Introduction

The Forcepoint Email Security Cloud service provides a standard configuration for all email accounts. The settings for the standard configuration are described below, as well as the reasoning behind the settings. As an administrator, you can customize policy settings to suit your needs. Do this by clicking Email, then following the instructions in Defining Email Policies.

Each table in this section represents a section in email configuration settings. Column 4 suggests various use cases for changing the standard setting.

1. Policy Management Standard setting Reason for standard setting Consider changing setting if...
Policies One policy has been set up with the standard account configuration shown in this document. (see individual settings below) Additional policies should be added to support aliases, or to support a domain (or domains) that require differing configurations.
2. General tab Standard setting Reason for standard setting Consider changing setting if...
Notifications Inbound: Recipient Outbound: Sender

Intended recipient needs visibility of blocking.

Sender needs visibility of blocking.

Volume of notifications is too high, visibility is not required, or notifying sender is preferable.
Annotations Inbound: on Outbound: on

Allows recipient to report spam easily and automatically.

To give confidence to recipient that message is virus-free.

Transparency of Forcepoint Email Security Cloud service is important.

Company-specific annotation is required.

3. Domains tab Standard setting Reason for standard setting Consider changing setting if...
Domains Registered domain is shown. At least one valid domain name must be provided. Additional domains are to be analyzed.
4. Connections tab Standard setting Reason for standard setting Consider changing setting if...
Inbound Mail Routing Rules No rules set up. No inbound routing rules are provided at the time of registration. Inbound mail is to be routed to different email servers depending on the recipients.
Default Inbound and Outbound Routes Registered route information is shown. At least one inbound and one outbound route must be provided.

More servers are to send email to or receive from the cloud service.

An “A record” is needed if load balancing across servers is required.

5. Antivirus tab Standard setting Reason for standard setting Consider changing setting if...
Active Content Inbound: HTML: medium Protect user from non- obvious active elements. HTML mail is not rendered correctly.
  Outbound: HTML: off Active HTML content is from trusted source. HTML mail should be filtered.
  Inbound: Macro analyzer: high Protect user from suspicious macros. Too many relevant files are blocked.
  Outbound: Macro analyzer: off Macros are from trusted source. Additional security is required.
Encrypted messages Inbound: password- protected zips: on Not possible to analyze content of password- protected zips. Requirement to transmit password-protected zips
  Outbound: password- protected zips: off Files are from trusted source. Additional security required
  Inbound: Encrypted mail: on Not possible to analyze encrypted mail. Requirement to exchange encrypted mail
  Outbound: Encrypted mail: off Messages are from trusted source. Additional security required
Executables Inbound: Quarantine exe: on Most administrators do not allow users to receive executables. Most users need to transmit executables.
  Outbound: Quarantine exe: on Most administrators do not allow users to send executables. Most users need to transmit executables.
6. Antispam tab Standard setting Reason for standard setting Consider changing setting if...
Existing Rules

Spam Score > 15.0 - discard

Spam Score > 6.0 - quarantine

No false positives score as high as 15.0.

System default spam threshold

Discarding of spam not required or score needs to be higher or lower

Quarantining of spam not required or score needs to be higher or lower

Exceptions

Allowlist these addresses: off

Blocklist this address: off

No allowlist entries are provided at the time of registration.

No blocklist entries are provided at the time of registration.

Administrator may populate a allowlist for the account.

Administrator may populate a blocklist for the account.

End Users Allow users to populate their own allowlists and blocklists: on Allow users some control over incoming senders for their own address No control or visibility is desired for end users.
  Allow users to obtain a copy of an email that has been quarantined as spam: on Allow users safe control over spam email sent to their own address No control or visibility is desired for end users.
Keep Messages Keep a copy of clean messages so they can be learnt from if later reported as spam: on Cloud service keeps a private copy of the message for a short time to aid in spam-tuning when the ‘Report this email as Spam’ link is clicked. No retention of clean messages for spam tuning is desired.
7. Content Filter tab Standard setting Reason for standard setting Consider changing setting if...
Attachments Inbound: Mask attachments with .eml extension Unable to analyze .eml files .eml files are not a concern or if more file extensions are to be added
  Outbound: Do not mask any attachments Files are from trusted source. Different file types are to be considered suspicious.
  Inbound: Quarantine messages containing nominated file types: off Allow admin to populate list before applying it Blocking of certain file types is required.
  Outbound: Quarantine messages containing nominated file types: off Allow admin to populate list before applying it Blocking of certain file types is required.
  Inbound: Quarantine messages containing files of unknown type: off Cloud service can identify majority of file types There is a need for quarantining unknown attachments.
  Outbound: Quarantine messages containing files of unknown type: off Files are from trusted source Outgoing attachments are to be considered suspicious.
  Inbound: Quarantine messages containing inappropriate images: off Requires license for Forcepoint Email Security Image Analysis Module There is a need to analyze images.
  Outbound: Quarantine messages containing inappropriate images: off Requires license for Email Security Image Analysis Module Outgoing images are to be considered suspicious.
  Inbound: Quarantine messages with images that could not be scanned: off This setting can only be enabled when image quarantine is on. There is a need to check large images.
  Outbound: Quarantine messages with images that could not be analyzed: off Files are from trusted source There is a need to quarantine and check large images.
  Inbound: Park attachments meeting nominated criteria: off Most large attachments can be delivered successfully There is a need to conserve users’ mailbox size.
  Outbound: Park attachments meeting nominated criteria: off Files are from trusted source There is a need to conserve recipients’ mailbox size.
7. Content Filter tab Standard setting Reason for standard setting Consider changing setting if...
Message Size

Inbound: Non-deliver

> 50MB: on

Contractual maximum message size Lower limit is required.
  Outbound: Non- deliver > 50MB: on Contractual maximum message size Lower limit is required.
 

Inbound: Quarantine

> 10MB: off

Max message size usually acceptable Lower the limit below the maximum size to conserve your bandwidth.
  Outbound: Quarantine > 10MB: off Max message size usually acceptable Lower the limit below the maximum size to conserve recipient organization’s bandwidth.
  Inbound: Defer delivery: off Requires your policy to be applied There is a need to conserve your bandwidth during certain time periods.
  Outbound: Defer delivery: off Requires your policy to be applied There is a need to assist with conserving recipient organization’s bandwidth during certain time periods.
7. Content Filter tab Standard setting Reason for standard setting Consider changing setting if...
Content Filtering Inbound: Filter using these lexical rules: on Allow new rule to be implemented immediately. Suspension of lexical filtering
  Outbound: Filter using these lexical rules: on Allow new rule to be implemented immediately. Suspension of lexical filtering
  Inbound: Quarantine messages if content analysis does not complete: off Cloud service rarely fails to complete lexical analysis. There is a large number of lexical rules and regular expressions, which could mean analysis does not complete.
  Outbound: Quarantine messages if content analysis does not complete: off Cloud service rarely fails to complete lexical analysis. There is a large number of lexical rules and regular expressions, which could mean analysis does not complete.