Service Update
| Availability | March 13th, 2023 |
| Product(s) | Email Security Cloud Gateway (CG) |
| Who's affected | All users |
Overview
Mimecast is pleased to announce an upcoming improvement to Spam Scanning with an additional option named Auto Allow Spam Detection Action to provide enhanced protection against business email compromise (BEC) and supply chain attacks.
What's changing
Auto Allow policies allow the bypass of spam checks and help enable the efficient processing of inbound mail from senders with which internal users have previously communicated. However, Mimecast Threat Research has observed an increasing trend in the threat landscape, where compromised accounts are used to launch email attacks against organizations by exploiting trusted relationships between the compromised account owner and the intended victim. The new Auto Allow Spam Detection feature aims to detect such attacks by applying targeted anti-spam scanning to emails from senders on the Auto Allow list.
Auto Allow Spam Detection Action allows advanced spam scanning of inbound emails from senders on the Auto Allow list. Any emails that have a spam score of 28 or higher, will be marked as malicious and the action taken will be based on the action specified by the administrator in the Spam Scanning policy definition. Available actions are:
- Do Nothing: The spam result will be ignored and processing will continue.
- Hold for Review: This is the recommended option. The email will be held and hold notifications will be delivered according to the Hold Notification Options selected in the Spam Scanning policy definition.
- Reject: The message is rejected in protocol and the content is not retained by Mimecast. If the sender is legitimate, they must re-transit the message once the spam checks have been bypassed.
If an email has been held or rejected due to this feature, this will be indicated in the Message Details section. Where the Spam Detection Level value will be Auto Allow Spam Scanning Override and the Managed Sender type will be Permitted Sender (Auto).
Recommended actions
To enable this feature to take action on malicious messages, administrators must set the Auto Allow Spam Detection Action to Hold for Review or Reject, in the Spam Scanning Definition.
If a message from a legitimate sender has been incorrectly held or rejected, administrators can consider the following options:
- Permit the sender to ensure that spam scanning is bypassed.
- Create a new profile group “Auto Allow Spam Bypass” and apply a Spam Scanning policy with Auto Allow Spam Detection Action set to Do Nothing for emails from that profile group.
Comments
Please sign in to leave a comment.