What's new ?

Understanding Product Usage

Master Services Agreement

Service IP addresses and ports

Administrators

Active Directory

AD Connect software

Roles

Keyword Lists

Devices & Groups

Collecting debug information - USS Agent for Mac OS X

Configuration options for the Gateway agent type

Configuration options for the Windows agent type

Bypassing Office 365

Disable QUIC in Chrome Browser

Prevent Law features for UK organisations

Unclassified / Uncategorised Site Processing

CensorNet Web Filtering Policy and Approach for Education

List of domains to bypass apps for SSL Interception

Bypass GoToMeeting & LogMeIn

Bypassing the Apple Store

Using Web Security with Sophos

Deployment Overview

Installing SSL Certificates On IOS 10.3/IOS 11 Devices

Importing an SSL Certificate into the Cloud Gateway

ESET issues identified

Active Directory Login Service

SSL/TLS Strict Mode blocked ciphers

Installing an SSL Certificate on iOS 13

Overview

Rules Engine Concepts

Filter Rules

Feature Control Rules

Custom URLs

Bypass Categories

Deployment

Agent Configuration Profiles

Unblock Requests

Web Security: Product Configuration

Global Web Filtering Coverage

Web Categories List

Fair Usage Policy for Web & CASB (Inline)

Getting Started

Requirements

Changelog

Download the USS Agent for Windows

Deploying via Wizard

Deploying via Startup/Shutdown script

Deploying the Windows agent via a custom MSI

Deployment via GPO

Command-line parameters

Collecting debug information - USS Agent for Windows

Processes used by USS Agent for Windows

How to disable Device Guard or Credential Guard

Upgrading the USS agent from the v3.x release to the v4.x release

Installing the USS Agent SSL certificate in Firefox

Tray icon status codes

Getting Started

Requirements

Changelog

Download

Install - Deploying via Wizard

Command-line parameters

Overview

Authentication & Identification

Deployment

Network

Settings

System

Advanced configuration

Configuring USS Gateway to work with LoadBalancer.org software load balancer

Getting Started

Requirements

Download

Changelog

Installation

First time Configuration

Upgrading USS Gateway

Accessing the Command Line

Take Packet Capture From Command Line

Reset Linux Password To Log Into Gateway Command Line

Captive Portal on Samsung Devices

SSL Certificate installation for iOS 10.3

'The Requested Content Was Blocked' Error Message

URL Bypass List for iOS Apps

Resizing a Partition in ESX Server Virtual Machine

Export SSL Certificate From One Gateway To Import To Another

Interception of apps on iOS 10.x+ and Android 7+

Deploying Web Browser proxy settings

Migrating the SSL intercept certificate to a new gateway

Using an intermediate CA signed by Windows DC root CA

Installing on Hyper-V

Upgrading USS Gateway software packages

Overview

App Catalog

API Integrations

DLP Scanning

Malware Scanning

Digest generation and Quarantines

Executive Tracking

Blocking emails from hacked Gmail accounts

Stop specific users from receiving Word documents

Detect credit card numbers in an email

Disable spam filtering for specific mailboxes

Nearby Domain Rule

IP Geolocation connection Rule

Reject oversized emails

Configure Office 365 for EMS

Configure GMail using G Suite for EMS

MX records and IP addresses for EU customers

Reporting spam or false positives

Configure outbound email for Exchange 2007/2010

Configuring TLS encryption

MX records and IP addresses for non-EU customers

LinkScan: on-demand URL protection

Bulk email terms and conditions

Queue retention and retry times

Personal Safe Lists and Personal Deny Lists

Configure outbound DMARC

Configure outbound DKIM

Configure outbound email for Exchange 2016

CEA - Data storage explained

Reject message due to message “550 5.1.8 sender denied”

Insufficient system resources message on inbound email delivery

Email Sandbox - Level 1 supported file types

Outbound Delivery error: 550 Unable to relay

[Marketing Medium] or [High Medium] prefixed to the subject of mails

DMARC Failure Reporting

Overview

Email Security: Quick start

Message Rules

Connection Rules

Default Rules

Custom rule Data

Global Quarantine

Personal Quarantine

Global Deny List

Global Safe List

Mailboxes

Product Configuration

Group Management

Overview

Quick Start

Rules Engine Concepts

Authentication Client (server)

Authentication App (enduser)

Product Configuration

Third Party Guides

Activity Reports

Charts

Schedules

Digest generation and Quarantines

Updated 6 months ago by admin

Email Security will process your Message Rules in priority order. These rules are used, among other things, to determine a Spam Score for each message. The default set of rules contain a Confirmed Spam rule and Possible Spam rule. These two rules work together to determine whether a message is quarantined and whether a message is digested.

By default, a message with a Spam Score of between 100 and 140 will be quarantined but will be digested and available to users (the Possible Spam rule).

A message with a Spam Score greater than 140 will be sent to Company Quarantine and will not be digested (the Confirmed Spam rule).

If the message has a Spam Score less than 100, no action will be taken (and further Rules will be allowed to proceed).

Virus-blocked emails will not be digested by default.

Avoiding false positives

Here are some options if you find the spam detection of EMS too aggressive.

Increase the threshold for confirmed spam

Visit your USS Dashboard and click Products ⟶ E-mail Security ⟶ Message Rules.
Select the rule called Confirmed Spam and double-click to edit it.
Under the Selected Conditions column, find the Spam Score condition, and click .
Change the Condition Value to a higher threshold, such as 170.
Click .

Disable the Confirmed Spam rule

You can disable the Confirmed Spam rule completely.

This will significantly reduce Email Security's ability to detect and handle spam, and will probably result in an increase of spam emails to your users.

Visit your USS Dashboard and click Products ⟶ E-mail Security ⟶ Message Rules.
Select the rule called Confirmed Spam and double-click to edit it.
Click the Active toggle, to switch it off.
Click .

Use global safe lists

If the false positive spam that you're receiving is coming from only a few domains or a few specific IP addresses, you can add these to the Global Safe List.

You should avoid having a large Global Safe List, as this can expose a security hole. A faked email address that matches a domain on your Safe List will bypass any spam checks.

Digest generation and Quarantines

Avoiding false positives

Increase the threshold for confirmed spam

Disable the Confirmed Spam rule

Use global safe lists

How did we do?

Feedback