PARTNERS

Email Security

To configure Email Security with your email service you need to follow these steps:

1. Add Domains

Add a domain to point to your mail server.

  1. Log in to Email Security

  2. Go to Products > Product Configuration > Domains.

    75100_1.png
  3. Click the Add button.

    75100_2_1.png
  4. Fill in the domain information:

    • Your domain name under Domain.

      Note

      You can find your domain name here:

    • The full hostname or IP address of your mail server under Deliver To

      Note

      You can add additional Inbound Mail routes later.

    75100_3.png
  5. Click the Add button

    This enables a DKIM for your domain. To view the DKIM public key, click on the view email_sec_dkim.png button.

    75100_4.png

    Note

    For more information on DKIM, refer to Product Configuration

2. Add Mailboxes

Add your user mailboxes to Email Security . Each mailbox is associated to a user. The following methods are available for importing your Mailboxes:

To manually add the Mailboxes follow the steps below:

  1. Go to Products > Email Security > Mailboxes.

    75100_5.png
  2. Click the Add button and add an email address.

    75100_7.png

    Note

    A real name can be added to improve the chances of emails being correctly captured by Message Rules. This is currently only supported through Active Directory synchronization. Click here for a step by step guide on importing mailboxes from Microsoft Exchange Online

  3. Press Enter.

    Note

    If the email adress is not on a domain that has previously been added it will result in an error message:

    75100_8.png
  4. Configure the following settings:

    • Exec Tracking - enable this checkbox to mark the email as belonging to a company executive for the purpose of the Executive Tracking Condition.

      Note

      You can activate executive tracking for specific Active Directory groups from Group Management.

    • Manage Variants - add or remove multiple variants of a user's name to improve tracking (name variations, maiden names, middle names, etc.).

      • To add a name variant click the Add button, type in the name variant and press enter.

        75100_9.png
      • To remove the variant click the Delete delete_emsec.png button

    • Groups - add or remove the user from specific Active Directory Groups

      • To add the user to a AD group click the Add Group Membership button, check the box for the group(s) you want to assign the user to and click Select.

        75100_10.png
      • To remove a user from a group click the Delete delete_emsec.png button next to the group.

    • Aliases - add multiple email addresses to a single user.

      Note

      Aliases allow email destined for variants of the primary mailbox address to be accepted through the DHA rule.

      • To add a new email address to a user click the Add button, type in the email address and press Enter.

        75100_11.png

        Note

        You will have to mark one of the email addresses as primary by checking the box in the Primary column.

      • Repeat the process for any additional aliases belonging to this primary email address.

      • To delete an alias click the Delete delete_emsec.png button next to the email address.

3. Ensure you can accept emails from Email Security servers

The next step is to ensure that your firewall is configured to allow e-mail to be delivered from the Email Security servers after it has been filtered. You should add firewall rule entries to allow the following IP addresses to connect from the public Internet to your mail server on port 25.

Note

This step is recommended only for On Premises mail servers.

You can find a list of our IP addresses here:

4. Configure your email service

Ensure inbound and outbound firewall rules AND/OR mail server connector rules (e.g. Office 365) are configured to also allow authorized Email Security servers inbound and out bound(if previously restricted).

You can find a list of our IP addresses here:

If you wish to use the Email Security service for outbound E-mail please follow the instructions in the links below:

5. Whitelist Email Security addresses

If existing mail delivery platform (e.g. Exchange, Office 365, Gmail) is performing any reputational/connection level/spamchecks on inbound SMTP servers ensure Email Security addresses are whitelisted to prevent incorrect spam identification or potential delays when Email Security relays mail onwards.

Note

When using Email Security in a GSuite environment careful consideration has to be taken with regards to internal G Suite messages.

For more information on this topic see the below links:

6. Safelist internal domains for sending inbound emails

The default Spoofing rule within Email Security ensures that any inbound emails received from internal domains will be quarantined (aaa@domainA.com > bbb@domainA.com) as spam.

Legitimate scenarios exist where third party external servers send inbound mail from addresses that purport to be from your internal domain. Identify whether such scenarios exist within your organization and if so it, add the sending server IP addresses to the Email Security global safelist.

For information on this topic see Spam Safe List.

7. Update External DNS SPF records

Update any External DNS SPF records for mail relayed domains to include scanscope.net.

For more information see:

8. Define external records

To help combat impersonation/spoofing attacks ensure that External DNS, DKIM and DMARC records are defined to take advantage of default out of the box rules.

For information on this topic see:

9. Reduce DNS TTL

To ensure easy roll back of MX records if required it is recommended to reduce DNS TTL of MX records to a minimum value.

10. Verify default and custom rules

Ensure you have reviewed default rules provided and configured any specific rules required for the organizational policy to be enforced. Determine whether user-based spam digests will be utilized(and whether SSO is preferred).

11. Assign roles to users using Spam Digests

Import users and assign “End User Portal” role to any users using Spam Digests.

For more information on this topic see Administrators.

12. Verify SecureMail configuration

Ensure the appropriate SecureMail rule is configured and in place.

For more information on this topic see SecureMail.

13. Configure Outbound flow

Configure Outbound SMTP (Smart Host) flow to go via Email Security SMTP Servers.

For more information on this topic see:

14. Reroute inbound mail

Modify MX records to re-route inbound mail through Email Security.

For more information see:

15. Verify inbound and outbound routes

To verify inbound and outbound send an email from and to one of your configured mailboxes and then go to Analytics > Email Activity within the dashboard. Make sure the messages show up in the reports.

16. Final Steps

After a confirming the proper functionality of Email Security, complete these final steps: