you can quarantine, tag, or block emails based on the
corresponding threshold levels. Additionally, you can construct enterprise-level Allow and
Deny lists that override spam threshold levels. Finally, you can enable or disable the
Realtime Blackhole List (RBL).
Question: What exactly does “deny delivery” do? Will we add to email
volume by generating bounce messages if we set our policies to
“Deny”?
Answer:
To satisfy standard SMTP protocol, if an email is denied for any reason, the
Email Protection MTA sends a 5xx Deny message to the sender MTA. At that point, the
standard configuration for the sender MTA is to send a bounce email to the sender address.
It is possible that the sender MTA will just drop the message, but this is atypical. Email
Protection has no control over the actions of the sender MTA.
The exception to this processing is if the Recipient Shield policy is set to Deny. In this
case, Email Protection will generate the bounce email and send it directly to the sender
address.
Use the
Accept and Silent Discard
email action for the relevant policies if you want to
minimize email volume caused by 5xx Deny messages or if you do not want the sender to
be notified that the email was denied. This email action accepts the email as if it was valid,
and then discards it without notification to the sender or recipient.