Email Security
Message Rules
To access Message Rules actions go to Products > Message Rules.
In this screen you can create, edit, delete and reorder message rules. A message rule applies an action to a message if specific conditions are met.
The rules act as checkpoints that have to be passed before an email allowed to pass. Each rule has one or more designated actions assigned to it, which will trigger when specific conditions have been met. Emails will be checked against each rule until a Final Action is taken or all rules have been verified. The order of the rules in this screen determines the order that they are applied to each email.
One of the main uses of rules is to determine if an email might be spam, phishing, or might contain possible threats. This is done by calculating a Spam Score for each message. There are several rules that are designed to add or deduct from the total score if specific conditions are met. The score will determine what action will be taken:
An email with a score of between 100 and 140 will be quarantined but will be digested and available to users (the Possible Spam rule). All safelists will exclude this email from being quarantined.
An email with a score of between 140 and 699 will be sent to Company Quarantine and will not be digested (the Confirmed Spam rule). All safelists will exclude this email from being quarantined.
An email with a score greater than 700 will be sent to Company Quarantine and will not be digested (the Confirmed Phishing rule). Only Global safelists will exclude this email from being quarantined.
If the message has a score less than 100, no action will be taken (and further rules will be allowed to proceed).
Note
Each company will start out with a set of default system and standard rules. In some cases these rules are sufficient for an organization and no further action is needed, however we recommend that you familiarize yourself with them.
Message rules are composed by:
Conditions - one or more conditions can be applied to each rule. If all conditions are met, the assigned actions will be taken.
Actions - one or more actions can be assigned to each rule. They indicate what actions will be taken if all conditions are met.
Final Actions - a final action will be triggered once all the conditions are met and will stop all subsequent rules from being processed for this email.
Note
A rule will only be triggered if its Active status is set to On.
The Message Rules page contains the following elements:

Priority - Message rules are executed in the order they appear in this list. Organize the rules to establish the order they will be applied to each individual message.
Warning
Changing the default order of rules might impact GravityZone Security for Email functionality. We recommend caution when adding a rule before the premade default rules.
Direction - The Direction column indicates when the rule will be applied:
- this rule will only be processed against incoming emails.
- this rule will only be processed against outgoing emails.
- this email will be processed against all emails.
Note
Click on the column header to display a drop down menu that will allow you to filter out columns from the below display.
Rule Name -Displays the name of each given rule.
Note
A lock icon
indicates that the rule cannot be edited or deleted.
System rules are marked by a gray background and a
(Default)
tag.
Final Action - Shows if a final action is applied to a specific rule and what that final action is.
Active - This column indicates if a rule is active or not. Clicking on the indicator will activate/deactivate the rule.
Actions - there are two buttons available in this column:
Change Rule - edit the rule.
Delete Rule - delete the rule.
View System Rules - toggle this button to display or hide system rules from the list below.
Note
You can use the
Refresh button to refresh the list.
Add Rule - create a new rule.
Creating a new message rule
To create a new rule follow the below steps:
Click the
Add Rule button at the upper right side of the screen.
Enter a descriptive rule name and click the Add
button. This will open the Rule Builder screen.
Set the Active button on or off.
Note
Newly created Rules are inactive by default.
Inactive rules will not be checked against any messages.
(optional) Re-name the rule.
(optional) Add a description to the rule - this is only visible from the Rule Builder screen and can be used to add a short explanation of what the rule is intended to do.
Add the conditions. You can add one or more conditions to your rule. You can find a list of all available conditions here.
Note
Be as specific as possible when creating conditions to avoid accidental triggering.
If more than one condition is added to the rule, all have to be passed for the action(s) assigned to the rule to be taken.
When creating a condition, you can set it to either Match or Does not Match when comparing against a specific value or data set.
Conditions can be system defaults or custom. Custom conditions can be accessed from the Custom Rule Data screen.
Add the actions. You can add one or more actions, both regular actions and final actions. You can find a list of all available actions here and a list of all available final actions here. A list of rule examples can be found here.
Note
Actions are taken only if every condition set to the rule has been passed.
Actions do not halt the processing of further Message Rules. So, it's possible that an email can trigger several different Rules. Processing will continue (in priority order) until the email triggers a Rule that has a Final Action.
Final Actions will stop the processing of further Message rules.
If a regular action is triggered, processing will continue by checking the message against other rules(in priority order) until a Final Action is taken or all rules have been processed.
Click the Save
button.
Re-ordering message rules
To change the order in which your message rules are processed, drag and drop it to a new position.
Note
You can not re-order System Rules.
Editing a message rule
To edit a Rule, double-click the rule's title in the Message Rules screen or click on the Change Rule button. This will open the Rule Builder screen.
Once the modifications are complete, click the save button.
Deleting a message rule
To delete a Rule:
Click the delete
button next to the rule you want to delete in the Message Rules screen.
OR
Click the delete
button while editing a rule.
Connection Rules
To access Connection Rules actions go to Products > Connection Rules.
In this screen you can create, edit, delete and reorder connection rules. A connection rule applies an action to a message if specific conditions are met.
Use Connection Rules to limit the access to a specific mailbox or preemptively reject emails that fit certain criteria (such as emails of a specific size, or emails from a specific IP address).
Note
Connection Rules are processed before any message rules.
Connection rules will be processed until a Final Action is taken or all active rules have been verified.
Note
Each company will start out with a set of default system and standard rules. In some cases these rules are sufficient for an organization and no further action is needed, however we recommend that you familiarize yourself with them.
Connection rules are composed by:
Conditions - one or more conditions can be applied to each rule. If all conditions are met, the assigned actions will be taken.
Final Actions - a final action will be triggered once all the conditions are met and will stop all subsequent rules from being processed.
Note
A rule will only be triggered if its Active status is set to On.

Priority - Connection rules are executed in the order they appear in this list. Organize the rules to establish the order they will be applied to each individual message.
Direction - A Rule may be processed only against incoming connections, only against outgoing connections, or against both incoming and outgoing connections. The Direction column indicates when the Rule will be processed.
- this rule will only be processed against incoming connections.
- this rule will only be processed against outgoing connections.
- this email will be processed against all connections.
Note
Click on the column header to display a drop down menu that will allow you to filter out columns from the below display.
Rule Name -Displays the name of each given rule.
A lock icon
indicates that the rule cannot be edited or deleted.
System rules are marked by a gray background and a
(Default)
tag.
Final Action - Shows if a Final Action is applied to a specific rule and what that final action is. The available final actions are:
Permanent Reject - reject the connection. Any future attempts that meet the conditions of the rule will result in another reject.
Accept - accept the connection without any other rules being processed.
Active - This column indicates if a rule is active or not. Clicking on the indicator will activate/deactivate the rule.
Actions - there are two buttons available in this column:
Change Rule - edit a specific rule.
Delete Rule - delete a specific rule.
View System Rules - toggle this button to display or hide system rules from the list below.
Note
You can use the
Refresh button to refresh the list.
Add Rule - create a new rule.
Creating a new Connection Rule
To create a new rule follow the below steps:
Click the
Add Rule button at the upper right side of the screen.
Enter a descriptive rule name and click the Add
button. This will open the Rule Builder screen.
Set the Active button on or off.
Note
Newly created Rules are inactive by default.
Inactive rules will not be processed.
(optional) Re-name the rule.
(optional) Add a description to the rule - this is only visible from the Rule Builder screen and can be used to add a short explanation of what the rule is intended to do.
Add the conditions. You can add one or more conditions to your rule. You can find a list of all available conditions here.
Note
Be as specific as possible when creating conditions to avoid accidental triggering.
If more than one condition is added to the rule, all have to be passed for the action(s) assigned to the rule to be taken.
When creating a condition, you can set it to either Match or Does not Match when comparing against a specific value or data set.
Conditions can be system defaults or custom. Custom conditions can be accessed from the Custom Rule Data screen.
Add the final rule. You can find a list of al available final actions here.
Click the Save
button.
Re-ordering message rules
To change the order in which your connection rules are processed, drag and drop it to a new position.
Note
You can not re-order system rules.
Editing a connection rule
To edit a Rule, double-click the rule's title in the Connection Rules screen or click on the Change Rule button. This will open the Rule Builder screen.
Once the modifications are complete, click the save button.
Deleting a connection rule
To delete a Rule:
Click the delete
button next to the rule you want to delete in the Connections Rules screen.
Click the delete
button while editing a rule.
Custom Rule Data
To access Custom Rule Data actions go to Products > Custom Rule Data.
Use Custom Rule Data to create custom variable lists. Their main purpose is to enhance Message Rules and Connection Rules by providing customized data to compare emails against.

Note
Clicking on one of items opens the data set for editing.
Rule Data - Displays a list of previously created rule data sets. Rule Data provides a data set against which to compare emails.
Rule RegEx - Contains a list of previously created Rule RegEx sets. Rule RegEx (regular expression) is a pattern that describes a certain syntax of text. Regular expressions allow you to compare against a specific string of words instead of comparing to every possible permutation of multiple words.
Add new - adds a new data set.
Delete - deletes the selected data set.
Add Rule Data or Rule RegEx
Click the
Add New button at the lower right side of the screen.
Select the type of data set you want to create. You can select between Rule Data and Rule RegEx.
Rule Data
Rule RegEx
Separate each new value with a new line.
Note
A rule data set can consist of a single word.
The RegEx parser does not require you to use the traditional forward slashes around a regular expression. These will automatically be added to your pattern when the RegEx is processed.
Valid regular expressions:
^.+\.(?:(?:[dD][oO][cC][xX]?))$ \bpass\b \b4\d{3}([\ \-]?)\d{4}\1\d{4}\1\d{4}\b(?!([^<]+)?>) \[secure\]
Note
Unlike Rule Data, a Rule RegEx should be kept to a single line. If your regular expression needs to detect the new line character, you can use \n.
Type in a name for the data set and click Update.
Add in the information under the Value text box.
Click the
Save button.
Delete Rule Data
Select the data set you want to delete.
Click the
Delete button.
Edit Rule Data
Select the rule data set you wish to edit.
Change the information in the Value or Name text boxes.
Click the
Save button.
Global Quarantine
To access Global Quarantine actions go to Products > Global Quarantine.
In Global Quarantine you can find the emails that triggered a message rule with a final action of Quarantine-Company. You need to fill in the search parameters and run a report to pull the quarantined emails matching your criteria.

Timespan - select a specific date range
Quarantine - specify a quarantine tag. You can select between Spam, Virus or any custom tag created in custom quarantine
Filters - show/hide search filters
Run report - search for quarantined emails matching the parameters that you filled in
Connection - specify the direction of the emails
Content - fill in the following:
Sender - search for a specific sender
Recipient - search for emails sent to a specific mailbox
Title - search for emails with a specific subject line
Note
The system will use the values entered under Content to return both full or partial matches.
Once you hit the report button the results will be returned as shown below:

Note
The report will contain the below columns, which can be filtered in or out from the dropdown menu next to the Subject column header.
Direction
Timestamp(UTC)
Timestamp(local)
Sender address
Sender IP
Subject
Recipient(s)
Size
Details
Deny Options - take one the below actions for selected messages:
Deny sender - Block the email and any further emails sent to your server from the same sender.
Deny domain - Block the email and any further emails sent to your server from any address at the originating domain.
IP address - Block the email and any further emails sent to your server from any address at the originating IP address.
Release options - take one of the below actions for the selected messages:
Release - removes the message from quarantine and places it in the receiver's inbox.
Note
This will have no effect on future emails from the same sender, domain or IP dress.
Safe sender - Release the email and add the sender's email address to your Global Safe List.
Safe domain - Release the email and add the sender's domain name to your Global Safe List.
IP address - Release the email and add the sender's IP address name to your Global Safe List.
Color code - an indicator will be given to messages that trigger high spam scores. This will be either yellow for medium or red for severe.
Warning
Special care should be taken when managing these items.
Select - select the message on this line in order to take action on it. Clicking on the top checkbox will select all messages returned by the report.
More information - Safely preview a quarantined message.
General - displays the following information:
Final action
Date
GUID - the sender email unique identifier
Sender IP
Size
Actions - shows you the rules triggered by the message since received, the actions taken and relevant data.
Attachments - provides information on the attachments contained by the email message.
URLs - provides a list of all URLs contained in the email message.
Headers - provides a detailed breakdown of all the message headers in this particular email.
Preview - displays a safe preview of the email message.
Message actions - provides three types of message actions:
Discard message - deletes the email message
Deny Options - provides the same options as it's namesake in the main Global Quarantine page.
Release Options -provides the same options as it's namesake in the main Global Quarantine page.
Review quarantined messages
Specify a time span to view from the Timespan drop-down list.
Specify the type of quarantine you want to search for from the Quarantine drop-down list.
(optional) Click the
Filters button and further narrow down by a specific the sender, recipient, subject of the email or the email direction.
Click the
Run Report button.
View additional information on quarantined messages.
To see more detail about a quarantined message, click the icon next to the message. The Message Detail window will be displayed.
Preview quarantined messages
To safely preview a quarantined message click the email's subject in the Global Quarantine screen.
Categorize quarantined messages
Click the
icon next to the message. The Message Detail window will be displayed.
Click either Delete, Deny or Release.
Send a copy of a quarantine message
Select the email by checking the box
at the left side of the row.
Type in the email of the recipient in the textbox at the top of the Results section.
Click the Send Copy button.
Spam Deny List
To access Spam Deny List actions go to Products > Spam Deny List.
Spam Deny List contains Email addresses, IP addresses or domains that will be automatically rejected for all Email Security users.
Warning
The behavior of the Spam Deny List may be affected by Message Rules and Connection Rules.
Note
Items can be added to the list either directly from this screen, from custom message rule actions or from reviewing quarantined items.

Select Mailbox - toggle between global or individual spam deny lists
Search list - search for a specific email address in the list.
Note
Both full and partial results will be returned.
Preserve search when changing mailbox checkbox - keep your search parameter when selecting specific email addresses.
Delete - delete the selected email addresses from the list.
Add - add a specific email address to the list. You can add either a full email address, a domain ,or an IP address.
Note
You can not add IP ranges.
You can not add domains that are attached to your Email Security account to your Safe List in domain form. Add the IP address(es) instead.
Remove button - remove the email address on this row from the list.
Add to the Spam Deny List
Click the Add
button in the upper-right side of the screen.
Type in the email address in the text box that has appeared on the top of the E-mail address section.
Note
You can either alternatively add a domain such as test.com, or add an IP address such as 123.456.789.0.
Click the
Update button.
Note
Domains that are attached to your Email Security account cannot be added to the Deny List in domain form. Instead, add the IP address(es).
Delete entries in the Spam Deny List
To delete an entry, select it in the Spam Deny List window by checking the box in the left side of the screen and then clicking the Remove Domain
button.
Edit entries in the Spam Deny List
To edit an entry, double click on it in the Spam Deny List window, make the modifications and click the Update button.
View Personal Deny Lists
Users can have their own Deny Lists. To view a specific user's deny list select the user's email address from the Select Mailbox dropdown menu.
Note
The same actions available in the Spam Deny List can be taken in any Personal Deny List.
Spam Safe List
To access Spam Safe List actions go to Products > Spam Safe List.
Spam Safe List contains Email addresses, IP addresses, or domains that will be treated as safe for all Email Security users.
Warning
The behavior of the Spam Safe List may be affected by Message Rules and Connection Rules.
Note
Items can be added to the list either directly from this screen, from custom rule actions or from reviewing quarantined items.

Select Mailbox - toggle between global or individual quarantine lists
Search list - search for a specific email address in the list.
Note
Both full and partial results will be returned.
Preserve search when changing mailbox checkbox - keep your search parameter when selecting specific email addresses.
Delete - delete the selected email addresses from the list.
Add - add a specific email address to the list. You can either add a full specific email address, add a domain, or add an IP address .
Note
You can not add IP ranges.
You can not add domains that are attached to your GravityZone Security for Email account to your Safe List in domain form. Add the IP address(es) instead.
Remove button - remove the email address on this row from the list.
Add to the Spam Safe List
Click the Add
button in the upper-right side of the screen.
Type in the email address in the text box that has appeared on the top of the E-mail address section.
Note
You can either alternatively add a domain such as test.com, or add an IP address.
Click the
Update button.
Note
Domains that are attached to your Email Security account cannot be added to the Safe List in domain form. Instead, add the IP address(es).
Note
You can also add emails to any personal safe list by selecting a specific user's safe list before performing the steps above.
Delete entries in the Spam Safe List
To delete an entry, select it in the Spam Safe List window by checking the box in the left side of the screen and then clicking the Remove Domain
button.
Edit entries in the Spam Safe List
To edit an entry, double click on it in the Spam Safe List window, make the modifications and click the Update button.
View Personal Safe Lists
Users can have their own Safe Lists. To view a specific user's Safe List select the user's email address from the Select Mailbox dropdown menu.
Note
The same actions available in the Spam Safe List can be taken in any Personal Safe List.
Mailboxes
To access Mailboxes actions go to Products > Mailboxes.
Mailboxes contains all the email addresses managed by your account. You can add multiple addresses from multiple domains either directly or by importing from Active Directory.

List Actions:
Add email - add an email address to the list
Refresh list - refresh the list of email addresses below
Import - import mailboxes from Exchange Online
Search - search for a specific email address in the below list
Email Address (Mailbox) - the columns displays all email addresses managed by your account.
Note
Double click on any of the email addresses to edit it.
Real Name - The name of the user using this email address. When added, Email Security will automatically generate a number of variants of this name which will also be tracked. This can help to ensure that email to this user is correctly captured by Message Rules. This is currently only supported through Synchronize Active Directory.
Exec Tracking - enable this checkbox to mark the email as belonging to a company executive for the purpose of the Executive Tracking Condition.
Note
You can activate executive tracking for specific Active Directory groups from Group Management.
Manage Variants - add or remove multiple variants of a user's name to improve tracking (name variations, maiden names, middle names, etc.).
Groups - add or remove the user from specific Active Directory Groups
Aliases - associate multiple email addresses to a primary mailbox
Delete - click the delete button to remove the email address on that specific row.
Add a new mailbox
Click the
Add button in the upper right side of the screen.
Type in the email address.
Note
You must a user that is part of a domain that Email Security is already tracking, To find more information on adding new domains see Product Configuration.
Press Enter.
Import mailboxes using a .CSV file
Note
This procedure is meant for use with a .csv file downloaded from Microsoft Exchange Online, however you can also use a manually created .CSV file.
In Microsoft Exchange Online go to Exchange Admin Center.
Use the Export data to a CSV file option from the mailboxes screen.
Note
To include aliases in the CSV file ensure that you tick the EMAIL ADDRESSES checkbox in the Export Data dialog.
Go back to Products > Mailboxes in Email Security.
Click the
Import button in the upper right side of the screen.
Click Browse and select the CSV file exported from Microsoft Exchange Online.
Click the Import button.
Note
If the email addresses you import are not part of a domain that Email Security is already tracking, the new mailboxes will fail to import. To find more information on adding new domains see Product Configuration.
You can not import Mailboxes that already exist. this includes mailboxes that already exists as a primary or alias.
You can manually create your own CSV file. The minimum requirement is the header line containing the
FIRST NAME
,LAST NAME
,MAILBOX TYPE
, andEMAIL ADDRESS
headers.Examples:
FIRST NAME,LAST NAME,MAILBOX TYPE,EMAIL ADDRESS John,Smith,User,user1@testdomain.com Jimmy,Smith,User,user2@testdomain.com
Edit Mailboxes
Double click the mailbox you want to edit.
Update the mailbox.
Click the Update button.
Manage Active Directory groups
Click the Groups button corresponding to the user's email address.
Select between Local or Active Directory groups.
Click the Add Group Membership button.
Check the boxes for the groups you want to add the user to.
Click the Select button.
Click the Groups button corresponding to the user's email address.
Select between Local or Active Directory groups.
Click the
Delete Group button.
Manage Variants
Click the Manage Variants button corresponding to the user's email address.
Press the
Add button.
Type in the name variant for the user.
Press Enter.
Click the Manage Variants button corresponding to the user's email address.
Click the
Delete Variant button next to the variant you want removed.
Manage Aliases
Click the Aliases button corresponding to the user's email address.
Press the
Add button.
Type in alias for the user.
Press Enter.
Click the Aliases button corresponding to the user's email address.
Click the
Delete Alias button next to the alias you want removed.
Group Management
To access Group Management actions go to Products > Group Management.
You can use the Group Management screen to see all the user groups supported on your system. Message Rules can take advantage of groups to perform specific actions for users in particular groups.

Add button - add a new group to the list
Search - search for a specific group in the below list
Group Name - the columns displays all groups managed by your account.
Exec Tracking - check this box for all users that should be considered company executives. This option is used for the purpose of the Executive Tracking Condition.
Delete - pressing on one of the delete buttons in the columns deletes the group on that row.
Add a group
Click the
Add Group button.
Enter the name of the new group.
Press Enter.
Edit a group name
Double click on the group you wish to modify.
Make the necessary modifications.
Press Enter.
Delete group
To delete a group click the Delete button on the right side of the screen corresponding the the group you want to remove.
Searching for a specific group
Enter the name (or part of the name) of a group in the search bar at the top of the screen and click the Search button.
Executive Tracking
Check the box in the Executive Tracking to mark all users in the group as company executives for the purpose of the Executive Tracking Condition.
Note
You can find steps on how to mark a specific user as an executive in the Mailboxes section.
Product Configuration
Domains
For more information on the Domains screen click here.
To access Product Configuration actions go to Products > Product Configuration.
Add a domain
Click the
Add button at the top of the screen.
Add the domain name under Domain.
Add the the full hostname or IP address of your destination mail server under Deliver To.
Note
You can add additional Inbound Mail routes later.
Click the
Add button.
This enables a DKIM for your company domain.
Note
If your company has multiple registered domains, DKIM will be enabled for all of them.
View a domain's full public DKIM key
Click the DKIM icon corresponding to the domain you want to view.
Note
DKIM (Domain Key Identified Mail) needs to be enabled and configured for your domain(s) in order for the icon to appear.
Delete a domain
To delete a domain click the Remove Domain button under the Remove column corresponding to the domain you wish to delete.
Edit a domain
Double click anywhere on the row corresponding to the domain you wish to edit.
Make the necessary modifications.
Click the
Update button.
Note
Changing a domain name will also change the DKIM key.
Inbound Mail
For more information on the Inbound Mail screen click here.
To access Group Management actions go to Products > Product Configuration > Inbound Mail.
Add inbound route
Click the
Add button.
Select a domain from the Domain dropdown menu.
Note
You can manage domains from the Domains screen.
Assign a value to the inbound mail route by typing in a value or using the arrows in the Cost field. This will be used when setting up rules to indicate importance and set priorities.
Set the destination by typing in the destination mail server hostname or IP in the Deliver to field.
Click the
Update button.
Delete inbound route
To delete an inbound route click the Delete domain button corresponding to the route you wish to remove.
Edit inbound route.
Double click anywhere on the row corresponding to the inbound route you wish to modify.
Make the necessary modifications.
Click the
Update button.
Outbound Mail
For more information on the Outbound Mail screen click here.
To access Group Management actions go to Products > Product Configuration > Outbound Mail.
Add outbound route
Click the
Add button at the upper right side of the screen.
Type in the destination mail server hostname or IP in the Hostname field.
Click the
Update button.
Delete outbound route
To delete an outbound route click the Delete domain button corresponding to the route you wish to remove.
Edit outbound route.
Double click anywhere on the row corresponding to the outbound route you wish to modify.
Make the necessary modifications.
Click the
Update button.
Disclaimer
For more information on the Outbound Mail screen click here.
To access Disclaimer actions go to Products > Product Configuration > Disclaimer.
Creating a disclaimer
Select the domain for which you wish to create the disclaimer from the Domain dropdown menu.
Note
Selecting Default Disclaimer will apply the disclaimer to all your domains.
Type in the disclaimer in the rich text format under HTML disclaimer. This disclaimer will be automatically chosen if the email is in HTML format.
Type in the disclaimer in plain text format under Plain text disclaimer. This disclaimer will be automatically chosen if the email is in plain text format.
Note
It is recommended to also fill in the plain text disclaimer for those email recipients whose email client does not display HTML emails.
Check the Activate this disclaimer box to activate the disclaimer.
Note
If the box is not checked the disclaimer will not be attached to any email originating from the selected domain.
If both the default disclaimer and a domain specific one are activated, the one specific for that domain will be sent.
Click the
Apply Changes button.
Note
The same steps apply for modifying a disclaimer.
Deactivating a disclaimer
Select the domain for which you wish to create the disclaimer from the Domain dropdown menu.
Uncheck the Activate this disclaimer box to deactivate the disclaimer.
Click the
Apply Changes button.
Custom Quarantine
For more information on the Outbound Mail screen click here.
To access Disclaimer actions go to Products > Product Configuration > Custom Quarantine.
Add Custom Quarantine status
Click the
Add button at the upper right side of the screen.
Type in the name of the new quarantine status
(optional) If you wish for end users to have access to this quarantine status through their Personal Quarantine section check the Permit User Access box.
Click the
Add button.
Delete Custom Quarantine status
To delete a Custom Quarantine status click the Remove domain button corresponding to the route you wish to remove.
Edit Custom Quarantine status
Double click anywhere on the row corresponding to the status you wish to modify.
Make the necessary modifications.
Click the
Update button.
Global Digest Settings
For more information on the Outbound Mail screen click here.
To access Disclaimer actions go to Products > Product Configuration > Global Digest Settings.
Editing Global Digest Settings
Set the frequency of sending the digest by selecting an option from the Send Digest Envery dropdown menu.
Select the interval for sending the digest by selecting time intervals from the Between the Hours of dropdown menus.
Select on which specific days you would like to send the digest by checking the boxes under On the following days.
Click the
Apply Changes button.
Deactivating Global Digest Settings
To deactivate sending the digest check the Never Send box.
Digest and Branding
For more information on the Outbound Mail screen click here.
To access Disclaimer actions go to Products > Product Configuration > Digest and Branding.
Edit Digest and Branding
Select the source of the image you wish to send by selecting either Use your account branding or Use a custom image.
Fill in the below fields:
Custom Digest Image URL (only if you select USe a Custom image)
URL
From Address
Support Email
Digest From Name
Type in your company banner in the HTML and plain text boxes under Branding Settings.
Click the
Apply Changes button.
Administrators
For more information on the Administrators screen click here.
To access Connection Rules actions go to Products > Settings > Administrators.
Warning
Only new End User roles can be created from this page. Users with Bitdefender Administrator are created automatically when a GravityZone user with the proper privileges signs in to Email Security for the first time.
Adding a new user
Note
Before adding a new user, ensure that the users email address is added to the Mailboxes section, either manually or via Active Directory synchronization. For more information see Mailboxes.
Click the Add
button at the upper right side of the screen.
Fill in the Full Name and Email(username) fields, and select the End User Portal role.
Important
Make sure the address matches the user's email address added in Mailboxes.
Select Update.
Note
Once the user is created, an email will be sent to the owner's mailbox containing a notification and instructions on account activation.
The email contains a link that will guide users to a secure login page. Here they will be required to create a password and activate their account.
Importing new users
To import a list of new users, follow the steps below:
Note
Before importing a new user, ensure that the users email address is added to the Mailboxes section, either manually or via Active Directory synchronization. For more information see Mailboxes.
Click the Import
button on the upper right side of the screen.
Type in the email addresses of the users you wish to import.
Under Assign this role to all new administrators select End User Role.
Click Import.
Note
New users, regardless if they were manually added or imported automatically, are required to go through the email verification process before they can sign in.
Deleting a user
To permanently remove a user, click on the Delete button on the row corresponding to the user you want deleted.
Active Directory
For more information on the Active Directory screen click here.
To access Active Directory actions go to Settings > Active Directory.
Requirements
For more informaton on this topic, refer to to Email Security.
Adding a domain using Azure Active Directory
Note
Before adding a domain make sure it is configured in the Product Configuration > Domains section.
Click the Add domain
button on the upper right of the screen and select Azure Active Directory.
Enter a name under Domain. This will be used to identify this domain in the list shown in the Active Directory screen.
Add your AzureAD tenant name under Tenant Name.
Note
For information on how to find your tenant name refer to this Microsoft kb article.
(optional) Enter a specific NetBIOS name under NetBIOS. This will only import date from a specific NetBIOS domain instead of searching automatically.
(optional) Check the Only synchronise users with this attribute set box and enter the attribute name and value. This will only import the users that have this specific attribute to Email Security.
(optional) Check the Only synchronise groups with this attribute set box and enter the attribute name and value. This will only import the groups that have this specific attribute to Email Security.
Click the Add domain button in the upper right side of the screen.
Adding a domain using On Premise Active Directory
Note
Before adding a domain make sure it is configured in the Product Configuration > Domains section.
Click the Add domain
button on the upper right of the screen and select On Premise Active Directory.
Fill in the domain information:
Enter a name under Domain. This will be used to identify this domain in the list shown in the Active Directory screen.
Under Server Hostname enter the DNS name of the domain, or the hostname or IP address of a specific domain controller.
Note
To use the server where the AD Connect software is installed enter localhost.
Enter a valid Username and Password to connect to your domain.
(optional) If you don't want to sync all the domain, uncheck the Sync Entire Domain box and enter a Enter a base DN to use as the root of the search.
(optional) If you don't want to automatically detect NetBIOS names, uncheck the Automatically Detect box and enter a specific NetBIOS name to use.
(optional) Check the Only synchronise users with this attribute set box and enter the attribute name and value. This will only import the users that have this specific attribute to Email Security.
Click the Add domain button.
Click the Generate key button.
Click the Add API key button.
Copy the provided Client ID and Client Secret.
Use the credentials to configure AD Connect.
Note
To configure AD Connect you need to use the AD Connect Setup Tool, which is added automatically as part of the AD Connect installation.
Edit domain settings
Double click on the domain you want to edit.
Go to the Settings tab.
Make the desired modifications.
Click on the Apply Changes button in the upper right side of the screen.
Synchronize Active Directory
Double click on the domain you want to synchronize.
Go to the Status tab.
Click the Synchronize button.
Reports
For more information on the Reports screen click here.
To access Reports actions go to the Analytics page and select one of the report types.
Running reports
To run a report follow the steps below:
Select a report from the list or use the search box to find a specific report and click it:
Click the Run Report button at the right side of the screen:
Saving reports
Once a report has been generated by completing the search criteria, it can be saved so that it can be easily run again in the future or attached to a Schedule.
Note
It is best practice to run the report and ensure you have the expected results before saving it
To save a report, follow the steps below:
Click the drop-down menu in the upper right side of the screen.
Select Save.
Enter a descriptive name for the report.
Note
Select the Make favourite checkbox if you want the report added to the Favourites panel.
Click Save.
The report is now saved and available in the Save panel.

Deleting reports
To delete a report simply click the button in the left side of the Saved panel that corresponds to the report you wish to remove:

Download Reports
To download a report, follow the steps below:
Click the drop-down menu in the upper right side of the screen.
Select Download.
Note
Other report types, such as charts provide multiple options for downloading:

For more information refer to Analytics
Scheduling reports
To schedule a report, follow the steps below:
Click the drop-down menu in the upper right side of the Reports & Charts pane.
Select Schedules.
Click on the Add a schedule button or on one of the days in the calendar. The latter will automatically set the first day of the report to the one you selected from the calendar.
Fill in the required information:
Start date - the first time you want the report to run.
Frequency - how often the report should run.
Report - select which report you want to run from your saved reports list.
Format - select the output format of the report: comma separated values (.csv) or excel (.xlsx).
Recipients - add which email addresses you want the report sent to. They will receive an email containing a download link.
Email empty report - if selected, emails will be sent to the recipients even if the reports returned no results.
Click the Add button.
The scheduled report will now appear on your calendar.

Editing a scheduled report
To edit a scheduled report follow the steps below:
Click the drop-down menu in the upper right side of the Reports & Charts pane.
Select Schedules.
Look for the scheduled report in the calendar and select it.
Make the desired modifications.
Click Update.
Note
You can use the
pause and
unpause buttons to turn scheduled reports on or off.
You can use the Delete button to permanently cancel the schedule. The report itself will not be deleted.
Managing scheduled reports
To manage scheduled reports, follow the steps below:
Click the drop-down menu in the upper right side of the Reports & Charts pane.
Select Schedules.
A calendar will be displayed of all scheduled reports:

You can also switch to the list view by clicking the button in the upper right side of the screen.

Note
You can use the pause and
unpause buttons to turn scheduled reports on or off.
You can use the button to permanently cancel the schedule. The report itself will not be deleted.
Log Archives
In the Log Archives screen you can find previously exported or scheduled reports.
To access the Log Archives, follow the steps below:
Click the drop-down menu in the upper right side of the Reports & Charts pane.
Select Log Archives.
A list of previously exported or scheduled reports will be displayed.

The following information will be made available for each archived report:
Timestamp (UTC) - the date and time archive was created (when the report was exported or created for the schedule).
Product - the name of the product the report was created in.
Retention - the period the item will be kept. The standard for all Email Security reports is 3 months.
First Entry (UTC) - the date and time of the first entry in the archive.
Last Entry (UTC) - the date and time of the last entry in the archive.
Records - the number of records contained in the archive.
Note
You can click the button to download the report to your computer.
Combining charts
You can combine one or more charts following the steps below:
Click the drop-down menu in the upper right side of the Reports & Charts pane.
Select Combine charts.
Enter a descriptive title for the new report.
Select the reports you wish to combine.
Click Combine.
A new report will be created that contains data from all of the selected reports.
SecureMail
Overview
SecureMail is a feature in GravityZone Security for Email that provides a simple and effective solution for user-based encryption of specific messages. This is particularly useful for sending sensitive messages that should not be stored in the recipient’s inbox, like a traditional email message would be.
Add a customizable keyword at the start of any email to convert it to a SecureMail message . When you send the email:
The contents will be converted and added to a secure server.
The recipient will receive an email with a link to the secure server and log in instructions.
The contents of the email can be accessed after logging in.
SecureMail complements the policy-based encryption capabilities integrated within Email Security, with the ability to enforce the use of TLS for specified domains, as well as to use Opportunistic TLS for all messages, falling back to non-encrypted connections only if the receiving email server does not support TLS.
Concepts
In their relation to the sender of the secure message there are two types of SecureMail users:
Internal - users that have access to the GravityZone Security for Email product with the SecureMail license activated. Internal users can be both senders and recipients of SecureMail communications and can send messages to both internal and external recipients.
To send a SecureMail message compose an email message in your standard email client (e.g., Outlook) that meets the trigger criteria for matching the SecureMail rule.
To view and respond to replies to your SecureMail messages, you must be enrolled in the End User Portal.
External - any user with a valid email address that does not have access to SecureMail.
To view and respond to SecureMail messages external users access an isolated web-based SecureMail dashboard and they are required to register with their email address and password.
Note
The URL of the external interface is displayed in the SecureMail Settings section.
Depending on the permissions that have been set in the SecureMail Settings, external users can respond to or only view the message.
Example Scenarios
Company A is a bank that has regular communications with it's software developer Company B. Often sensitive information needs to be sent back and forth between companies. Both use GravityZone Security for Email product and have the SecureMail product licensed, thus they are both internal users.
Both sender and recipient will access the SecureMail dashboard via the End User Portal and neither need to register for a SecureMail account in order to participate. Both users should be enrolled in the End User Portal.
Company C is a medical clinic that is using GravityZone Security for Email and has the SecureMail product licensed. They often send communications to their clients that contain sensitive or personal information. Regular clinic users do not have access to GravityZone Security for Email, thus they are external users, while the clinic is considered to be an internal user.
This is an internal to external scenario. The external user - the clinic's client - will first receive a notification that they have a SecureMail message. They will be able to view the message and, if SecureMail settings allow, reply to it, after registering and logging in to the isolated SecureMail dashboard.
Company D is an insurance agency that is using GravityZone Security for Email and has the SecureMail product licensed. They will be considered an internal user. John Smith is one of their clients and has just received a message from them sent through SecureMail. He does not have access to Email Security, thus he will be considered an external user.
Company D has enabled external users to reply to emails so John is able to reply to the email by registering and logging in to the isolated SecureMail dashboard. Company D employees will be able to view the reply via the End User Portal.
Not supported. The sender must be an GravityZone Security for Email product customer with the SecureMail product licensed or replying to an email sent by one.
Enrolling internal users
SecureMail users can be managed from Products > Settings > Administrators.
All internal users are able to send emails through SecureMail, but they will require an end user role enabled for their mailbox to be able to access and reply to encrypted messages through the End User Portal.
There are two ways to enroll internal users:
Manually adding each email address.
Importing a .CSV file containing the email email addresses.
Once the end-user role has been assigned to a specific mailbox an automated verification and activation process will trigger. SecureMail will send an email containing instructions on how to activate and access the end-user portal.
Note
You can find more information on how to create an end user account and the activation process under Administrators.
As soon as the account has been verified, the user will be able to log in to the end user page and access encrypted messages.
Configure the SecureMail Trigger Rule
To configure this feature follow the steps below:
Go to Products > Email Security > Message Rules.
Create a new rule and give it a descriptive name. Make sure it contains the Secure Deliver final action.
Note
You can find the steps to creating a new message rule here.
Place the rule between the Deliver Inbound and Deliver Outbound rules
Note
The rule can later be edited and moved however it should always be placed before the Deliver Outbound default rule to avoid unexpected behavior.
By default, a new Custom Rule Data regular expression entry is created containing the trigger word [secure] which is then attached to the Subject rule condition. This means that for the message to be processed by SecureMail, the sender should include the [secure] trigger word somewhere in the message subject. The rule can be edited, for example, if you prefer the keyword to trigger on the message body or use an entirely different trigger such as a special header or list of sender email addresses.
The trigger word can be edited by navigating to Products > Email Security > Custom Rule Data and clicking the SecureMail Trigger entry.

Configuring Securemail Settings
To configure the SecureMail settings, follow the steps below:
Go to Products > GravityZone Security for Email > Product Configuration
Click SecureMail Settings.
Edit the settings explained below:
Note
The settings control the behavior of the SecureMail experience for recipients.
Read Receipts - sends a reciept to the sender once the recipient has opened the message.
Internal user permissions - enable or disable specific permissions for internal users, such as the ability to add a CC or Forward address. These permissions apply to all SecureMail Messages that are sent.
External user permissions - enable or disable specific permissions for external users, such as the ability to add a CC or Forward address. These permissions apply to all SecureMail Messages that are sent.
External interface base domain - (read only) the base domain of the SecureMail dashboard used by external users to view and respond to secure messages. Please contact your service provider for further information
It is possible to fully customize the SecureMail templates using the inbuilt HTML editor. The following templates are available:
New SecureMail template - sent to the recipient when they receive a new SecureMail message.
Read Receipt template - sent to the sender when the recipient opens the SecureMail message for the first time (if the Read Receipts setting is enabled).
Confirm Registration template - sent to the recipient after they have registered for access to SecureMail.
Registration Activation template - sent to the recipient when their SecureMail account is ready to use.
When creating templates, several built-in placeholders are available:
Placeholder | Description |
---|---|
| The subject of the secure message being sent |
| The recipient of the secure message |
| The link for the recipient to press. This will be in the context of the template in use. |
| This is the UTC timestamp of when the secure email message was sent. |
| The UTC timestamp of when a message was opened. This is used typically in the Read Receipt template. |
Composing a new SecureMail message
To compose a new SecureMail message follow the steps below:
Compose a new message in their your email client (i.e. Outlook, Outlook Web Access)
Ensure the trigger conditions are met.
Note
By default, the trigger condition is that the subject should contain the pattern
[secure]
.Send the email.
Note
Secure messages cannot be sent to recipients within your own email domain(s). For a message to trigger the SecureMail service it must be sent outbound through the Email Security MTA to the recipient.
Using the SecureMail dashboard
The SecureMail dashboard is a convenient and responsive web application for viewing secure messages. It is very similar to other web mail-based applications, making it familiar and easy for users to use.

Accessing the SecureMail dashboard
When a recipient receives a new secure message, they will receive an email notification containing a link to View Message. Clicking this button will open the SecureMail dashboard:

The SecureMail dashboard provides the same functionality for both internal and external users.
Internal users access the interface through an existing End User Portal
External users access the interface by accessing an isolated SecureMail web-based dashboard and logging in.
Note
The first time external users receive a new secure message they will be prompted to create a new account. The registration process will be handled automatically by the SecureMail system
Using the SecureMail dashboard
After logging in, you will be directed to the the SecureMail dashboard, which is essentially a web-based email client:

The left hand panel (red border) shows the folder list. The options are:
Inbox - a list of secure messages you have received
Outbox - a list of secure messages you have sent
Deleted - a list of secure messages you have deleted
Selecting a folder will update the message list (blue border). The message list shows the list of secure messages in the selected folder. Unread messages will appear with a bold subject line. Messages will automatically be marked as read once they have been opened.
The vertical 3-dot menu provides a list of options for managing multiple messages, or a right-click context menu is available for managing a specific message. The options are:
Mark Read - mark the selected message(s) as read
Mark Unread - mark the selected message(s) as unread
Delete - move the selected message(s) to the Deleted folder
Close - close the message from being viewed in the message panel (green border)
The right hand message panel (green border) is the area used to view the secure message. A splitter is available on desktop view to alter the size of the message panel area. On mobile view, the layout changes to fit a smaller screen size.
The Close button is used to exit SecureMail
Viewing Messages
There are multiple ways of accessing messages in Securemail:
Accessing SecureMail dashboard directly. Once logged in you can navigate between folders and view individual emails.
From an email notification, clicking the View Message link will open the Inbox and display only the new message for convenience. Clicking the close icon X in the yellow banner will reveal all the messages in the inbox..

Responding to Messages
To respond to a message open the message panel by clicking a message in a folder. The message panel provides various options for responding to the message depending on the permissions set in the sender SecureMail account.
Note
If the permission is not available then a banner notice will be presented to inform the user.
The message panel provides the below options:
Reply to a message with a CC address (the CC'd recipient will also need to use the SecureMail dashboard to view and reply to the message)
Forward the message (the recipient will need to use the SecureMail dashboard to view and reply to the message)
Add attachments to your response (maximum 10 megabyte in size)
Note
Attachments are limited to 10 megabytes in size
Delete the message.
Respond to a message.
When responding to a message, you can use the rich text editor to compose a response. If the permission is granted, you will also be able to attach files to your response.
Click the Send button to send the response. A copy of the response will be stored in the Outbox folder.
Digest Emails & Personal Quarantine
As a result of your organization adding enhanced Bitdefender GravityZone Security for Email to Office 365 and Google Suite you may receive what’s called a Spam Notification or Spam Digest into your inbox. These emails will be sent at an predetermined interval (by default once per a day, 5 days a week). The purpose of the Digest is to notify you if any of your messages have been classified as spam by Bitdefender and allow you to manage those messages.
The digest message will have a subject line of Spam Quarantine Report and will arrive from a specific sender address of Spam Digest Service noreply@info.bitdefender.com
.

Once you open the message you will be presented with a preview of all the emails that have been identified as spam since the previous digest report was sent.
The example below illustrates just one message since the last digest was received. The branding on the message may be appropriate to your organization if your administrator has chosen to modify this.

When accessing the digest, you have the following options:
Release the email - the email will be released and will reach it's original destination inbox.
Release the email and mark either the sender or the domain as safe - the email will be released and will reach it's original destination inbox and future emails from the same sender or domain be marked as safe and no longer identified as spam.
Mark it as a denied sender - block all future emails from the sender.
You can view the blocked message content by clicking on the subject header. You may or may not see some of the release options depending on your organization’s policy of providing these functions.
Previewing Spam Messages from Digest
To view a preview of the spam message, click on the subject in the subject: header.

Release Emails from Quarantine and Marking as safe senders
If you trust the sender and the contents of the message and feel it safe to release to your Outlook/Google inbox click on Release.

Configuring Safe or Denied Senders
There are two ways to add a sender to your own Personal Safe List:
Click Safe Sender - this will whitelist a specific email address.
Click Safe Domain - this will whitelist a specific domain.
Whitelisting an email address or a domain will ensure that any future mails from this sender to you personally will bypass spam related checks. It will not bypass Malware and non-spam related checks.

There are two ways to add a sender to your own Personal Deny List:
Click Deny sender - this will blacklist a specific email address.
Click Deny Domain - this will blacklist a specific domain.
Blacklisting a specific sender or domain will ensure that any future mails from this sender to you personally will be blocked.

Sandbox
When the Sandbox feature is activated, all emails containing attachments will be delayed, and their attached files will be sent to a sandbox environment for scanning. Their recipients will instead receive an email notifying them of the events.
Note
New Email Security companies have the feature activated by default. Users of existing companies will be prompted to activate the feature when logging in to the Email Security console.
File detection techniques are used to determine the real type of the file even if the extension has been manually changed. For a list of supported file types refer to Supported file types for Email Security Sandbox.
Note
The maximum file size that can be sent to the sandbox is 20 Mb
Once the scanning is completed, the original email will is delivered to the intended recipient. If the attachments are clean, they will be included in the email. If threats are found, the behaviour of the feature will depend on the Advanced Email Sandbox message rule. For more information refer to Default Rules.
Note
It may take up to 20 minutes for the sandbox to process a file and longer if the file is contained within an archive
Sandbox Settings
To access Sandbox Settings actions go to Product Configuration > Sandbox Settings.

Enable Notifications to Recipients
If this option is enabled, users will receive notifications via email informing them that an email sent to their address has been delayed for further scanning.
Notification Email Display Name
The displayed name of the sender in the notification emails sent to users.
Notification Email From Address
The email address of the sender in the notification emails sent to users.
Use cases
Configure GMail using Google Workspace for GravityZone Security for Email
Follow these procedure to integrate GravityZone Security for Email with Google Workspace Gmail, for inbound and outbound email delivery.:
To configure GravityZone Security for Email for use with Google Workspace follow the steps below:
Go to Products > GravityZone Security for Email > Product Configuration.
Go to Inbound Mail.
Click the Add button
to add a new delivery route.
Select your Domain from the drop-down list.
Under Cost set route priority to
5
.The cost defines route priority for multiple routes.The lower the number, the higher the priority.
Under Route enter the following:
ASPMX.L.GOOGLE.COM
Update to save changes.
Repeat steps 3 to 7 to add the following routes and associated costs:
ALT1.ASPMX.L.GOOGLE.COM
with the cost of10
ALT2.ASPMX.L.GOOGLE.COM
with the cost of15
ALT3.ASPMX.L.GOOGLE.COM
with the cost of20
ALT4.ASPMX.L.GOOGLE.COM
with the cost of25
The final routes should look similar to the ones in the screenshot below.
Go to Products > GravityZone Security for Email > Product Configuration.
Go to Outbound Mail.
Click the Add
button.
Under Hostname enter the following hostname:
spf://_spf.google.com
Update to save changes.
You should configure GMail using Google Workspace to block any inbound email that does not originate from the GravityZone Security for Email (EMS) product. However, you will need to do this via a two-step process. This section is split into two sections – prior MX record change and post MX record change.
Before changing MX records it is recommended that the GravityZone Security for Email IP addresses are added to the inbound gateway so that when MX records are changed all messages are not quarantined.
Note
You may already have inbound gateway entries listed. If this is the case you need to append the entries below to the existing list and then remove the existing entries once the MX records have been changed.
Follow the steps below:
Login to the Google Workspace Admin Console with an administrators account.
Click on the Menu button
.
Select Admin > Apps > Google Workspace.
Click on GMail to take you to Settings for Gmail.
Click on Advanced Settings at the bottom of the page.
Scroll down to Spam, phishing, and malware and configure/edit the Inbound Gateways.
Add a Name to the Inbound setting.
Add the IP addresses for our service and click Save.
Note
You can find a list of our IP addresses here:
The entries should look like this if using the EU servers:
Note
Ensure you do not check the Reject all mail not from gateway IPs box.
At the bottom of the Advanced Settings page, click Save to apply the changes.
Ensure that this configuration is replicated to Google Workspace before changing any MX records.
Note
It can take up to an hour for changes to propagate to user accounts for GMail using Google Workspace You can track changes in the Admin console audit log.
Once MX records have been changed and replicated to the internet email should start flowing through the GravityZone Security for Email product. You can verify this via the GravityZone Security for Email Activity reports and charts. You can also check this in the Google Workspace portal by following these steps:
Login to the Google Workspace Admin Console with an administrators account.
Click on the Menu button
.
Select Admin > Apps > Google Workpace.
Click on GMail to take you to Settings for Gmail.
Click on Setup.
Check that the MX records match the below:
By default, Gmail using Google Workspace will still scan all emails for spam. If you do not want Google Workspace to quarantine any of the messages, you can whitelist the GravityZone Security for Email service IP’s. To do this follow these steps:
Login to the Google Workspace Admin Console with an administrators account.
Click on the Menu button
.
Select Admin > Apps > Google Workpace.
Click on GMail to take you to Settings for Gmail.
Click on Advanced Settings at the bottom of the page.
Scroll down to Spam, phishing, and malware and under Email whitelist add the GravityZone Security for Email service IP addresses:
The entries should look like this if using the EU servers:
At the bottom of the Advanced Settings page, click Save to apply the changes
Warning
If there are valid reasons for inbound messages to be delivered direct to Google Workspace the IP addresses of the sending servers should be added to the Inbound Gateways section prior to making this change. Failure to do so will block messages coming from those servers.
Login to your Google Workspace Admin Console with an administrator account.
Click on the Menu button
.
Select Admin > Apps > Google Workpace.
Click on GMail to take you to Settings for Gmail.
At the bottom of the page, click Advanced Settings.
Go to Hosts > Add Route.
Enter a Name for the route, such as GravityZone Security for Email Outbound.
In the Specify email server select Multiple hosts.
Add a primary entry for each of the outbound servers based on your region.
For US and ROW open ports
25
and587
and add the following hosts:smtp1.us.scanscope.netsmtp2.us.scanscope.net
For EU open ports
25
and587
and add the following hosts:smtp1.scanscope.netsmtp2.scanscope.net
Click Save.
Navigate back to General settings > Routing > Routing section.
Click Configure for routing.
The Add settings option appears.
Enter a Name for the rule, such as GravityZone Security for Email Outbound Rule.
Under Messages to affect(section 1), select Outbound.
Under For the above types of messages, do the following(section 3), select Change route.
Change Normal routing to GravityZone Security for Email Outbound Rule, created above.
(Optional)Under Encryption (onward delivery only), select Require Secure Transport (TLS).
Click Add Settings or Save if you are editing an existing configuration.
At the bottom of the Advanced Settings page, click Save to apply changes.
Note
It can take up to one hour for your settings to come into effect. You can track changes in the Admin console audit log.
Login to the Google Workspace Admin Console with an administrators account.
Click on the Menu button
.
Select Admin > Apps > Google Workpace.
Click on GMail to take you to Settings for Gmail.
Click on Hosts section.
Click on the Add Route button.
Give the route a Name like “Google Internal”.
In the Specify Email server select Multiple hosts.
Add a primary entry for each of the GMail Servers listed below:
aspmx.l.google.com alt1.aspmx.l.google.com alt2.aspmx.l.google.com alt3.aspmx.l.google.com alt4.aspmx.l.google.com
Click Save.
Go to the General setting tab and scroll to the Routing setting in the Routing section.
Click on Add Another for Routing. This will open up a new Add setting option.
Enter a name like Internal Route.
Select the checkbox for Internal – Sending in Messages to affect.
Select only affect specific envelope recipients and define a REGEX for your internal domain.
Note
For multiple domains you can add them into the regex in this format:
.*@firstdomain\.com|.*@seconddomain\.co\.uk
Select Change route in For the above types of messages, to do the following.
Change the Normal routing to the one created above.
Click on Show Options at the bottom of this page and Select Users and Groups” under Account types to affect:
Click the Add Setting button, then click Save.
At the bottom of the Advanced Settings page, click Save.
Note
Now all internal mail is routed directly to Google servers, and all other mail routes through the GravityZone Security for Email Outbound Gateway.
Configure Inbound mail on Office 365 to reject non-EMS emails
You should configure Office 365 to block any inbound email that does not originate from GravityZone Security for Email product. There are two options available discussed below. The option best suited to you depends on your environment and requirements.
This method will allow the GravityZone Security for Email server IP addresses to deliver emails even if spam filtering is enabled in Office 365. This will ensure emails processed by the GravityZone Security for Email product are delivered without delay and do not land in the junk mailbox folder for Office 365 users.
Note
Your EMS account must have an inbound TLS rule for this option to complete successfully.
Login to Office 365 Exchange Admin Center and go to Admin Centers > Classic Exchange Admin Center.
Go to Protection > Connection Filter.
Edit the Default entry and navigate to the Connection Filtering tab.
In the Allowed IP Address section, add all of the IP addresses for the GravityZone Security for Email region you are using - see Europe, United States, or United Arab Emirates.
Click Enable Safe List and then Save.
Note
Office 365 is now configured to block any email that does not originate from EMS.
Using a rule provides more flexibility than just using IP address, for example you could control based on email address or attachment Depending on your requirements or environment this may be the best option, if you have other means to restrict direct connection to your Office 365 tenant other than just IP address.
Log in to the Office 365 Admin Center, and go to Admin Centers > Exchange.
In the left-hand pane, click Mail Flow and then Rules.
Click + and then click Create a new rule.
In the New Rule page, enter a Name to represent the rule. For example,
Email Security IP restriction
.Scroll down and click More options.
From the Apply this rule if drop-down menu, select The Sender, Is External/Internal and Outside the organization.
From the Do the following drop-down menu, select Block the message and Reject the message with the Explanation.
Click Enter text and enter the message that you want to include in the non-delivery report (NDR) that will be sent to the email's sender. For example:
IP restricted, not using MX record. Please ensure your DNS is up-to-date and try sending this message again.
Click Add exception.
Select Sender and then Sender's IP address is in the range or exactly matches, and enter the GravityZone Security for Email IP for your cluster - see Europe, United States, or United Arab Emirates.
Click + to add each of the IP addresses for your region.
Once all the IP addresses have been added, click OK.
Scroll to the Properties of the rule section. Under Match sender address in message, select Header or Envelope.
Click Stop processing more rules.
Click Save.
Verify that the new rule displays at the top of the list of mail flow rules. If it's not at the top, select the rule and use the Up arrow to move it.
Note
Office 365 is now configured to block any email that does not originate from EMS.
Configure Office 365 for GravityZone Security for Email
Follow these procedures to integrate GravityZone Security for Email with Office 365, for inbound and outbound email delivery.
To configure GravityZone Security for Email for use with an Office 365 account follow the steps below:
Go to Products > GravityZone Security for Email > Product Configuration.
Go to Inbound Mail.
Click Add to add a new delivery route.
Select your Domain from the drop-down list.
Under Cost set route priority.
The cost defines route priority for multiple routes.The lower the number, the higher the priority.
Under Route enter the 0365 domain name (e.g.
domain-com.mail.protection.outlook.com
)Note
This can be found under O365 > Settings > Domains > Domain Details > MX Value
Update to save changes.
Go to Products > GravityZone Security for Email > Product Configuration.
Go to Outbound Mail.
Click Add.
Under Hostname enter the following hostname:
spf://spf.protection.outlook.com
Update to save changes.
Please follow the steps in this article to restrict Office 365 and then return to this article to continue configuration.
Follow the steps below to configure Office 365 to always send messages using the EMS server:
Log in to your Office 365 Admin Center, and go to Admin Centers > Exchange.
In the left-hand pane, click Mail Flow > Connectors.
Click + to add a new connector.
In the From: field, select Office 365.
In the To: field, select Partner Organization.
Give the new connector a sensible name.
Click Next.
Under When do you want to use this connector? select Only when email messages are sent to these domains, then click the + icon and enter
*
.Click Next.
Under How do you want to route email messages, select Route email through these smart hosts.
Add hosts according to the correct addresses for your cluster - see Europe, United States, or United Arab Emirates.
Click Next and then click Confirm to create the connector.
Note
If you wish to verify the connector, be sure not to use an internal address. For example, use a personal email address which is not a domain configured for your customer.
If the validation fails check the settings below before contacting technical support:
The connector is enabled.
The default domain is the domain configured in EMS domain settings (MailFlow > Accepted Domains).
Configure outbound DKIM
DomainKeys Identified Mail (DKIM) adds a digital signature to safeguard the email content of your outbound source. Configuring DKIM increases your domain reputation with different providers.
Each domain covered by GravityZone Security for Email will have its own key, so each domain will need to be configured before it can be DKIM-enabled.
Note
GravityZone Security for Email comes with a default system Message Rule called Apply DKIM which is enabled by default; however, outbound messages won't be signed unless you have configured outbound DKIM, by following the steps below.
Go to Products > Product Configuration > Domains.
To view the DKIM public key, click on the view
button. Click the icon next to the domain you wish to configure to display the DKIM.
Write a DNS txt entry for the domain.
Note
You need to create a txt record for
ussems._domainkey.xxxxxx
, where xxxxxx is your domain name.Here is an example of what should be seen on a
nslookup
. This entry should match the entry found in step 2.Repeat steps 1 to 3 for all of your domains and then wait for the domain TTL to expire.
Return to the Domains section and click the Verify and Enable DKIM button. The DKIM status will be updated to Success if the DKIM key can be verified against the domain DNS. At least one domain must have DKIM verified in order to enable DKIM on your account.
Note
If you remove all DKIM verified domains, or wish to disable DKIM on your account please remember to verify DKIM again. If no domains can be verified then DKIM will be fully disabled.
If you want outbound mail to be DKIM-signed for some, but not all, of the domains on your account, follow the steps below.
Go to Products > Custom Rule Data.
Click the New button at the bottom of the screen and select Rule Data
Enter a name, and Click Update.
Add the domain(s) for which you would like to enable DKIM under Value.
Note
Keep each domain as a separate line.
Click Save.
A window appears with your domain’s DKIM key (public key).
Go to Products > Message Rules.
Click the Add Rule button.
Enter a name click the Add button.
Configure the new rule:
Add the following conditions:
Direction: Matches Outbound
DKIM Enabled: Matches True
Sender: Matches DKIM Signing
Add the DKIM Signing: Value 1024-bit key ac
Click Save.
Move the rule to top of the Message Rules list (drag and drop) to give it the highest priority.
Search for the Apply DKIM signing system message rule in the Message Rule list and click the On button to turn the rule off.
Safelist GravityZone Security for Email IP addresses in Office 365
If you are using GravityZone Security for Email and delivering clean emails to Office 365, it is essential to bypass Exchange Online Protection (EOP) to ensure smooth delivery of emails. Failure to add the bypass rules will allow Office 365 to interfere with email delivery, causing unexpected results and behavior for end users.
Note
Even with the EOP bypass rules in place Office 365 will still provide anti-malware scanning
Log in to Office 365 and go to Admin > Exchange Admin Center.
Select Rules under the Mailflow section. Click the + icon and select Create a new rule...
Enter a name for the new rule (for example, Spam exclusion for Email Security).
Select More Options.
From the Apply this rule if... drop down menu, expand The sender... menu option and select IP address is in any of these ranges or exactly matches. In the dialog that opens, enter in each of the IP addresses based on the GravityZone Security for Email region in use.
You can find a list of our IP addresses here:
From the Do the following... drop down menu, expand the Modify the message properties... menu option and select set the spam confidence level (SCL) option to Bypass spam filtering.
Note
The final rule should look similar to the example below:
Click Save to save the rule
Clutter is a feature that moves low-priority emails out of user's inbox to a folder called Clutter. Clutter analyzes user's email habits, and based on past behavior, it determines the messages that the user most likely to ignore. To make sure that emails are always delivered to the user's inbox, you must bypass the Clutter. To do this amend the above rule and add the following entries.
Select Add Action and then expand Modify the message properties... and select set a message header.
Click the first Enter text link and paste the following exactly as it appears (case sensitive):
X-MS-Exchange-Organization-BypassClutter
Click the second Enter text link and paste the following exactly as it appears (case sensitive):
true
The rule should now look similar to the example below:
Click Save to save the changes.
Focused Inbox is a feature that automatically evaluates incoming emails and direct them to two views: Focused and Others. To make sure the email messages are always delivered to the user's Focused inbox, you must bypass the evaluation. To do this, create a new rule:
Click the + icon and then select Create a new rule....
Give the rule a name (for example Bypass Focused Inbox evaluation).
Click on More Options.
From the Apply this rule if... drop down menu, expand The sender... menu option and select IP address is in any of these ranges or exactly matches. In the dialog that opens, enter in each of the IP addresses based on the GravityZone Security for Email region in use.
You can find a list of our IP addresses here:
From the Do the following... drop down menu, expand the Modify the message properties... menu and select set a message header.
Click the first Enter text link and paste the following exactly as it appears (case sensitive):
X-MS-Exchange-Organization-BypassFocusedInbox
Click the second Enter text link and paste the following exactly as it appears (case sensitive):
true
The rule should now look similar to the example below:
Warning
Ensure that the Focused Inbox rule has a higher priority than the rule to bypass Office 365 spam protection
Configure outbound DMARC
GravityZone Security for Email provides the ability to participate in DMARC (Domain Message Authentication Reporting and Conformance) for email authentication.
Note
For more information refer to How DMARC works.
Before configuring any DMARC DNS entry, you must ensure that the following are true:
You have enabled DKIM for each domain in your account.
You have enabled SPF for each domain in your account.
Note
For more information on SPF records see:
Create a DNS Resource Record of type TEXT
with a record name like _dmarc.domain.TLD
. For example, the Resource Record name for domain testdomain.co.uk
is _dmarc.testdomain.co.uk
.
Note
The record name must start with _dmarc
(including the underscore).
The text content of a simple starter record should be similar to:
v=DMARC1; p=none; ruf=mailto:DMARCReports@tonyfrankum.co.uk; aspf=s
aspf=s
specifies "strict" checking of SPF (the default is "relaxed").ruf=
provides the email address to which DMARC failure reports should be sent.p=none
specifies a policy of "none" - the recipient should not reject or quarantine any messages simply because they do not align with this DMARC policy. The recipient could of course reject or quarantine the messages for other reasons.
You should start to receive reports to the email address you specified every 24 hours. After reviewing the reports and confirming that valid messages from your domains do pass evaluation, you may then request that recipients act on messages that do not align with the policy, by changing the policy to quarantine or reject.
Receive notifications for add on licensing expiration
Configure outbound email for Exchange 2016
It is important that you configure your Exchange connectors to send outbound email out through the MailSafe service. This ensures that both your outbound traffic is scanned and your traffic is profiled to help improve spam filtering. This article explains how to configure your connectors correctly.
Login to the Microsoft Exchange Server as an administrator.
Open Exchange Admin Center by visiting https://your-exchange-servers-hostname/ecp.
In the left Pane, select mail flow ⟶ Connectors.
Select the + icon to create a new send connector.
Enter an identifiable name for your connector such as Email Security Mail Relay.
Ensure the type is set to Custom.
Select Next.
Specify the mail to be relayed by the option Route mail through smart hosts.
Select the +” icon to create a new smart host.
Create connectors for each sending hosts in the appropriate cluster - either US or EU.
Select Next.
Ensure Smart Host Authentication is set to None.
Select Next.
For the Address space, select the + button to add a domain.
Enter the FQDN as
*
and change the cost to10
.Click Save.
On the Source Server page, add any other Exchange Servers that should be able to send email to this connector by hitting the + button. In most cases where there is only one server, the server will already be added. Click Next.
Click Finish.
Configure outbound email for Exchange 2007/2010
It is important that you configure your Exchange connectors to send outbound email out through the MailSafe service. This ensures that both your outbound traffic is scanned and your traffic is profiled to help improve spam filtering. This article explains how to configure your connectors correctly.
Login to the Microsoft Exchange Server as an administrator.
Go to Start > All Programs > Microsoft Exchange 2010 > Exchange Management Console to open the Exchange Management Console.
In the left Pane, go to Microsoft Exchange > Organization Configuration.
Select Hub Transport.
In the middle pane, select the Send Connectors tab. A list of send connectors will be displayed.
Delete any Send Connectors that are destined for the internet. This will normally be all of them.
Create connectors for each sending hosts in the appropriate cluster - either US or EU.
In the right pane, select the New Send Connector link.
Enter the Name as per the cluster list, and select the Intended use as Internet.
Select Next.
On the Address Space page, select the Add button to add an SMTP Address Space.
Enter the Address Space as
*
and the Cost as10
. Click OK to create the connector, and then click Next to continue.On the Network Settings page, select Route Mail Through the following Smart Hosts.
Click the Add button to add a smart host.
When prompted, select Fully Qualified Domain Name and the first hostname from the appropriate cluster - either US or EU.
Click Next.
On the Configure Smart Host Authentication settings page, select None and then click Next.
On the Source Server page, add any other Exchange Servers that should be able to send email to this connector. In most cases, where there is only one server, the server will already be added. Click Next.
On the final page, click New to create the connector.
Click Finish.
Troubleshooting AD Connect
The Refresh and Test buttons in the AD Connect Setup Tool are the first step in troubleshooting any issues you might be experiencing:
Refresh
AD Connect will automatically check for new or updated domain settings every 30 minutes. Click this button to force an immediate refresh.
Test
This button will verify the connection to GravityZone Security for Email and validate all credentials entered in the Setup Tool.
If this does not solve the problem, check that the AD Connect service is running:
Go to Task Manager by right clicking on your Windows taskbar and clicking on Task Manager.
Look for The AD Connect under the Services tab.
Right click on the Service and restart it.
Stop receiving marketing emails
To stop marketing emails, including those marked as high and medium reputation, you can follow one of the steps below:
Use the link provided in each email to unsubscribe. This will only stop emails sent by that specific sender.
Filter out the emails by creating a rule in Outlook. Set all emails containing one or both tags in the subject line to be sent to a specific folder or to Trash.
Create a new rule in GravityZone Security for Email to filter out these emails for one or more users.
Enable editing DNS for your domain in Office 365
By default, the ability to add or update DNS records for managed domains in Office 365 is disabled. In order to configure and use GravityZone Security for Email you need to be able to edit your domain's DNS record to point to the service region you are using. To enable editing DNS records, follow the steps below:
Log in to Office 365 Admin center.
In the menu on the left side of the screen go to Settings > Domains.
Check the box next to your domain name then click on Manage DNS.
Click Continue.
Uncheck the Exchange and Exchange Online box and click Continue.
Click Done.
You will now be able to add and update the DNS records for your domain.
Working with LinkScan
LinkScan is a feature that adds an additional security layer to incoming e-mails. All contained URLs are rewritten to redirect users to the LinkScan domain, where the URL is scanned and checked for threats, including deep redirect scanning and document detection.
GravityZone Security for Email implements this feature through the LinkScan action, which, when triggered, rewrites all the URLs contained in an email. To implement the feature, you need to have a Message Rule set in place that applies this action to your messages based on specific conditions.
Rewriting URLs
URLs inside emails are rewritten so that they will pass through the linkscan.io
domain before taking the user to the original destination. A rewritten URL has the following format:
https://lsems.gravityzone.bitdefender.com/scan/<string>
When a user clicks a rewritten URL, the LinkScan service checks the underlying URL against multiple threat intelligence feeds:


Creating a LinkScan rule
To create a new LinkScan rule, follow the steps below:
Go to Products > GravityZone Security for Email > Message Rules.
Click the Add Rule
button at the upper right side of the screen.
Add a descriptive name for the rule and click the Add
button.
Add a Direction condition and set it to Inbound.
(optional) Add a Sender In List condition and set it to Does Not Match: All Safe Lists.
Note
This condition will exclude all emails received from senders included in your Safe lists from LinkScan URL rewriting and is not mandatory for the rule to function properly.
Add a LinkScan action and set it to Click to Continue, Block on threat, Hide target URL with Doc Scan.
Note
This is the most restrictive setting. You can find more information on the other available settings here.
Click the Save
button.
Creating exclusions
You can exclude emails from specific users by adding the user's email address to your company's Safe lists. URLs contained in emails received from this user will not be rewritten.
To exclude a specific URL follow the steps below:
Go to Products > GravityZone Security for Email > Custom Rule Data.
Click the Add New button at the upper lower side of the screen and select Rule RegEx.
Give the rule a descriptive name and click Update.
Add the URL you want excluded in the following format:
\b(URL)\b
. Add a forward slash/
before each period.
character and use|
to separate multiple URLs.Example 26. Exclude google.com\b(google\.com)\b
Example 27. Exclude google.com and www.yahoo.com\b(google\.com)\b|\b(www\.yahoo\.com)\b
Click the Save button.
Go to Products > GravityZone Security for Email > Message Rules.
Start editing the LinkScan rule by double-clicking it.
Add a Body condition, set it to Does not match and select the name of the Custom Rule Data you created.
Click the Save button in the upper rights side of the screen.
Install the Microsoft Outlook Add-in for Email Security
You can use Microsoft Outlook Add-in for Email Security to report messages as spam or phishing attacks directly from your inbox. Once reported, the message will be sent to Bitdefender and analyzed.
Requirements
The add-in is only accessible from a primary mailbox. You cannot use the add-in on a shared mailbox.
Compatible outlook versions:
Outlook 2013 or later for Windows
Outlook 2016 or later for Mac
Outlook on the web for Exchange 2013 on-premises and later versions
Outlook on iOS
Outlook on Android
Outlook on the web in Office 365 and outlook.com
Copy the this add-in manifest URL :
Go to the Office 365 admin center Add-in page and sign in.
Click Deploy Add-in.
Click Next.
Select Upload custom apps.
Select the I have a URL for the manifest file option and paste in this URL:
https://download.bitdefender.com/business/EmailSecurity/OutlookAdd-in/emsaddinmanifest.xml
Select Upload.
Select the users you want to assign the add-in:
Everyone - all users in your company will have access to the add-in.
Specific users / groups - only the selected users will have access to the add-in.
Just me - only you will access to the add-in.
Select the deployment method:
Fixed - the add-in will deploy automatically to all assigned users. Only you will be able to remove the add-in.
Available - users will have access to the add-in but will need to deploy it manually. All users will be able to remove the add-in.
Optional - the add-in will deploy automatically to all assigned users. All users will be able to remove the add-in.
Click Deploy.
If successful, the following message will appear:

The add-in should now appear in the list:

In Outlook, go to File > Manage Add-ins.
Go to My add-ins.
Under Custom Add-ins click Add a custom add-in and select Add from URL....
Enter this URL:
https://download.bitdefender.com/business/EmailSecurity/OutlookAdd-in/emsaddinmanifest.xml
Click OK.
If successful, the Add-in will appear under My add-ins > Custom Addins

Using the add-in to report an email
Once installed, the a button will appear in your Outlook interface:
For web version
For desktop app
To report an email follow the steps below:
Select the email you wish to report.
Click the Bitdefender add-in button.
Select either Report spam or Report phishing.
Exclude synchronized Azure Active Directory mailboxes from billing
All mailboxes added to GravityZone Security for Email as a result of synchronizing with Azure Active Directory (AAD) are identified by default as standard users, making them subject to billing. To be able to exclude o exclude shared mailboxes from billing, you need to provide the synchronization service with additional permissions to be able to read information from the Exchange API.
Grant access to synchronize Azure Active Directory shared mailboxes
Note
This applies only to new Azure Active Directory connections. If you already have an existing Azure Active Directory connection, please assign the Office 365 Exchange Online API permission to it before continuing.
Sign in to Azure Active Directory with an Administrator account.
In the menu on the right side of the page, select Roles and administrators.
Use the search box to locate the Security Reader role and check the box next to it.
Click on the
button on the right side of the screen and select Description.
Select the Assignments page from the menu on the right side of the screen and click Add assignments.
Search for USS AzureAD, click on it to select it, and then click on Add.
The necessary permissions have now been granted to the synchronization service.
Note
If the Azure portal does not allow you to assign the role to the USS AzureAD application, you can use the Azure CLI tool or PowerShell as an alternative.
Add the Exchange Online API permission to an existing Azure Active Directory connection
Note
Only follow this procedure for Azure Active Directory connections created prior to 21st October 2020.
Sign in to Azure Active Directory with an Administrator account.
In the menu on the right side of the page, select Enterprise applications.
Search for USS AzureAD and select it.
In the menu on the right side of the page, select Permissions.
Click the Grant admin consent for <company name> button.
Proceed with the authentication and click Accept.
The Office 365 Exchange Online permission will now appear in the Admin Consent tab.