In an effort to enhance security, we have recently adopted a few new email filtering policies.  While security is never convenient, we are trying to address some of the inconveniences with the information below.

 

The “Tech”

Any company who manages an email domain has the ability to specify rules to let others know how to determine if the email claiming to be from them is legitimate or not.  We have to do the same for our company.  DMARC policies tell the rest of the world how to filter email coming from them. SPF rules tell the rest of the world to only accept messages from authorized email servers the company publishes.  DKIM signatures are digital signatures ensuring the validity of the email sender.   These technologies are easy ways for us to catch a lot of bad email, phishing attempts, spammers, etc.  Most all of the illegitimate emails we receive have violated one of these email rules.  It’s common practice to use them.  

 

Our problem has been that many of the vendors we deal with don’t properly setup or configure their email systems.  This causes them to violate their own published rules.  They tell us and the rest of the world to only allow emails truly from “them”, but violate their own published policies and send them from IP addresses and email servers they haven’t told us about.  This triggers our rules used to catch the bad guys making them look like imposters.  

 

Due to the volume of legitimate emails being blocked, we are offering the following:

 

We are giving you, then user, the ability to get a daily digest of emails that were Quarintined for the above stated reasons.  You will be able to see the details of the message and hopefully determine if the mail should be delivered or not.  You will click a link to either deliver, block sender, approve sender domain, or approve sender.  

 

Approval Descriptions

  • Block Sender – this blocks the sender and you will not see messages in the digest from them
  • Deliver – This will deliver this message only.        All future messages from this sender will have to be approved each time they are sent
  • Deliver & Approve Sender – This will deliver the message and add the sender (Ex: user@email.com) to the approved list so that they will no longer get caught in quarantine.
  • Deliver & Approve Sender Domain – this will allow all the message to be delivered and allow all senders from the sender’s domain to be allowed in the future (Ex: @email.com)

 

Guidelines

  • The safest bet is to only allow one message at a time using the “Deliver” link.
  • Use Deliver & Approve Sender rather than Deliver & Approve Sender Domain if you only receive messages from a few senders.
  • We strongly suggest against using the “Deliver & Approve Sender Domain” option, because this opens the door to risk if any one user in the sender’s domain has their email compromised.

 

We hope this will strike a good balance between email security and convenience.  We understand your email is important, and don’t want to stand in the way of productivity.  If for any reason, you have questions about any part of this process or unsure about an email, please let us know.


How to Approve Messages

The following information will explain how an end user can manage their own Quarantined items.  

 

A quarantine digest notification is an email message Trend Micro Email Security sends to inform end users of email messages that were temporarily quarantined. 

A digest notification contains the following information:

  • A link to access quarantined messages through the End User Console
  • The number of new email messages that have been quarantined since the last notification was sent
  • Digest of the new email messages that have been quarantined
    1. Quarantined: The time an email message was quarantined
    2. Sender: The sender address of the email message
    3. Recipient: The recipient address of the email message
    4. Subject: The email subject
    5. Manage Messages: The links that users can click to apply actions to the quarantined message, including Deliver, Deliver & Approve Sender, Block Sender, Approve Sender Domain, and Block Sender Domain

      **You will ONLY be able to "Deliver and Approve Sender" for messages flagged as SPAM.  Other categories are more critical and don't offer this option

Graphical user interface, text, application, email Description automatically generated

 

  • After choosing weather to Deliver, Deliver and Approve sender, Approve Sender Domain, or Block Sender you will be redirected to the Trend Micro Email Security page confirmation page confirming your choice.