Skip to main content

Bitdefender B2B Help Center

Email Security

MX records and IP addresses for USA customers

This section contains the lists of MX records and IP addresses used by GravityZone Security for Email.

Note

Your GravityZone Security for Email product license must be provisioned in the USA region in order to use the details contained in this article.

MX RECORDS (Inbound)

You should use the following MX records:

Hostname                      Priority
mail3.us.scanscope.net        10
mail1.us.scanscope.net        20
mail2.us.scanscope.net        30

Note

You should always reference these records by their DNS name rather than IP address.

Smart Hosts (Outbound)

You should use the following smart hosts for outbound e-mail:

Country    Hostname                   Cost
All        smtp1.us.scanscope.net     10 
All        smtp2.us.scanscope.net     10

Note

Port 25 and 587 can be used for sending outbound email.

IP Addresses

The following IP addresses and ranges are used by GravityZone Security for Email to deliver email to your server. Mail delivery operates on the standard SMTP port of 25. Please make sure your firewall and/or email server is configured to accept connections from these IP addresses:

104.214.75.142
52.200.11.158
104.214.75.99
52.200.119.29
52.161.96.58

Note

Be sure to use the actual IP addresses in your firewall, rather than hostnames.

SPF Record

If you use an SPF record for your domain, it should be updated to include the following:

include:scanscope.net

Warning

It is recommended that outbound email only be enabled after the Time to Live (TTL) for the SPF record has passed. The use of -all in your SPF record could mean that the remote domain will reject your email if the TTL has not expired.

MX records and IP addresses for EU customers

This section contains the lists of MX records and IP addresses used by GravityZone Security for Email.

Note

Your GravityZone Security for Email product license must be provisioned in the UK & Europe region in order to use the details contained in this article.

MX RECORDS (Inbound)

You should use the following MX records:

Hostname               Priority 
mta01.scanscope.net    10
mail1.scanscope.net    20
mail2.scanscope.net    30
mail3.scanscope.net    40

Note

You should always reference these records by their DNS name rather than IP address.

Smart Hosts (Outbound)

You should use the following smart hosts for outbound e-mail:

Country    Hostname                Cost
All        smtp1.scanscope.net     10 
All        smtp2.scanscope.net     10

Note

Port 25 and 587 can be used for sending outbound email.

IP Addresses

The following IP addresses and ranges are used by GravityZone Security for Email to deliver email to your server. Mail delivery operates on the standard SMTP port of 25. Please make sure your firewall and/or email server is configured to accept connections from these IP addresses:

51.140.50.9
23.97.185.122
52.28.195.233
104.40.205.111
52.28.207.52
46.137.91.239
46.51.191.66
46.51.184.151
52.29.103.252
40.115.45.200
40.115.43.250

Note

Be sure to use the actual IP addresses in your firewall, rather than hostnames.

SPF Record

If you use an SPF record for your domain, it should be updated to include the following:

include:scanscope.net

Warning

It is recommended that outbound email only be enabled after the Time to Live (TTL) for the SPF record has passed. The use of -all in your SPF record could mean that the remote domain will reject your email if the TTL has not expired.

How marketing emails are flagged

GravityZone Security for Email detects marketing emails and either marks them by applying a tag to the subject line or quarantines them. Marketing emails are classified into three categories:

  • High Reputation Marketing - emails issued from a known and trustworthy routing platform (ESP) that follow best practice rules for email marketing. Emails classified into this category will be tagged with a [High Medium] tag.

  • Medium Reputation Marketing - advertising emails that follow the best practice rules for email marketing but were not sent through a well known routing platform. Emails classified into this category will be tagged with a [Marketing Medium] tag.

  • Low Reputation Marketing - advertising emails that were not sent through well known routing platforms and do not follow email marketing best practice rules. Emails classified into this category will be quarantined.

Note

For information on how to stop receiving marketing emails refer to this KB article.

Queue retention and retry times

GravityZone Security for Email has a set of policies which determine how long an undelivered message will be kept in the email queue. The period that a message is kept depends on the reason why the message failed to deliver:

  • A 5xx error message was returned - the connection resulted in a permanent failure. The email will be deleted and no attempt will be made to retry this message.

  • A 4xx error message was returned - Persistent transient failure. Persistence of some temporary condition has caused abandonment or delay of attempts to send the message. Sending the message will be retried until the time passed since the email was sent is greater than the retention policy.

  • A connection cannot be made. Sending the message will be retried until the time passed since the email was sent is greater than the retention policy.

Note

These policies are created in accordance with the official RFC standards.

Retention times

  • For outbound mail, the retention time is 4 hours. If the retention period does expire before successful delivery or the remote server replies with a 5xx error code a NDR is sent back to the sender.

  • For inbound mail, the retention time is set to 6 days. No NDR (Non-delivery Receipt) is not sent back to the remote sender on inbound emails.

Retry times

If the first attempt to deliver an email fails, the delivery will be retried for a specific amount of time. This is called a retry interval.

For GravityZone Security for Email the retry interval is 30 minutes for both inbound and outbound emails. If multiple routes exist for inbound email, each route is tried, and if all fail, the email is retried 30 minutes later.

Note

To change these values please contact your Service Provider.

How DMARC works

DMARC stands for Domain-based Message Authentication, Reporting & Conformance. It is an email authorization protocol that is built upon already existing protocols, such as Sender Policy Framework (SPF) and DomainKeys Identified Message (DKIM).

If the email passes the authentication, it will be delivered and can be trusted. If the email fails the check, depending on the instructions held within the DMARC record the email could be delivered, quarantined or rejected.

Fore more information on DMARC please refer to this KB article.

Email redaction for GravityZone Security for Email accounts

Email redaction is a setting that, when applied to specific accounts in GravityZone Security for Email, masks sensitive information when accessing emails through reports:

163443_2.png

This setting is applied automatically when an account is created or when the Your Bitdefender partner has redaction activated for your GravityZone Security for Email account setting is changed in the GravityZone console.

You can check if a specific account has Redaction activated by going to Products > Email Security > Settings > Administrators and looking at the Redact column:

163443_1.png

Supported file types for Email Security Sandbox

Supported document types:

  • Flash SWF

  • Microsoft Excel (xls, xlsx)

  • Microsoft PowerPoint

  • Microsoft Word

  • PDF

  • RTF

  • XHTML

  • Batch

  • Python

  • PEF (Portable Executable)

  • URL (binary)

  • HTML (Unicode)

  • HTML

  • MHTML (doc)

  • MHTML (xls)

  • MHTML (ppt)

  • WSH-VBS

  • JavaScript

  • VB Script

  • WSH

  • PIF (executable)

  • Python 2.7 Bytecode

  • Python Optimised Code (binary)J

  • AR (Java Archive)

  • MZ/PE (executable files)

Supported archives:

  • 7zip

  • ACE

  • ALZip

  • ARJ

  • Bzip2

  • GZip

  • MS Cabinet

  • LHA

  • Linux TAR

  • MSI

  • RAR

  • Unix Z

  • ZIP

  • ZOO

  • XZ

  • PKZIP

  • CPIO

  • LZMA Compressed Archive

Data Loss Prevention dictionaries

Email Security provides several dictionaries to with Data Loss Prevention (DLP). You can use the dictionaries in combination with Message Rules to detect potentially high risk data being stolen via email messages. In

Note

The condition used in the rule needs to support dictionaries and can only be applied to the message body.

The DLP dictionaries consist of Regular Expressions and keywords:

Dictionary

Description

Use with

AWS Keys (RegEx)

Format:

  • An access key ID (for example, AKIAIOSFODNN7EXAMPLE).

  • A secret key (for example wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY).

Pattern:

Either the key or the secret must be present.

AWS Keys (Keywords)

Azure DocumentDB Auth Key (RegEx)

Format:

The string DocumentDb followed by the characters and strings outlined in the pattern below.

Pattern:

  • The string DocumentDb.

  • Any combination of between 3 and 200 lower or uppercase letters, digits, symbols, special characters, or spaces.

  • A greater than symbol (>), an equal sign (=), a quotation mark ("), or an apostrophe (').

  • Any combination of 86 lower or uppercase letters, digits, forward slash (/), or plus sign (+).

  • Two equal signs (=).

Azure Publish Setting Password (RegEx)

Format:

The string userpwd= followed by an alphanumeric string.

Pattern:

  • the string userpwd=.

  • any combination of 60 lowercase letters or digits.

  • a quotation mark (").

Azure Storage Account Key (RegEx)

Format:

The string DefaultEndpointsProtocol followed by the characters and strings outlined in the pattern below, including the string AccountKey.

Pattern:

  • The string DefaultEndpointsProtocol.

  • Up to two whitespace characters.

  • An equal sign (=).

  • Up to two whitespace characters.

  • Any combination of between 1 and 200 lower or uppercase letters, digits, symbols, special characters, or spaces.

  • The string AccountKey.

  • Up to two whitespace characters.

  • An equal sign (=).

  • Up to two whitespace characters.

  • Any combination of 86 characters that are lower or uppercase letters, digits, forward slash (/), or plus sign (+).

  • two equal signs (=).

Card Number (RegEx)

Format:

14 digits that can be formatted or unformatted (dddddddddddddd) and must pass the Luhn test.

Pattern:

A complex pattern that detects cards from all major brands worldwide, including Visa, MasterCard, Discover Card, JCB, American Express, gift cards, and diner cards.

Card Number (Keywords)

Date of Birth (RegEx)

Format: a date represented in a known UK or US format

Pattern: must include a prefix, Date of birth: or Birthday:.

Date of Birth (Keywords)

Email Address (RegEx)

Format: Has to have a prefix, the asperand (@) symbol, and a domain. The domain needs to contain a dot (.), and an additional 2-3 characters at the end.

Pattern:

  • A prefix: letters, numbers, underscores, periods, and dashes. An underscore, period, or dash must be followed by one or more letter or number.

  • An asperand (@).

  • The domain: letters, numbers, dashes.

  • A dot (.).

  • An additional 2-3 characters.

International Banking Account Number, IBAN (RegEx)

Format:

Country code (two letters) plus check digits (two digits) plus bban number (up to 30 characters)

Pattern:

  • Two-digit country ISO code, two checksum digits, and a Basic Bank Account Number (BBAN).

  • All IBANs are digits only.

  • BBAN is broken down into:

    • b - National bank code.

    • c - account number.

    • s - branch code.

    • x - national check digit.

      Note

      The format for each country is slightly different. The IBAN sensitive information type covers these 60 countries: ad, ae, al, at, az, ba, be, bg, bh, ch, cr, cy, cz, de, dk, do, ee, es, fi, fo, fr, gb, ge, gi, gl, gr, hr, hu, ie, il, is, it, kw, kz, lb, li, lt, lu, lv, mc, md, me, mk, mr, mt, mu, nl, no, pl, pt, ro, rs, sa, se, si, sk, sm, tn, tr, vg

IP Address (RegEx)

Format:

  • IPv4: Complex pattern that accounts for formatted (periods) and unformatted (no periods) versions of the IPv4 addresses.

  • IPv6: Complex pattern that accounts for formatted IPv6 numbers (which include colons).

Pattern:

N/A

Password (RegEx)

Format:

The password must contain at least one lowercase character, one uppercase character, one digit, one special character, and a length form 8 to 14.

Pattern:

Contain all of the following, but in no particular order:

  • At least one digit [0-9]

  • At least one lowercase character [a-z]

  • At least one uppercase character [A-Z]

  • At least one special character [*.!@#$%^&(){}[]:;<>,.?/~_+-=|\]

  • At least 8 characters in length, but no more than 14

Password (Keywords)

SWIFT Code (RegEx)

Format:

Four letters followed by 5-31 letters or digits.

Pattern:

Four letters followed by 5-31 letters or digits:

  • Four-letter bank code (not case sensitive).

  • An optional space.

  • 4-28 letters or digits (the Basic Bank Account Number (BBAN)).

  • An optional space.

  • 1-3 letters or digits (remainder of the BBAN).

SWIFT Code (Keywords)

In this section: