Inbound Email Rules

  • 3 minute(s) read

Trustifi supports the creation of custom-made rules for specific scenarios of inbound mail flow.

To create such a rule, you will first need to open the “Inbound Management” section and click on the “Inbound Shield” page.
In this page, click on the “Inbound Email Rules” tab. To create a new rule, click on “Create New Rule“.

The process of creating a rule is quite simple, and requires a few basic steps:

  1. Giving the rule a name

  2. Configuring the conditions (under “IF“) for when the rule should be triggered

  3. Configuring the actions to be taken (under “THEN“) when the rule is triggered

  4. Adding the rule

In the rule pictured in the screenshot above, the condition is to match on any email that has a specific header value. When this condition is met, the result of the rule is to quarantine the email.
You can also add exceptions to any rule you create, to indicate when the rule should not be triggered.

After the rule has been created, you can click on the “Actions” menu next to it to edit the rule, clone it, or delete it.

Also, you can click on the toggle if you want to “Disable” or “Enable” the rule.

If you have more than one inbound email rule, the rules will be applied in the order they appear in (1st, 2nd, and so on). You can drag-drop rules to switch the priority order.

To see a full description of all the rule conditions and actions, please see below.

Rule conditions:

  • Addresses: this can look for addresses in any of the email fields (To/Cc/Bcc/From).

  • Keywords: will look for the presence of specified keywords or phrases in the email body and/or subject.

  • At least one domain: this will check if at least one of the domains in the email’s To/Cc or From fields is part of the specified list.

  • Names: will look for the presence of a specified name in any of the email fields (To/Cc/Bcc/From).

  • Attachment types: will look for the presence of specific attachment types in the email.

    Note: currently attachment types can only be selected from a list.

  • Threat category: will look for the final threat category of the email from the Inbound Shield scan

  • Threat sub-category: will look for the specific threat sub-category of the email from the Inbound Shield scan

  • Email total size: the rule will be triggered if the email’s total size (body+attachments) is larger than the specified size (in KB).

  • Groups: will check if your specified groups are in the email recipients.

  • Custom header value: will check for the presence of specified header keys and/or values in the email.

  • Sender country (TLD): the rule will be triggered if the sender's email address belongs to one of the specified Top Level Domain.

  • Received hour: the rule will be triggered if the email is received within the selected hours of the day.

Rule actions:

  • Release: the email will be released to the recipient's inbox.

  • Quarantine: the email will not arrive in the recipient’s mailbox, and will be sent to quarantine.

  • Keep record: a record of the email will be kept in the “Quarantined emails” page, but the email will be released to the recipient’s mailbox.

  • Stop rules processing: when this option is selected, no further rules will applied afterward.

  • Skip quarantine notification: no quarantine notification will be sent, regardless of the defult notification settings.  

  • Auto forward: will forward a copy of the email to all specified addresses, while the original copy will remain in the original recipient’s inbox.

    Note: this will not auto-forward emails that have been sent to quarantine by other rules/policies.

  • Redirect: will redirect the email to all specified addresses, without sending the email to the original recipient’s inbox.

    Note: this will not redirect emails that have been sent to quarantine by other rules/policies.

  • Auto reply: will send an automatic reply using the provided text/HTML.

    Note: this will not auto-reply to emails that have been sent to quarantine by other rules/policies.

  • Add subject text: the provided text will be added to the beginning of the email subject when it is released.

  • Add footer: the provided footer will be added to emails scanned by Inbound Shield.

  • Add warning label: released email will show a warning label to notify users of the threats found.

  • Ignore threat prevention rules: notification will not be sent to reviewers and the email content will not be changed, the email will be released.

  • Apply custom threat prevention rules: will use a custom preset of threat prevention rules instead of the default rules.