Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Defining Email Policies > Antispam tab
Antispam tab
 
Related topics:
Select the Antispam tab on the policy to view or modify rules for spam protection, and to configure settings to detect commercial bulk mail in inbound messages.
By design, email is checked for spam under the following conditions:
*
*
*
All such email is assigned a spam score (unless it is blocked by system-wide rules that identify bulk spam). This is visible in the message header and message tracking results. The higher the spam score, the more likely it is to be spam. Many rules are used to generate the spam score, including analysis of the words within the message, where it came from, its headers, and comparisons with other spam and non-spam email.
Spam Options
Check Filter for Spam if you want inbound email filtered for spam.
There must be at least one spam rule defined. By default two rules are set up:
1.
2.
You can define multiple rules for different spam thresholds and associate actions with each of these. For example, you can create a rule that forces all email with a spam score greater than 6.0 to be forwarded to an administrator, all email with a score greater than 7.0 to be quarantined, and all email with a score over 10.0 to be discarded.
Lower values detect more spam at the risk of false positives - email wrongly detected as spam. Higher values reduce the risk of false positives but could miss some spam. Forcepoint Email Security Cloud aims to ensure that no false positives occur with spam scores over 6.0. This is the recommended default setting for quarantining email.
To define spam rules:
1.
From the first Spam scoring more than drop-down list, select a spam threshold.
2.
From the second Spam scoring more than drop-down list, select an action for that threshold.
The following actions are available:
3.
Click Add Rule>> to create a rule based on these parameters.
Depending on the action you select, you may be prompted for additional information first, such as the email address to which to forward the message.
A list of existing rules is displayed. You can also delete rules here.
Keep a copy of clean messages
By default, Forcepoint Email Security Cloud does not keep a copy of any messages unless they are quarantined, in which case they are held for 30 days before being automatically deleted. Checking Keep a copy of clean messages allows Forcepoint Email Security Cloud to keep a private copy of clean email messages, for a short period, separate from the quarantine area, to aid in the process of spam tuning when the "Report this email as Spam" link is used (see Report this email as spam for more details). If Forcepoint Email Security Cloud has the original message available, our operations staff and future automated systems can analyze it.
Commercial bulk email detection
The service offers a way to configure your settings to detect inbound commercial bulk email messages and to perform certain actions on them, such as quarantining, or tagging the message subject so that users can easily identify commercial email.
To enable commercial bulk email detection, do the following:
1.
Under Commercial Bulk Email Detection, select Analyze for commercial bulk email.
2.
*
Take no action. No action is taken on the commercial bulk email detected.
*
Tag the message subject. The subject of detected commercial bulk email messages are tagged with "COMMERCIAL:" or a custom tag that you enter.
*
Quarantine the message. Commercial bulk email messages are kept in quarantine for up to 30 days. Note that no notifications are sent for this disposition.
3.
*
Normal detects email that comes from known commercial bulk email sources.
*
High detects email that comes from known commercial bulk email sources or email that contains commercial content.
4.
Click Submit when you are finished.
Note that the subject tag that you select will also be used in all antispam exceptions.
 
Note 
Whitelists and blacklists
Here you can configure whitelists and blacklists that override your spam filtering settings, affecting inbound messages for the whole policy.
*
*
 
Notes
If Forcepoint Technical Support has enabled a custom antispam rule for your account, this may override any whitelisted addresses you have configured.
If you enable whitelisting, you can also configure the following options:
*
Apply whitelist matching even if the message has a spoofed email addresses. If the service detects a message is spoofed, whitelisting is not applied by default. However, you may wish to allow some messages that are legitimately spoofed, for example a message from an email distribution list that appears to come from a specific person. Select this option if you want to allow spoofed addresses through even if the address appears in your whitelist.
*
Do not apply whitelist matching on From: headers. An email message has two addresses associated with it: the envelope sender, and the From: header. The envelope sender is used by mail servers to check where the message originates and where to respond (for example, if there is an error or the message bounces); the From: header is what the message recipient sees. The envelope sender and the From: header often match, but not always. There are a number of legitimate reasons why an envelope sender might not match the From: header, for example if the message comes from a mailing list, or from an organization that has implemented a specific address for bounced messages.
Email spammers can take advantage of this, by changing the From: header on a spam email to be a domain that you recognize, while the envelope sender is related to a domain under their control.
By default, the service performs email address/domain whitelisting on both the From: header and the envelope sender. If you select this option, whitelist matching applies only to the envelope sender.
To populate your whitelists and blacklists, click the links in Whitelist these addresses or Blacklist these addresses. See Adding an entry to a whitelist or blacklist for more information.
Use Forward messages with more than [N] recipients from specified domains to forward messages with more than the specified number of recipients from the specified domains.
When this rule is triggered, the intended recipients do not receive the message.
Example: To forward messages from example.com sent to more than 5 recipients, enable the option, specify 5 for the number of recipients, specify a forwarding address, and specify example.com for the domain. You can specify additional domains, if desired.
 
Note 
The Forward messages option is a limited-availability feature, and may not be available in your account.
End user permissions
Forcepoint Email Security Cloud antispam provides a range of end-user self-service options. These are all initiated using the Forcepoint Email Security Cloud personal email report (see End-User Self Service).
You can enable or disable the ability for users to populate and manage their own individual blacklist and whitelist, and the option to release a copy of quarantined spam to themselves. These settings can be set for the policy, and can also be set for individual users, groups, or domains, using Antispam Exceptions. See Antispam exceptions.
 
Note 
Whitelists always take priority over blacklists. If you have blacklisted an email address for the policy, a user can whitelist it and, assuming it has no other issues, such as containing a virus or contravening a Content rule, it is delivered. To prevent a user receiving certain types of email, we recommend that you configure a content filtering policy. See Content Filter tab).
Spam detection methods
For information about the methods that Forcepoint Email Security Cloud uses to identify spam, see the article Detecting spam in the Forcepoint Knowledge Base.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Defining Email Policies > Antispam tab
Copyright 2022 Forcepoint. All rights reserved.