This article provides information on the Spam Protection Policy configuration for Email Security - API.
Overview
The Spam Protection policy can be configured for API-Based Email Security with an Action of Monitor or Protect to manage unsolicited bulk email, marketing messages, and other low-value unwanted email communications.
Considerations
- Every threat family policy will have a default policy defined and accessible. It is not possible to delete the default policy; however, there will be no restrictions on its actions, e.g., it could be configured to monitor for any subsequent detections.
Microsoft 365 API Dependency: API-Based Protection relies on Microsoft 365 APIs for: (i) event ingestion and notifications (i.e., to trigger scanning), and (ii) enforcement actions (e.g., moving messages to Junk / Quarantine). If Microsoft APIs are unavailable, delayed, or fail to execute an action, this may impact the timeliness or effectiveness of the service.
- Customer Responsibilities: To ensure optimal performance of API-Based Protection, customers are responsible for: (i) maintaining valid Microsoft 365 licenses with the required permissions and API access enabled; and (ii) ensuring configuration and permissions remain accurate and up to date.
- Mimecast's Boundaries of Responsibility: Mimecast's responsibility for Customer Data begins when that data enters the Mimecast environment. Mimecast is not responsible for any delays, failures, or other outcomes attributable to Microsoft API unavailability, non-performance, or third-party service issues.
Default Spam Protection Policy
The Spam Protection Policies page contains a default policy at the bottom of the list, which acts as a ‘catch-all’ policy in the event that a recipient is not included in any of the policies listed above this policy.
The default policy will be created when an account is provisioned with a specific configuration, which is scoped from Everyone to Everyone and provides a default level of protection.
In the policy list view, it is not possible to delete or re-order the default policy. It will always be pinned at the bottom of the policy list. The ‘Order’ of the policy will always be set to the (number of customer policies in the list +1 ), and it will be evaluated last.
- In the policy view, it is not possible to change the Policy Details, Configuration, and Target sections. However, you are able to change the Actions or Notifications sections (if provided) of the policy.
Default Policy Configuration
The default policy will be configured as follows:
| Column | Description |
| Policy Name and Description | Default Spam Policy; This is the default spam protection policy created by Mimecast. |
| Activate Policy | Enabled. |
| Target |
Sender: Everyone Recipient: Everyone |
| Configuration | |
| Spam Protection Sensitivity | Moderate (Recommended): Sets the triggering threshold of the spam definitions to 5 points. This setting is recommended for users actively targeted by promotional and junk emails. |
| Auto Allow Spam Detection Sensitivity | Aggressive |
| Graymail | Apply Spam Policy Action |
| Action | Monitor |
Policy List and Evaluation Order Page
The Policy List page provides a view of all the Spam Protection policies created, with columns providing key information.
Evaluation Order
Policies are listed in descending order of evaluation. The policy at the top of the list (Numbered 1) will be evaluated first (if relevant), and so on. If a policy is set to ‘No Action’, then that will allow a bypass for the defined sender/recipient.
Spam Protection Policies can be ordered based on the priority of users to be protected, for example:
- Policy 1: Executives and other high-risk individuals.
- Policy 2: Additional Departments
- Policy 3: Default Policy
In addition to there being a policy evaluation order configurable per threat family, there is also a Mimecast-defined hierarchy based on the risk of the family. The order for the new policies is:
- Malware
- Phishing
- Spam
Policy Creation, Update, and Deletion
Creating a Policy
To create a Spam Protection policy:
Log in to the Mimecast Administration Console.
Navigate to Policies | Spam Protection Policies.
Select the Create New Policy button.
Complete the fields as follows:
| Section | Description |
| Policy Details | Enter a Policy Name and Description (Optional) that will help to easily identify the policy. |
| Activate Policy | Toggle this to active or deactivate the Policy. |
| Target |
The policy is applied based on either the sender From (Header) and/or Return (Envelope) Address. Select from:
|
| Spam Protection Sensitivity |
Determine the level for spam protection to be used by selecting one of the following:
|
| Actions |
Select an action to be applied by Spam Protection:
Actions can be set to Quarantine, in which case Notifications will become configurable. |
| Graymail Control |
Choose how to handle Graymail messages:
|
| Notification configuration | Choose who will be notified when this policy is applied. |
- Click Create Policy.
You will see a confirmation that the policy has been successfully created:
Editing a Policy
To edit an existing policy:
Log in to the Mimecast Administration Console.
Navigate to Policies | Spam Protection Policies.
Click the appropriate three-dot icon next to the policy and select Edit:
Note:
- If policies are not configured with a Quarantine or Move to Junk action, a banner will appear highlighting that a policy must be created, or that policy Actions must be updated to ensure protection.
- The Duplicate option can be selected to create a duplicate version of the selected policy.
- Make any changes and click Save.
Deleting a Policy
To edit an existing policy:
Log in to the Mimecast Administration Console.
Navigate to Policies | Spam Protection Policies.
Click the appropriate three-dot icon next to the policy and select Delete:
Confirm by clicking Delete.
You will see a confirmation that the policy has been successfully deleted:
Note: The Spam Protection Policy is a Single Rules policy.
Comments
Please sign in to leave a comment.