Email Protection Administrator Guide
Email Filtering Policies
Proprietary: Not for use or disclosure outside McAfee without written permission
Based on the defined policy configuration, each email that violated the specified policy
can have any of the following actions taken, depending on the type of policy:
The email is added to the respective quarantine area and is not sent to
the recipient email address. If the email violated a spam policy, the
email is reported in the user’s Spam Quarantine Report.
The subject line of the email has a descriptive phrase (for example,
“[SPAM]”) added to the beginning of the subject text and the email is
sent to the recipient email address.
The email is blocked automatically. Depending on the sending system’s
configuration, the email sender may or may not be notified with a 5xx
Do Nothing or Allow
The email is forwarded to the recipient email address with no
processing applied. The values in the reports and the
window will be incremented for the relevant email policy to indicate
that an email did trigger the specific policy.
A copy of the email is forwarded to a list of designated email addresses
with no notification to the sender or recipient.
If the email had an attachment that violated configured policies, this
action causes that attachment to be removed from the email and the
email is be sent to the recipient email address. Text is inserted into the
email notifying the recipient that an attachment has been stripped. Only
the attachment that violated the policy is stripped.
If the email had an attachment that contained a virus or worm, this
action attempts to remove the virus or worm and preserve the
attachment. If the clean is successful, text is inserted into the email
notifying the recipient that an attachment had contained a virus and
was cleaned. If this action is selected, a second fall-back action also
must be designated in case the Clean action fails. This action is specific
to the virus filtering policies.
If the email was determined to have a high or medium likelihood of
being spam, you can configure that a custom X-header be inserted into
the email. This X-header can be used by your email servers to perform
additional actions within your network, such as redirecting the email.
Each spam likelihood can have a different custom X-header. This
action is specific to the spam filtering policies.
A non-administrator user cannot disable virus filtering if it is licensed
and enabled for a specific Domain or policy set. Only Administrators
can enable or disable virus filtering for a specific Domain or policy set.
You can designate that Email Protection first attempts to remove the
virus from an infected attachment, and if the clean fails, perform
another action. You can designate that only the infected attachment is
stripped. and the remaining email contents and attachments are sent to