McAfee SMEFCE-AI-DA Administration Guide - Page 163
Answer, Policy, Configurations, Accept and Silent Discard
View all McAfee SMEFCE-AI-DA manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 163 highlights
Email Protection Administrator Guide To help prevent this situation, you can use wildcards to designate an entire domain or part of an email address (if there is a common pattern) to be added in the Allow list, thus accepting all mail from the domain or email addresses that matched the designated pattern. Question: What are the default email policies? Answer: You can view the current default policy configurations in the Policy Configurations set of windows. The default settings are designed to minimize the possibility that email will be blocked while still providing reasonable protections against attacks and viruses. Question: How does Email Protection score spam? What about "false positives"? Answer: The Anti-Spam filtering technology detects the likelihood that an email is spam by processing the email through thousands of heuristics, rules, and tests, as well as sophisticated statistical classification techniques, as part of its Stacked Classification Framework®. Each test provides a weighted score that is added to the overall "spam score." We have pre-defined two threshold scores for your Anti-Spam policy, "high" and "medium." You can designate a separate action to be performed for each threshold. It is important to note that some emails might be marked as spam when in fact they are legitimate emails ("false positive"). While we believe that this false positive tagging will not be a frequent occurrence, it may happen occasionally, especially to mailing-list and newsletter traffic. In such cases, we ask that you help us "tune" our spam thresholds and rules by sending a forwarded copy of the email with all content and attachments to [email protected]. Your interaction is crucial in helping us build better AntiSpam rules. Using the Control Console, you can quarantine, tag, or block emails based on the corresponding threshold levels. Additionally, you can construct enterprise-level Allow and Deny lists that override spam threshold levels. Finally, you can enable or disable the Realtime Blackhole List (RBL). Question: What exactly does "deny delivery" do? Will we add to email volume by generating bounce messages if we set our policies to "Deny"? Answer: To satisfy standard SMTP protocol, if an email is denied for any reason, the Email Protection MTA sends a 5xx Deny message to the sender MTA. At that point, the standard configuration for the sender MTA is to send a bounce email to the sender address. It is possible that the sender MTA will just drop the message, but this is atypical. Email Protection has no control over the actions of the sender MTA. The exception to this processing is if the Recipient Shield policy is set to Deny. In this case, Email Protection will generate the bounce email and send it directly to the sender address. Use the Accept and Silent Discard email action for the relevant policies if you want to minimize email volume caused by 5xx Deny messages or if you do not want the sender to be notified that the email was denied. This email action accepts the email as if it was valid, and then discards it without notification to the sender or recipient. November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission 155