In this section of the document we will specify the different ways in which the Trustifi admin can configure Inbound Shield™ to work in way that’s optimal for their organization.
Changing the default configurations is not mandatory, however it is recommended to review them and tailor them to the unique needs of your organization.
Rules for threats
Inbound Shield™ scans every email that comes into one of your protected mailboxes and then applies a pre-determined action if a threat is found (e.g – quarantine the email and send a report to the admin).
These pre-determined actions are called rules and they can be changed according to the admin’s preferences in the “Configurations Rules” tab (see figure 10).
Figure 10: The “Configurations Rules” tab in the “Inbound Management” section.
In this tab, the admin can choose which actions will be taken for each type of threat.
Types of threats
Malicious email: an email that was determined to have been sent with malicious purposes such as a phishing or ransomware attack and may contain malicious links, viruses or Trojan horses.
Suspicious email: this type of email is suspected of being incorrectly registered or configured, for example the sender of this email may have certificate or DNS issues. This kind of email is not necessarily malicious; however, it is possible that the sender is trying to impersonate someone else.
Spam: an email that has been classified as spam according to Inbound Shield’s AI algorithm.
External/Unfamiliar: emails that originate from outside of your organization or trusted network.
Actions for threats
Every email found to be a potential threat goes into quarantine (but still can be seen under the “archive” folder), even if no action is selected.
Remove – The email will be removed completely from the user’s mailbox after being quarantined. A record will be kept for the email. This action is recommended for serious threats.
Release– The email will be released after being quarantined. A record will be kept for the email.
Ignore– The email will be released without being quarantined. No record will be kept for the email.
Notify Reviewer– An email-report will be sent to all mailboxes in the “Reviewers” list. Reviewers can see the email content and choose to remove or release it.
Notify Recipient– The recipient will receive an email-report explaining the detected threats and the action taken.
Allow Recipient Control– The recipient will have control over the quarantined email. They can see the email content and choose to remove or release it and more.
Add warning label – This will add a warning label (header) to all emails of this type to alert the recipient.
The header’s color and text can be edited by clicking on the “Modify” button.
Changing the rules
To change the default rule for a specific threat, simply click on the “Actions” drop-down menu and choose which actions to take (multiple choice).
After you’ve chosen your preferred actions, click on the check-mark button to apply the changes (see figure 11).
Changes are applied and enforced immediately and to all protected mailboxes, it is not possible to make rule changes for specific mailboxes.
Figure 11: Changing the default rules for an incoming threat. In this example, the rule is changed for “Malicious” type emails, so that the email will be removed, and both the recipient and the reviewers will be notified.
Configurations – lists
In this section of the “Configurations Rules” tab, the admin can appoint the designated reviewers, select domains that will receive a higher level of protection, and create white/black lists of senders, links and attachments.
Reviewers
Reviewers oversee reports about incoming threats to all protected mailboxes, a reviewer can see the content of the email and exactly what kind of threat was found.
With that information, a reviewer can apply several actions to the email and/or sender:
Release a quarantined email back to the recipient’s inboxRemove an email completelyAdd the sender to the whitelistAdd the sender to the blacklistAdd all links in the email to the links whitelist
The Trustifi admin is set as a reviewer by default and cannot be removed. Any number of additional reviewers can be added to the list, but they must be users under the admin’s Trustifi plan.
To add a reviewer, type in the reviewer’s email address in the input field and click on the “Add” button (see figure 12).
Information! Reviewers will only receive a report if the action “Notify Reviewer” has been selected for that type of threat.
Figure 12: Adding a reviewer. In this example,reviwer1@domain.exampleandreviwer2@domain.examplealready exist in the list andreviwer3@domain.exampleis being added.
Strict-check for domains
Domains added to the list will receive a higher level of protection by Inbound Shield™ – additional tests will be performed to prevent advanced phishing attacks and impersonation or spoofing attacks.
It is possible to add domains one by one or by uploading a list from a CSV file.
These additional tests may result in slower performance.
Information! It is recommended to add your organizations domain(s) here, as well as any other domain from which your organization receives many emails such as partners and vendors.
Links white/black list
The Trustifi admin can choose to add specific links/URLs to the white/black list.
Whitelisted links will always be considered safe, while emails which contain blacklisted links will always be considered malicious.
To add a URL to either list, type the URL into the input field and click on the “Add” button.
Attachments white/black list
Similarly, to senders and links, specific files can be white/black listed by the admin. Whitelisted files will always be considered safe, while emails that contain blacklisted files will always be considered malicious.
To add a file to either list, click on “Attach File to list” or simply drag drop the file into the input area (see figure 13).
Figure 13: Adding a file to the blacklist. Adding files to the whitelist works the same way.