Overview
This guide describes how to monitor and manage messages that haven't been delivered to the recipient and have been held as a result of a policy. Policies that hold messages include:
Held messages remain in the held queue for 14 days, after which they are removed from the queue and archived. We recommend messages are released, permitted, or blocked instead of allowing them to expire from the held queue. Held messages can also be viewed in Message Center: Accepted Messages until the message is released, rejected, or expires automatically from the held queue.
Considerations
Take the following into consideration when monitoring held messages:
-
-
- When a message is accepted for processing, a confirmation is issued to the sending server that the message was received. If a policy places the message on hold, the policy can be configured to issue a notification to the sender or recipient.
- The metadata of blocked or rejected messages is stored in the archive and visible via an archive search. See Searching the Archive for further details.
- When a message is processed by us, it is scanned for spam / viruses, and other checks are performed. If the message is placed on hold and subsequently released, an AV Scan on Release policy can be configured to scan the message's contents before it is delivered to the organization's email server.
-
Accessing the Held Messages Queue
To access the held messages queue:
- Log into the Mimecast Administration Console.
- Navigate to Message Center | Held Messages. The held messages queue contains the following tabs:
| Tab | Description |
| Overview |
Provides an overview of all held messages split into the following sections:
|
| Held Queue | Displays a list of held messages and allows you to release, reject, or report messages to the Mimecast Security Team for investigation. See the "Held Queue" section below for full details. |
| Release Logs | Displays a list of the messages that have been released, rejected, or reported to the Mimecast Security Team for investigation. See the "Release Logs" section below for full details. |
- Click on a Message to display its details in a slide-out panel.
Using the Spam Score and Spam Detection Level
The spam score and spam detection level feature allows you to drill into why a message has accumulated a high spam score and been held. With the ability to review a message's held reason and spam score, the feature provides a high-level overview of why:
-
-
- An email was held by a Spam Scanning policy.
- A policy enacted the way it did, and how to be productive in your approach to the message.
-
For more information, visit the Message Insights and Spam Score and Configuring Spam Scanning Definitions and Policies pages.
Filtering the Held Queue
You can filter the messages displayed in the held queue by using the:
-
-
- Text boxes at the top of the tab.
- Filters dropdown.
-
To filter messages using the text boxes:
- Enter the required text in one or more of the filter fields.
- Select a Date Range.
- Click on the Search button.
To filter messages using the Filters dropdown:
- Click on the Filters dropdown.
- Select the required filter options.
Click on the Select All or Deselect All links to select / deselect all filter options.
- Click on the Apply button.
- Click on the Show drop-down and select a number of records to display.
Releasing / Rejecting Held Messages
You can release held messages to the recipient or reject them from the held queue. This can be performed on one or more message(s).
To release / reject a single-held message:
- Select the Held Queue tab.
- Click on a Message to display the Message Details panel. You can use the information in the following tabs to decide the action to take:
-
-
- Details: Displays the message's transmission details (e.g., the sending server's IP address, DKIM signature, and sender/recipient details).
- Message: Displays details of the message's body.
- Header: Displays details of the message's header.
- Transmission Data: Displays details of the message's envelope and transmission components.
- Policies: Displays the policies that were applied to the message.
-
- Either click on the:
-
-
- Release or Reject button to release / block the held message.
-
Release or Reject button arrow, which exposes the following options:
Menu Item Description Release Release the message to the recipient. Release to Sandbox Release the message to the sandbox. Once the message passes the sandbox inspection, it is sent to the recipient. Permit for Recipient Adds the sender's Envelope address to the end user's personal permitted senders list and releases the message to be sent to the recipient. For more information on email address characteristics, see Policy Basics.
Reject The message is rejected (bounced) and removed from the held queue, but the sender and recipient aren't notified of the rejection. The message remains accessible in the archive. Reject (Notify Sender) The message is rejected (bounced) and removed from the held queue, and the sender is notified of the rejection. The message remains accessible in the archive. Reject (With Comments) The message is rejected (bounced) and removed from the held queue, and the sender is notified of the rejection. Additionally, you can add up to 500 characters of text to accompany the rejection (e.g., a rejection reason). The message remains accessible in the archive. Block for Recipient The message is rejected (bounced) and removed from the held queue, and the sender is added to the end user's personal blocked senders list.
-
To release/reject multiple held messages:
- Select the Tick Box to the left of the required messages.
- Either click on the:
-
-
- Release or Block button to release/block the held messages.
- Release or Block button arrow (see right), which exposes the options mentioned above.
-
Reporting Held Messages
You can report a message in the held queue to Mimecast's Security Team for analysis. This doesn't release the message to the recipient.
To report a single-held message:
- Select the Held Queue tab.
- Select a Message.
- Either click on the:
-
-
- Report button to report the message as spam.
-
Report Button Arrow (see right), which exposes the following options:
- Spam.
- Malware.
- Phishing.
-
To report multiple held messages:
- Select the Tick Box to the left of the required messages.
- Either click on the:
-
-
- Report button to report the messages.
- Report Button Arrow which exposes the options mentioned above.
-
Held Queue Tab
The Held Queue tab displays the following columns to provide a better understanding of why a message has been held and accumulated a high spam score.
-
-
- Held Reason: Displays the reason a message has been held. If a message is held due to a Spam Scanning policy, you will see the Spam Scanning definition under this heading.
- Spam Score: If a message is held due to a Spam Scanning policy, the message's spam score is displayed. The higher the score, the more spam characteristics a message has.
- Spam Detection: If a message is held due to a Spam Scanning policy, the message's spam detection level is displayed. This determines what action should be taken when the spam score exceeds a certain threshold (e.g., Relaxed, Moderate, or Aggressive).
-
To display more columns:
-
Navigate to the
icon on the far right of the columns and select it.
- Choose and select the column you want to add to the Held Queue tab.
Release Logs Tab
The release logs tab groups all held messages based on their held reason. This could either be because of a specific reason for holding the email (e.g., Suspicious Message Structure) or based on the policy that held it. For example, if you have two spam scanning definitions, one set to aggressive and the other to moderate, messages are grouped separately.
The release logs tab allows you to:
-
-
- Determine if a specific policy is holding messages.
- Review the messages held by a policy.
- Display a list of the messages matching a policy.
-
Comments
Please sign in to leave a comment.