McAfee SMEFCE-AI-DA Administration Guide - Page 163

Answer, Policy, Configurations, Accept and Silent Discard

Get McAfee SMEFCE-AI-DA - Email Security Service Inbound PDF manuals and user guides View all McAfee SMEFCE-AI-DA manuals
Add to My Manuals
Save this manual to your list of manuals

Page 163 highlights

Email Protection Administrator Guide To help prevent this situation, you can use wildcards to designate an entire domain or part of an email address (if there is a common pattern) to be added in the Allow list, thus accepting all mail from the domain or email addresses that matched the designated pattern. Question: What are the default email policies? Answer: You can view the current default policy configurations in the Policy Configurations set of windows. The default settings are designed to minimize the possibility that email will be blocked while still providing reasonable protections against attacks and viruses. Question: How does Email Protection score spam? What about "false positives"? Answer: The Anti-Spam filtering technology detects the likelihood that an email is spam by processing the email through thousands of heuristics, rules, and tests, as well as sophisticated statistical classification techniques, as part of its Stacked Classification Framework®. Each test provides a weighted score that is added to the overall "spam score." We have pre-defined two threshold scores for your Anti-Spam policy, "high" and "medium." You can designate a separate action to be performed for each threshold. It is important to note that some emails might be marked as spam when in fact they are legitimate emails ("false positive"). While we believe that this false positive tagging will not be a frequent occurrence, it may happen occasionally, especially to mailing-list and newsletter traffic. In such cases, we ask that you help us "tune" our spam thresholds and rules by sending a forwarded copy of the email with all content and attachments to [email protected]. Your interaction is crucial in helping us build better AntiSpam rules. Using the Control Console, you can quarantine, tag, or block emails based on the corresponding threshold levels. Additionally, you can construct enterprise-level Allow and Deny lists that override spam threshold levels. Finally, you can enable or disable the Realtime Blackhole List (RBL). Question: What exactly does "deny delivery" do? Will we add to email volume by generating bounce messages if we set our policies to "Deny"? Answer: To satisfy standard SMTP protocol, if an email is denied for any reason, the Email Protection MTA sends a 5xx Deny message to the sender MTA. At that point, the standard configuration for the sender MTA is to send a bounce email to the sender address. It is possible that the sender MTA will just drop the message, but this is atypical. Email Protection has no control over the actions of the sender MTA. The exception to this processing is if the Recipient Shield policy is set to Deny. In this case, Email Protection will generate the bounce email and send it directly to the sender address. Use the Accept and Silent Discard email action for the relevant policies if you want to minimize email volume caused by 5xx Deny messages or if you do not want the sender to be notified that the email was denied. This email action accepts the email as if it was valid, and then discards it without notification to the sender or recipient. November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission 155

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
Email Protection Administrator Guide
November 2012
Proprietary:
Not for use or disclosure outside McAfee without written permission
155
To help prevent this situation, you can use wildcards to designate an entire domain or part
of an email address (if there is a common pattern) to be added in the Allow
list, thus
accepting all mail from the domain or email addresses that matched the designated pattern.
Question: What are the default email policies?
Answer:
You can view the current default policy configurations in the
Policy
Configurations
set of windows. The default settings are designed to minimize the
possibility that email will be blocked while still providing reasonable protections against
attacks and viruses.
Question: How does Email Protection score spam? What about “false
positives”?
Answer:
The Anti-Spam filtering technology detects the likelihood that an email is spam
by processing the email through thousands of heuristics, rules, and tests, as well as
sophisticated statistical classification techniques, as part of its Stacked Classification
Framework
®
. Each test provides a weighted score that is added to the overall “spam
score.” We have pre-defined two threshold scores for your Anti-Spam policy, “high” and
“medium.” You can designate a separate action to be performed for each threshold.
It is important to note that some emails might be marked as spam when in fact they are
legitimate emails (“false positive”). While we believe that this false positive tagging will
not be a frequent occurrence, it may happen occasionally, especially to mailing-list and
newsletter traffic. In such cases, we ask that you help us “tune” our spam thresholds and
rules by sending a forwarded copy of the email with all content and attachments to
. Your interaction is crucial in helping us build better Anti-
Spam rules.
Using the Control Console, you can quarantine, tag, or block emails based on the
corresponding threshold levels. Additionally, you can construct enterprise-level Allow and
Deny lists that override spam threshold levels. Finally, you can enable or disable the
Realtime Blackhole List (RBL).
Question: What exactly does “deny delivery” do? Will we add to email
volume by generating bounce messages if we set our policies to
“Deny”?
Answer:
To satisfy standard SMTP protocol, if an email is denied for any reason, the
Email Protection MTA sends a 5xx Deny message to the sender MTA. At that point, the
standard configuration for the sender MTA is to send a bounce email to the sender address.
It is possible that the sender MTA will just drop the message, but this is atypical. Email
Protection has no control over the actions of the sender MTA.
The exception to this processing is if the Recipient Shield policy is set to Deny. In this
case, Email Protection will generate the bounce email and send it directly to the sender
address.
Use the
Accept and Silent Discard
email action for the relevant policies if you want to
minimize email volume caused by 5xx Deny messages or if you do not want the sender to
be notified that the email was denied. This email action accepts the email as if it was valid,
and then discards it without notification to the sender or recipient.