Digest generation and Quarantines

Email Security will process your Message Rules in priority/rule order. These rules are used, among other things, to determine a Spam Score for each message. The default set of rules contain a Confirmed Phishing, Confirmed Spam and Possible Spam rule. These three rules work together to determine whether a message is quarantined and whether a message is digested (recipients will receive a digest summary of email in their quarantine). If an email triggers a final action on a previous rule, before these three rules, that action is taken and rule processing will stop. Any rules after this will not be triggered.

Quarantined emails are available to release for 30 days

By default, a message with a Spam Score of between 100 and 140 will be quarantined but will be digested and available to users (the Possible Spam rule). All safelists will exclude this email from being quarantined.

A message with a Spam Score of between 140 and 699will be sent to Company Quarantine and will not be digested (the Confirmed Spam rule). All safelists will exclude this email from being quarantined.

A message with a Spam Score greater than 700 will be sent to Company Quarantine and will not be digested (the Confirmed Phishing rule). Global safelists only will exclude this email from being quarantined.

If the message has a Spam Score less than 100, no action will be taken (and further Rules will be allowed to proceed).

Virus-blocked emails will not be digested by default.

Digest Times

In Global Digest Configuration you can set the days and times that digests are sent. This is located under Email Security -> Product Configuration

  • Never Send: Checking this option will turn off digests for all users. However, users with personal digest access can enable their own digest.
  • Send Digest Every: This sets the frequency that a digest will be sent digests. However, it must fall between the the hours setting (next point) for digests to be generated.
  • Between the hours of: This sets the time that the frequency will run in UTC. If it is set from 1:00 until 24:00, this means no digests will be generated between 00:00 and 01:00.
  • On the following days: This is a tick box to enable which days digests will be generated.
  • Digest Token Lifetime: When a digest is sent this sets the life time of the links in the digest email, outside of that lifetime in days the link will become invalid.
  • Last Digest Sent Date and Time: This is the last time a digest was sent for any of mailbox.
Digests are only sent when a message has been Quarantined. Company Quarantined emails are not digested
If using the above configuration and an email was detected and quarantined at 01:10. A digest will be generated shortly after that time. If an email is then quarantined at 01:30, that digest will only be sent an hour after the first digest. Similarly if an email was quarantined at 09:00, as no digest was sent in the previous hour for that user, a digest will be generated shortly after.

Avoiding false positives

Here are some options if you find the spam detection of EMS too aggressive.

Increase the threshold for confirmed spam

  1. Visit your USS Dashboard and click ProductsE-mail SecurityMessage Rules.
  2. Select the rule called Confirmed Spam and double-click to edit it.
  3. Under the Selected Conditions column, find the Spam Score condition, and click .
  4. Change the Condition Value to a higher threshold, such as 170.
  5. Click Save.

Disable the Confirmed Spam rule

You can disable the Confirmed Spam rule completely.

This will significantly reduce Email Security's ability to detect and handle spam, and will probably result in an increase of spam emails to your users.
  1. Visit your USS Dashboard and click ProductsE-mail SecurityMessage Rules.
  2. Select the rule called Confirmed Spam and double-click to edit it.
  3. Click the Active toggle, to switch it off.
  4. Click Save.

Use Spam Safe Lists

If the false positive spam that you're receiving is coming from only a few domains or a few specific IP addresses, you can add these to the Spam Safe List.

You should avoid having a large Spam Safe List, as this can become a security risk. A faked email address that matches a domain on your Safe List will bypass any spam checks.


How did we do?