MSP Mail Flow
From Configuration > Mail Flow, you can manage how mail is processed before it is delivered to a user. This includes:
Remediation: You can decide whether you want Email Security to automatically assess malicious emails and move them to junk folders or do it manually as the administrator.
Anti-spoof: Email spoofing is the creation of an email with a forged sender address to intentionally mislead a recipient about its origin. This setting is enabled by default, meaning that manipulated display names are checked and an alert banner is added if detected. You also have the option to disable Anti-spoof for your customers.
Frequently Exploited Domains: You can add an alert banner to free email services. Malicious actors frequently launch phishing attacks from these services, so by adding an alert banner, you're reminding users to stay vigilant.
Graymail: Graymail is legitimate marketing email that may be viewed as spam. By enabling this feature, you can treat graymail as malicious, and add a banner to it for all customers. If auto remediation is enabled, graymail is auto remediated.
MSP Remediation
Remediation is the process of assessing and taking action on malicious emails. Go to Email Security > Configuration > Mail Flow > Remediation, where you can select automatic remediation for all your customers or keep the default option of manual remediation.
Note
When auto remediation is selected at the MSP level, it is enabled for all customers. However, a customer admin can revert to manual remediation, and override the auto remediation setting by the MSP. It is important to note that once the customer admin overrides the MSP selection, inheritance between the MSP level and the customer level is broken.
The Remediation tab is active by default when you access the Mail Flow page.
Manual remediation (default): By default, Email Security is configured for manual remediation, which means that administrators must assess user-reported threats and select a remediation option.
Administrators will need to assess and manage those emails by going to Email Security > Incidents and viewing the Action Needed tab. See Incidents for additional information.
Auto remediation for all customers: If you select this option, then all malicious emails for all your customers are delivered directly to their junk folders.
You can view the emails that have been auto remediated in the Resolved tab at Email Security > Incidents. If you decide that the email is safe, you can choose to add the sender to the Allow List or mark the email as safe. See Incidents for additional information.
If you decide to change the default setting of Manual remediation and enable Auto remediation for all users, select Save. You'll be prompted to confirm your decision:
Anti-spoof
Email spoofing is the creation of an email with a forged sender address to intentionally mislead a recipient about its origin. This technique is often used in phishing campaigns and is an attempt to get a user to click a link and share their credentials or reply with sensitive information.
Anti-spoof is automatically enabled, which means that it checks for manipulated display names and adds an alert banner if detected. Users are then protected against impersonation. You do, however, have the option to disable Anti-spoof for your customers.
To manage your Anti-spoof setting, follow the steps below.
Go to Email Security > Configuration > Mail Flow. Select Anti-spoof from the tab.
Select the toggle to enable or disable Anti-Spoof.
Select Save.
Exploited Domains
Malicious actors frequently launch phishing attacks from free email services. You can add an alert banner to emails from these domains as a reminder to users to stay vigilant, even if the email content does not look suspicious.
To turn on alert banners in emails from these domains, follow these steps:
Go to Email Security > Configuration > Mail Flow. Select Frequently Exploited Domains from the tab.
Select the toggle Add an alert banner to email from frequently exploited domains to turn on alerts.
Select Save.
Graymail
Graymail refers to solicited marketing emails and comes from a legitimate source. Your customers once subscribed to them and now may no longer open or read them. As a result, graymail falls into a category between spam and desired emails.
As an MSP admin, you can enable this feature to treat all graymail as malicious. Once enabled, an alert banner is added to graymail for all your customers. Graymail is always auto remediated.
Go to Email Security > Configuration > Mail Flow. Select Graymail from the tab.
Select the toggle Treat graymail as malicious to turn on alerts.
Select Save.