Allowlists and blocklists

Here you can configure allowlists and blocklists that override your spam filtering settings, affecting inbound messages for the whole policy.

  • Allowlist entries can include the sender’s email address, domain, or IP address. Allowlists define addresses that are permitted to send mail to you without spam filtering being applied.
  • Blocklist entries can also include the sender’s email address, domain, or IP address. Blocklists define addresses from which you do not want to receive email.
Note:

Allowlists always take priority over blocklists. If you add an address to both the allowlist and the blocklist, messages from that sender address are allowed.

Allowlists and blocklists are processed in the following order. The first match found is applied:

  • Policy IP address allowlists
  • Policy IP address blocklists
  • Per-user email address/domain allowlists (see Antispam exceptions)
  • Policy email address/domain allowlists
  • Per-user email address/domain blocklists (see Antispam exceptions)
  • Policy email address/domain blocklists

If Forcepoint Technical Support has enabled a custom antispam rule for your account, this may override any addresses in allowlist you have configured.

If you enable/select allowlist, you can also configure the following options:

  • Apply allowlist matching even if the message has a spoofed email addresses. If the service detects a message is spoofed, allowlist is not applied by default. However, you may wish to allow some messages that are legitimately spoofed, for example a message from an email distribution list that appears to come from a specific person. Select this option if you want to allow spoofed addresses through even if the address appears in your allowlist.
  • Do not apply allowlist matching on From: headers. An email message has two addresses associated with it: the envelope sender, and the From: header. The envelope sender is used by mail servers to check where the message originates and where to respond (for example, if there is an error or the message bounces); the From: header is what the message recipient sees. The envelope sender and the From: header often match, but not always. There are a number of legitimate reasons why an envelope sender might not match the From: header, for example if the message comes from a mailing list, or from an organization that has implemented a specific address for bounced messages.

    Email spammers can take advantage of this, by changing the From: header on a spam email to be a domain that you recognize, while the envelope sender is related to a domain under their control.

    By default, the service performs email address/domain allowlist on both the From: header and the envelope sender. If you select this option, allowlist matching applies only to the envelope sender.

To populate your allowlists and blocklists, click the links in Allowlist these addresses or Blocklist these addresses. See Adding an entry to the allowlist or blocklist for more information.

Use Forward messages with more than [N] recipients from specified domains to forward messages with more than the specified number of recipients from the specified domains.

When this rule is triggered, the intended recipients do not receive the message.

Example: To forward messages from example.com sent to more than 5 recipients, enable the option, specify 5 for the number of recipients, specify a forwarding address, and specify example.com for the domain. You can specify additional domains, if desired.

Note: The Forward messages option is a limited-availability feature, and may not be available in your account.