Email Security
MX records and IP addresses for USA customers
This section contains the lists of MX records and IP addresses used by GravityZone Security for Email.
Note
Your GravityZone Security for Email product license must be provisioned in the USA region in order to use the details contained in this article.
MX RECORDS (Inbound)
You should use the following MX records:
Hostname Priority mail3.us.scanscope.net 10 mail1.us.scanscope.net 20 mail2.us.scanscope.net 30
Note
You should always reference these records by their DNS name rather than IP address.
Smart Hosts (Outbound)
You should use the following smart hosts for outbound e-mail:
Country Hostname Cost All smtp1.us.scanscope.net 10 All smtp2.us.scanscope.net 10
Note
Port 25 and 587 can be used for sending outbound email.
IP Addresses
The following IP addresses and ranges are used by GravityZone Security for Email to deliver email to your server. Mail delivery operates on the standard SMTP port of 25. Please make sure your firewall and/or email server is configured to accept connections from these IP addresses:
104.214.75.142 52.200.11.158 104.214.75.99 52.200.119.29 52.161.96.58
Note
Be sure to use the actual IP addresses in your firewall, rather than hostnames.
SPF Record
If you use an SPF record for your domain, it should be updated to include the following:
include:scanscope.net
Warning
It is recommended that outbound email only be enabled after the Time to Live (TTL) for the SPF record has passed. The use of -all
in your SPF record could mean that the remote domain will reject your email if the TTL has not expired.
MX records and IP addresses for EU customers
This section contains the lists of MX records and IP addresses used by GravityZone Security for Email.
Note
Your GravityZone Security for Email product license must be provisioned in the UK & Europe region in order to use the details contained in this article.
MX RECORDS (Inbound)
You should use the following MX records:
Hostname Priority mta01.scanscope.net 10 mail1.scanscope.net 20 mail2.scanscope.net 30 mail3.scanscope.net 40
Note
You should always reference these records by their DNS name rather than IP address.
Smart Hosts (Outbound)
You should use the following smart hosts for outbound e-mail:
Country Hostname Cost All smtp1.scanscope.net 10 All smtp2.scanscope.net 10
Note
Port 25 and 587 can be used for sending outbound email.
IP Addresses
The following IP addresses and ranges are used by GravityZone Security for Email to deliver email to your server. Mail delivery operates on the standard SMTP port of 25. Please make sure your firewall and/or email server is configured to accept connections from these IP addresses:
51.140.50.9 23.97.185.122 52.28.195.233 104.40.205.111 52.28.207.52 46.137.91.239 46.51.191.66 46.51.184.151 52.29.103.252 40.115.45.200 40.115.43.250
Note
Be sure to use the actual IP addresses in your firewall, rather than hostnames.
SPF Record
If you use an SPF record for your domain, it should be updated to include the following:
include:scanscope.net
Warning
It is recommended that outbound email only be enabled after the Time to Live (TTL) for the SPF record has passed. The use of -all
in your SPF record could mean that the remote domain will reject your email if the TTL has not expired.
How marketing emails are flagged
GravityZone Security for Email detects marketing emails and either marks them by applying a tag to the subject line or quarantines them. Marketing emails are classified into three categories:
High Reputation Marketing - emails issued from a known and trustworthy routing platform (ESP) that follow best practice rules for email marketing. Emails classified into this category will be tagged with a
[High Medium]
tag.Medium Reputation Marketing - advertising emails that follow the best practice rules for email marketing but were not sent through a well known routing platform. Emails classified into this category will be tagged with a
[Marketing Medium]
tag.Low Reputation Marketing - advertising emails that were not sent through well known routing platforms and do not follow email marketing best practice rules. Emails classified into this category will be quarantined.
Note
For information on how to stop receiving marketing emails refer to this KB article.
Queue retention and retry times
GravityZone Security for Email has a set of policies which determine how long an undelivered message will be kept in the email queue. The period that a message is kept depends on the reason why the message failed to deliver:
A 5xx error message was returned - the connection resulted in a permanent failure. The email will be deleted and no attempt will be made to retry this message.
A 4xx error message was returned - Persistent transient failure. Persistence of some temporary condition has caused abandonment or delay of attempts to send the message. Sending the message will be retried until the time passed since the email was sent is greater than the retention policy.
A connection cannot be made. Sending the message will be retried until the time passed since the email was sent is greater than the retention policy.
Note
These policies are created in accordance with the official RFC standards.
Retention times
For outbound mail, the retention time is 4 hours. If the retention period does expire before successful delivery or the remote server replies with a 5xx error code a NDR is sent back to the sender.
For inbound mail, the retention time is set to 6 days. No NDR (Non-delivery Receipt) is not sent back to the remote sender on inbound emails.
Retry times
If the first attempt to deliver an email fails, the delivery will be retried for a specific amount of time. This is called a retry interval.
For GravityZone Security for Email the retry interval is 30 minutes for both inbound and outbound emails. If multiple routes exist for inbound email, each route is tried, and if all fail, the email is retried 30 minutes later.
Note
To change these values please contact your Service Provider.
How DMARC works
DMARC stands for Domain-based Message Authentication, Reporting & Conformance. It is an email authorization protocol that is built upon already existing protocols, such as Sender Policy Framework (SPF) and DomainKeys Identified Message (DKIM).
If the email passes the authentication, it will be delivered and can be trusted. If the email fails the check, depending on the instructions held within the DMARC record the email could be delivered, quarantined or rejected.
Fore more information on DMARC please refer to this KB article.
Email redaction for GravityZone Security for Email accounts
Email redaction is a setting that, when applied to specific accounts in GravityZone Security for Email, masks sensitive information when accessing emails through reports:

This setting is applied automatically when an account is created or when the Your Bitdefender partner has redaction activated for your GravityZone Security for Email account setting is changed in the GravityZone console.
You can check if a specific account has Redaction activated by going to Products > Email Security > Settings > Administrators and looking at the Redact column:

Supported file types for Email Security Sandbox
Supported document types:
Flash SWF
Microsoft Excel (xls, xlsx)
Microsoft PowerPoint
Microsoft Word
PDF
RTF
XHTML
Batch
Python
PEF (Portable Executable)
URL (binary)
HTML (Unicode)
HTML
MHTML (doc)
MHTML (xls)
MHTML (ppt)
WSH-VBS
JavaScript
VB Script
WSH
PIF (executable)
Python 2.7 Bytecode
Python Optimised Code (binary)J
AR (Java Archive)
MZ/PE (executable files)
Supported archives:
7zip
ACE
ALZip
ARJ
Bzip2
GZip
MS Cabinet
LHA
Linux TAR
MSI
RAR
Unix Z
ZIP
ZOO
XZ
PKZIP
CPIO
LZMA Compressed Archive
Data Loss Prevention dictionaries
Email Security provides several dictionaries to with Data Loss Prevention (DLP). You can use the dictionaries in combination with Message Rules to detect potentially high risk data being stolen via email messages. In
Note
The condition used in the rule needs to support dictionaries and can only be applied to the message body.
The DLP dictionaries consist of Regular Expressions and keywords:
Dictionary | Description | Use with |
---|---|---|
AWS Keys (RegEx) | Format:
Pattern: Either the key or the secret must be present. | AWS Keys (Keywords) |
Azure DocumentDB Auth Key (RegEx) | Format: The string Pattern:
| |
Azure Publish Setting Password (RegEx) | Format: The string Pattern:
| |
Azure Storage Account Key (RegEx) | Format: The string Pattern:
| |
Card Number (RegEx) | Format: 14 digits that can be formatted or unformatted ( Pattern: A complex pattern that detects cards from all major brands worldwide, including Visa, MasterCard, Discover Card, JCB, American Express, gift cards, and diner cards. | Card Number (Keywords) |
Date of Birth (RegEx) | Format: a date represented in a known UK or US format Pattern: must include a prefix, | Date of Birth (Keywords) |
Email Address (RegEx) | Format: Has to have a prefix, the asperand ( Pattern:
| |
International Banking Account Number, IBAN (RegEx) | Format: Country code (two letters) plus check digits (two digits) plus bban number (up to 30 characters) Pattern:
| |
IP Address (RegEx) | Format:
Pattern: N/A | |
Password (RegEx) | Format: The password must contain at least one lowercase character, one uppercase character, one digit, one special character, and a length form 8 to 14. Pattern: Contain all of the following, but in no particular order:
| Password (Keywords) |
SWIFT Code (RegEx) | Format: Four letters followed by 5-31 letters or digits. Pattern: Four letters followed by 5-31 letters or digits:
| SWIFT Code (Keywords) |