Protected Domain group
The Protected Domain group should contain all the domains that an organization owns and needs the email system to protect. Message direction in the system is determined on the basis of an organization’s protected domains:
- Inbound – The sender address is not from a protected domain and the recipient address is in a protected domain.
- Outbound – The sender address is from a protected domain and the recipient address is not in a protected domain.
- Internal – Both the sender and recipient addresses are in a protected domain.
An open relay results when both the sender and recipient addresses are not in a protected domain.
Unless you entered a protected domain name in the Domain-based Route page of the First-time Configuration Wizard, the default Protected Domain group is empty after product installation. Domains may be added to or deleted from the Protected Domain group, the Protected Domain group itself cannot be deleted.
Ensure that the Protected Domain group contains all the domains you want your email system to protect.
An open relay is created when mail from an unprotected domain is sent to an unprotected domain within your organization. As a result, all mail from any domain that is not protected may be rejected. Mail from an external trusted IP address to an unprotected domain within your organization bypasses analysis and is delivered.
The email hybrid service uses the Protected Domain group during Forcepoint Email Security Hybrid Module registration to verify that the domains specified in its delivery routes are all from this group. The Protected Domain group should not be used to configure email delivery routes (on the page ) if you need to define domain-based delivery routes via multiple SMTP servers. See User directory-based routes.