Content Control Administrator’s Guide Version 5.2

2

Table of Contents

1 Introduction..................................................................................................................... 4

1.1 Welcome ....................................................................................................................... 4

1.2 Background.................................................................................................................. 4

1.3 Benefits of Content Control ........................................................................................ 4

2 How Does Content Control Work? ................................................................................ 5

2.1 Building a Content Control policy.............................................................................. 5

2.2 Rules of a policy .......................................................................................................... 5

2.3 Conditions of a rule – who, what and when .............................................................. 6

2.3.1 Who ............................................................................................................................ 6

2.3.2 What ........................................................................................................................... 6

2.3.3 When .......................................................................................................................... 7

2.4 Lists .............................................................................................................................. 7

2.5 Outcomes of a rule ...................................................................................................... 8

2.6 Statistics....................................................................................................................... 9

2.7 Reporting...................................................................................................................... 9

3 Quick Setup Guide........................................................................................................ 10

4 Configuring Content Control ....................................................................................... 11

4.1 Domain Default and Custom Settings...................................................................... 12

4.1.1 Edit settings ............................................................................................................ 12

5 Groups........................................................................................................................... 13 5.1 Harvesting Email Addresses .................................................................................... 13

5.2 Creating a group ........................................................................................................ 14

5.3 Group Definition Management.................................................................................. 15

5.3.1 Uploading a group of users ................................................................................... 15

5.3.2 Downloading a group of users .............................................................................. 16

5.4 Editing a group .......................................................................................................... 16

5.5 Deleting a group ........................................................................................................ 17

3

5.6 Deleting users ............................................................................................................ 17

5.7 Exception addresses ................................................................................................. 18

6 Lists ............................................................................................................................... 18

6.1 Guidelines for list creation........................................................................................ 20

6.1.1 File Name................................................................................................................. 20

6.1.2 Email Content.......................................................................................................... 20

6.1.3 MIME Types ............................................................................................................. 21

6.1.4 Domain Names ........................................................................................................ 21

6.2 Add list ....................................................................................................................... 22

6.3 Edit list........................................................................................................................ 22

6.4 Delete list.................................................................................................................... 24

7 Rules.............................................................................................................................. 24 7.1 Per-Rule Notification Control.................................................................................... 27

7.2 Create rule .................................................................................................................. 27

7.3 Edit rule ...................................................................................................................... 33

7.4 Delete rule .................................................................................................................. 33

7.5 Move rule .................................................................................................................... 34

7.6 Copy rule .................................................................................................................... 34

8 Reports .......................................................................................................................... 35

8.1 Report configuration ................................................................................................. 35

8.2 Statistics..................................................................................................................... 35

9 Frequently Asked Questions (FAQs) .......................................................................... 38

9.1 Groups ........................................................................................................................ 38

9.2 Lists ............................................................................................................................ 39

9.3 Rules ........................................................................................................................... 39

9.4 Additional questions ................................................................................................. 40

10 Glossary ...................................................................................................................... 41

4

1 Introduction

1.1 Welcome Welcome to the Administrator’s Guide for E-mail Security Content Control Service. The following information provides you with a walk-through of how to set-up the Content Control Service.

1.2 Background This service has been designed to support the diverse objectives found in the Acceptable Computer Use Policies and Internet Use Policies of many organizations worldwide. Content Control allows you to control, who sends what to whom by email and how it is processed.

1.3 Benefits of Content Control Content Control can be used by your organization to enforce policy rules that:

• Protect corporate reputation

• Preserve confidentiality and security

• Reduce legal liability

• Defend against careless and malicious actions

• Ensure regulatory compliance

• Prevent lost productivity

• Retain network bandwidth.

5

2 How Does Content Control Work?

2. Content Control Service overview

2.1 Building a Content Control policy The Content Control Service is configured via InSight, the web-based configuration and management interface. Content Control allows you to build a policy from a collection of discrete rules. Each rule is used to identify a particular type of message or content; an action is then associated with the rule; for example if a rule is triggered because the email ‘Contains Profanity’ then the action ‘redirect the message to an administrator’ will be taken.

You can establish a set of rules as the ‘Domain Defaults’ which can be applied to all of your domains. Alternatively, for individual domains you can use ‘Custom Settings’ which are unique to that domain.

Rules are executed in the sequence in which they are listed. A single email message might trigger more than one rule therefore building the correct sequence of rules is crucial to ensure that ‘priority’ rules appear earlier in the sequence.

2.2 Rules of a policy Each policy rule is constructed by combining a set of individual conditions, which together characterize a particular circumstance.

For example, to identify the situation where a message is sent from the Sales team to a Channel Partner and contains an MS Excel spreadsheet, you would build the rule as follows:

• Condition 1 – email from any member of the Sales team

6

AND

• Condition 2 – email to a Channel Partner

AND

• Condition 3 – email contains an MS Excel spreadsheet.

An action would then be associated with this rule.

You can apply each rule to:

• Inbound email only

• Outbound email only

• Both Inbound and Outbound email.

An email with multiple recipients can be regarded as multiple single-recipient emails. You can apply different rules depending on which recipient the particular email is directed to.

A particular email may trigger more than one rule and therefore may result in more than one action. However an email is never copied or redirected multiple times to an administrator. In this case a single email is sent to the administrator, which contains a summary of all of the triggered actions.

When evaluating an email, if a Block and Delete or Redirect action is encountered in the rule sequence, that action is taken and no subsequent rules are applied to that email for the recipient to whom that rule applies.

2.3 Conditions of a rule – who, what and when Each rule can combine any of the following conditions (the more conditions used, the more specific the rule becomes):

Note: To add further possibilities, you can also ‘invert’ the majority of conditions i.e. triggered if the message does not meet a particular condition.

2.3.1 Who • Sender (as a member of a Group of users, a set of Domains or a single

Domain)

• Recipient (as a member of a Group of users, a set of Domains or a single Domain).

2.3.2 What • Subject and body text (matching against separate lists of words and phrases)

• Message composition (matching against lists of MIME types)

• File attachment names and types (matching against lists of file names and

7

extensions)

• Spoofed file attachments (executable files masquerading as other types)

• Encrypted messages (S/MIME encrypted content)

• Overall size of the email

• Priority/Urgency of the email

• Number of attachments

• Size of the attachments.

2.3.3 When • Arrival time (matched against a configurable set of time periods).

2.4 Lists To simplify rule creation you can build the following types of list and apply them to particular conditions within any of your rules:

• Groups of users – sets of email addresses (either internal or external)

• Domains – sets of domain names

• Textual content – sets of words and phrases

• Message components – sets of M I M E types

• File names – sets of file names or extensions.

Building and maintaining your Group Lists

To help you build and maintain the Group lists, the Content Control Service will record and store internal email addresses by using the sender addresses from your outbound email. This is known as ‘harvesting’. The service presents these harvested addresses for inclusion when configuring Group lists.

All lists managed via Insight support cut and paste mechanisms to simplify their construction and management.

The service includes a number of example Textual Content lists, containing words and phrases in English, French and German that assist in identifying unacceptable language such as profanity and racial slang. The content of a Textual Content list represents discrete words and phrases – a word is only matched against a complete lexical element. For example, the word ‘prove’ will never be matched with the text ‘approve’ or ‘improvement’.

We recommend that you read through the example lists and cut and paste relevant words to create your own list, reflecting your organizational policy. These lists are not complete and the words and lists provided are simply examples to reflect some possible policies that an organization may have in place. As a form of guidance:

8

• The Ambiguous lists demonstrate some words with two meanings. Although when constructing a list the word may be thought of in its negative context, it is possible that it is used frequently in every day language in another context. We do not recommend blocking or redirecting all mail received with words of this nature.

• The Mild lists are samples of words that many organizations would not deem to be professional to be sending externally in email. If your organization’s policy feels similarly, you may wish to copy these mails to the administrator so that you can spot trends.

• The standard Profanity, Racial and Sexual lists are what we have classified as strong language. If your policy does not condemn this language being transmitted externally, we recommend you use either the copy to administrator or redirect function to enable you to see trends in the organization.

2.5 Outcomes of a rule Against each rule one of the following actions may be taken:

Action Description

Block and Delete Prevent the email from reaching the intended recipients

Permanently delete it Record in the Insight Content Control

statistics that a rule has been triggered Terminate the scanning process.

Redirect mail to the Administrator Add a comment into the email X-Header

Redirect the email so that it does not continue on to the intended recipients, send it instead to a nominated administrator of the Content Control Service

Record in the Insight Content Control statistics that a rule has been triggered

Terminate the scanning process. Copy mail to the Administrator Add a comment into the email X-

Header Flag the email to be copied to a

nominated Content Control administrator once scanning has been completed

Record in the Insight Content Control statistics that a rule has been triggered

Continue with the scanning process.

9

Tag Suspected mail with Header Add a comment into the email X-Header to indicate that a Content Control rule has been triggered by this email

Record in the Insight Content Control statistics that a rule has been triggered

Continue with the scanning process. Compress Attachments ZIP the email attachments

Record in the Insight Content Control statistics that a rule has been triggered

Continue with the scanning process. Log Only Record in the Insight Content Control

statistics that a rule has been triggered Continue with the scanning process.

2.6 Statistics Through Insight you can review the results of your policy rules for Daily, Weekly, Monthly and Annual summary totals of rules triggered. These are organized by both rule and by user. You can expand each entry on a summary list to reveal details on a particular rule or user.

Within the description section of the email that has been stopped by a specific rule, there is the ability to expand the details to show the subject line of the email.

The information can be hidden again using the hide details option.

2.7 Reporting You can receive reports by email containing service activity logs by email on a weekly or monthly basis.

10

3 Quick Setup Guide If you are familiar with email management systems, general Content Control principles and the Insight user interface, presented below is a set of key things you need to know before you set up and use the service:

References For further

information

You can configure the service at two levels:

At the Domain Default level where you can set the options for all domains being scanned

At the individual domain level where you can configure Custom Settings for an individual domain.

Section 4

Email addresses are automatically harvested by the system by storing the sender address of each outbound email from each scanned domain.

Section 5

You can manually add the email addresses of the recipients of outbound email or the senders of inbound email.

Section 5

You can arrange email addresses into groups and apply specific rules to those groups.

Section 5

You can create lists of File Names, Email Content, MIME Types and Domain Names and use those lists within the conditions of a rule.

Section 6

Each rule can have multiple conditions, each of the conditions you add to a single rule are logically ‘ANDed’ together.

Section 2

If you want to set up logical ‘OR’ conditions, you need to set up a separate rule for each condition.

Section 7

The rules you create are executed in the order they are displayed on Insight.

Section 7

Each email will be scanned against the rule sequence until either the last rule, a ‘Delete’ action or ‘Redirect’ action is reached. At this point all previously logged actions are taken (e.g. Copy to Administrator, Log, etc). In the case of a ‘Delete’ action, the email is permanently deleted.

Section 7

11

4 Configuring Content Control When Content Control has been enabled Content tab will appear under the ADMIN menu in Insight. All options for configuring Content Control are accessible via this tab.

4. Content Control tab within the navigation bar

1. Login to Insight

2. Select ADMIN from the top-left menu bar

3. Select the Content tab from the top-right menu bar.

The Content Control page provides access to all customer configurable aspects of the Content Control Service. These include:

• Rules – a rule is an expression that defines a number of conditions against which an email is checked. The rule also determines what action to take when an email satisfies all of its conditions. The Rules link accesses pages enabling the management of rules at both the Domain Default and individual domain levels. Within the Rules page you can also set the Domain Default values for the Content Control Service (administrator email address and time zone)

• Lists – a list is a collection of search terms that can be used for content matching during the email scanning process. The Lists link accesses pages

12

that enable the management of lists at both the Domain Default and individual domain levels

• Groups – a group is a set of email addresses (users) that can be configured to use specific Content Control rules. The Groups link accesses pages so that you can manage groups and the users within those groups at both the Domain Default and individual domain levels.

Note: All instructions within this section assume the user has already accessed the Content Control configuration pages using the steps described above.

4.1 Domain Default and Custom Settings You can configure both Domain Default and individual domain (custom) settings. At the Domain Default level, you can specify the following information:

• Administrator email account to which redirected or copied emails and notifications are to be sent

• Time zone

• Default rule set

• Default lists

• Default groups.

At the individual domain level, you can opt to use either the Domain Default settings, or customize a configuration specifically for the domain selected. On initial set up, each domain is initially set to use the Domain Defaults. If you switch to use Custom Settings via the radio buttons, a copy of the default settings is applied to the domain. You can then modify this copy as required without affecting the defaults.

Note: If you decide to switch from using Custom Settings back to the Domain Defaults ALL Custom Settings for that domain will be overwritten. To avoid accidental loss of settings, a warning is displayed requiring confirmation to continue.

4.1.1 Edit settings

4.1.1 Editing settings

1. Select Rules from the top-left menu bar

13

2. Select Edit Settings…

Note:

• These settings are applied at the Domain Default level

• Administrator Email Address controls the email account to which notifications are to be sent to by default

• Default Timezone controls the value applied by default when generating conditions based on time intervals. Although set at the Domain Default level the value can be overridden on a ‘condition by condition’ basis

• If no timezone is specified, the system assumes UTC (Coordinated Universal Time). This is the same as GMT (Greenwich Mean Time)

• Where applicable, daylight saving is accounted for, for example, Europe/London (BST).

5 Groups When the Content Control Service is first enabled, no groups exist. You should decide which groups are to be created and who belongs in those groups.

5.1 Harvesting Email Addresses As email is sent from your domains, the system checks the email address of each sender. The email address will be ‘harvested’ if the sending domain corresponds with a domain where the service has been enabled and the email address has not already been harvested. In this context, a ‘harvested’ email address is simply an email address that has been recognized and stored by the system. To comply with the relevant Data Protection legislation and in line with industry best practice, the system does not attempt to harvest recipient addresses from email sent by you, nor does it attempt to harvest addresses from email sent to you.

As the email addresses are harvested, you can assign them to one or more previously defined groups. You can also manually create users, for example, third party email accounts, and assign these to groups.

Note:

An individual user can belong to multiple groups

An individual group can contain users from many different domains

Before any rules can be applied to a particular user, the user must be assigned to at least one group

Until a user is assigned to a group, they are flagged as unassigned in the listing of available users displayed during group creation and editing

Up to 500 groups per domain can be created, each of which can contain up to 500,000 entries.

On selecting Groups, you are presented with a page containing a pull down list of all

14

available domains where the service is enabled, plus a Domain Default option.

Selecting the Domain Default option enables groups to be managed across all domains, whilst selection of an individual domain enables group’s specific to that domain to be managed.

Note: Groups defined at the Domain Default level can be applied at the individual domain level but not modified.

By selecting the required domain, or the Domain Default option, you are presented with a scrolling list of all groups available for modification at that level. Alternatively, you can find a specific group within the available list via the sub-string search facility that operates against the group name.

You can obtain a list of the rules using a specific group by selecting the corresponding link under the In Use column:

5. Viewing rules that use a specific group

5.2 Creating a group 1. Select Groups from the top-left menu bar

2. Select Create New Group...

5.1 Defining members of a group

Note:

• A Group name can contain up to 50 alphanumeric characters plus spaces, but no other character types

15

• The Search facility operates on both list boxes. Following a search, we recommend that the Clear Search option be used in order to re-display all group members

• The Other Users tab contains a list of available users who can be assigned to the group. The list is arranged alphabetically with all unassigned users listed first. To avoid the list becoming too lengthy, only the first 500 users are shown. If more than 500 users are available, you should use the substring search facility to reduce the list size

• The New Users tab provides facilities for manually creating new users that are not automatically harvested.

Hint: We recommend that you create an obsolete group for any invalid email addresses that have been harvested. This ensures that users flagged as unassigned are kept to a minimum.

5.3 Group Definition Management Once a group has been formed Content Control 2.0 provides you with the ability to easily manage and maintain lists by uploading and downloading users into groups that already exist.

5.3.1 Uploading a group of users By selecting Upload a pop-up dialogue is displayed enabling the user to browse for a

16

file and then upload it into the system. The user can select whether the file contents should replace any email addresses already existing within the group, or whether they should be merged.

Should the file contain invalid entries, a warning is displayed along with the option to cancel the upload.

5.3.2 Downloading a group of users Selecting Download enables the user to save all email addresses within a Group to a file on their local machine or to a shared drive.

5.4 Editing a group 1. Select Groups from the top-left menu bar

2. Select Group Name.

Note:

• All users currently assigned to the group are listed alphabetically under the Group

17

Users tab. To avoid the list becoming too lengthy, only the first 500 users are shown. If more than 500 users are available, you should use the sub-string search facility to reduce the list size.

• To delete users from the group, highlight each user to remove, followed by << Remove.

5.5 Deleting a group 1. Select Groups from the top-left menu bar

2. Select the group(s) to delete by ticking the corresponding check box(as)

3. Select Delete Group(s).

Note:

• A group cannot be deleted if it is used within one or more rules

• Confirmation of deletion is not requested.

5.6 Deleting users 1. Select Groups from the top-left menu bar

2. Select Delete Users...

18

5.4 Deleting Users from the All Users list

Note:

• The All Users tab contains an alphabetical list of all available users. To avoid the list becoming too lengthy, only the first 500 users are shown. If more than 500 users are available, you should use the sub-string search facility to reduce the list size

• This functionality does not provide a permanent deletion mechanism for harvested users. If the deleted email address passes through the harvesting process again, it will be added to the list of available users.

5.7 Exception addresses When setting up your Content Control Service it is advisable that you add a group called ‘Exception Addresses’. These addresses should be excluded from all rules to ensure that you receive Virus alerts and are able to send Spam Samples and similar messages without the messages being stopped or copied.

To implement the exception list create a group containing the addresses listed below. Then for each rule configure the Sender tab so that the ‘Sender NOT in any selected group’ option is active and the exception group selected.

We recommend your exception list includes the following addresses: abuse@messagelabs.com postmaster@messagelabs.com imagesample@messagelabs.com spamsample@messagelabs.com spammanager@messagelabs.com support@messagelabs.com techalert@messagelabs.com toweralert@messagelabs.com towerqueue@messagelabs.com towerstats@messagelabs.com viruseye@Messagelabs.com

dbmaster@messagelabs.com

6 Lists The Content Control Service works by matching of terms or expressions contained within various parts of an email; for example, you may want to stop outbound emails that contain potentially sensitive information. To assist with this, the service enables you to pre-configure lists of unacceptable terms or expressions at both the Domain Default and individual domain level.

19

Domain Default and individual domain level lists can be used by any condition within a rule requiring a list. In addition to this, you can define lists at the condition level. These are specific to a condition and cannot be used by other conditions within the same or different rules.

Note:

• A variety of system level lists, which are pre-defined, are also available for you to use. These are only visible during rule definition

• You can create up to 500 lists, each of which can contain up to 2,000 entries.

6.0.1 Lists view within Content Control

When you select Lists, you are presented with a page containing a drop down menu of all available domains for which the service is enabled, plus a Domain Default option.

By selecting the Domain Default option, you can manage lists across all domains. By selecting an individual domain you can manage lists specific to that domain.

Note:

• Lists defined at the Domain Default level can be applied to an individual domain but not modified.

• When creating rules, you can select a pre-defined list and then amend it to suit the individual condition. It does not modify the existing list but creates a new list specific

20

to the condition.

By selecting the required domain, or the Domain Default option, you are presented with a scrolling list menu of all lists available for modification at that level.

You can obtain a list of the rules using a specific list by selecting the corresponding link under the In Use column.

6.0.2 Viewing rules that use a specific list

6.1 Guidelines for list creation The Content Control Service supports four different types of list. These are as follows:

• File Name

• Email Content

• MIME Types

• Domain Names.

This section provides you with guidelines on what these four types of lists can and cannot contain.

6.1.1 File Name File Name lists can be used by rules where ‘Attachment’ conditions are required. You can instruct the system to compare the file names of any email attachments against entries in a pre-defined list.

Note:

• Comparisons are not case sensitive

• The use of digits is supported

• The use of spaces is supported

• The following characters are not supported: “ & :‘ | / \ < > ?

• The following characters are supported: ! £ $ % ^ ( ) - _ + = { } [ ] ;@ ~ # ,. • The use of * as a wildcard is allowed, for example: topsecr* *.exe file*.com

6.1.2 Email Content

21

Email Content lists can be used by rules where ‘Email’ conditions are required. You can instruct the system to compare the content of an email against entries in a pre-defined list of words and/or phrases.

Note:

• Comparisons are not case sensitive

• The use of digits is supported

• The use of spaces is supported

• The following characters are not supported as they are commonly used in coding or scripts: “ & ‘ < > . _ + = { } [ ] :;@ ~ # | / \ ,? ! £ $ % ^ * ( )

• The following characters are supported: -

• Use of wildcards is not supported and where wildcard type characters have been used they will be translated literally.

6.1.3 MIME Types MIME Type lists can be used by rules where ‘Email’ conditions are required. You can instruct the system to compare the MIME types within an email against entries in a pre-defined list of types and/or subtypes.

Note:

• Comparisons are not case sensitive

• The use of spaces is not supported

• The use of digits is supported

• The following characters are not supported: ! “ £ % ^ & ( ) = { } [ ] :;@ ‘ ~ # | \ < > ,?

• The following characters are supported: $ - _ + . * as a wildcard only / as a type/subtype separator only

• Use of wildcards is supported to indicate all subtypes for specified type, for example: type/*

• Entries must take one of the following forms: type/subtype specific type and subtype combination type/* all subtypes for specified type

• Validation of MIME type and subtype text is not performed.

6.1.4 Domain Names Domain Name lists can be used by rules where ‘Sender’ or ‘Recipient’ conditions are required. You can instruct the system to compare the sender and/or recipient of an email against entries in a pre-defined list.

Note:

22

• Comparisons are not case sensitive

• The use of digits is supported

• The use of space is not supported

• The following characters are not supported as they are not permitted in domain names by RFC standards: ! “ £ $ % ^ * ( ) _ + = { } [ ] :;@ ‘ ~ # | / \ < > ,?

• The following character is supported: -

• The following character is supported as a sub-domain separator only: .

• Use of wildcards is not supported so domains and sub-domains must be explicitly entered.

6.2 Add list 1. Select Lists from the top-left menu bar

2. Select Create New List...

6.2 Creating a new list

Note:

• List name can contain up to 50 alphanumeric characters plus spaces, but no other character types

• When you select a List type, list creation hints specific to that list type are displayed

• The interface is specifically designed to enable the creation of lists via simple ‘cut and paste’ methods, thus avoiding the laborious entry of individual items.

6.3 Edit list 1. Select Lists from the top-left menu bar

23

2. Select List name.

Note:

• Entries are listed alphabetically

• You cannot change the list type within the edit function due to the variation in expected content between different list types

• Instead, you need to delete the old list and then create a new list with the required list type.

24

6.4 Delete list 1. Select Lists from the top-left menu bar

2. Select the list(s) to delete by ticking the corresponding check box(es)

3. Select Delete List(s).

Note:

• You cannot delete a list if it is used within one or more rules

• You cannot delete any of the pre-defined lists

• Confirmation of deletion is not requested.

7 Rules The key benefit of the Content Control Service is that it gives you the ability to control your inbound and outbound email. You can define rules to apply in order to filter email according to who sent it, who it was sent to, what it contained and so on. You have complete control over rule definition and consequently, the functionality and accuracy provided by the service.

A rule is made up of the following components:

• A descriptive name

• A set of conditions that have to be met in order to trigger the rule

• An action that is performed when the rule is triggered.

Note:

• We recommend using a rule-naming scheme to create meaningful names for your rules so that they will be appropriate in the various contexts in which they are displayed. For example, when a rule is triggered the rule name is included in the notification email sent to an administrator

• We would advise you against using unacceptable language in the rule headers as the rule name will appear in the Statistics, Reports, X-Headers, etc.

Each rule can consist of a variable number of conditions that a scanned email must meet in order for the rule to be satisfied.

There can be more than one condition to a rule that a scanned email must meet in order to satisfy the rule. An implicit AND exists between the specified conditions, which means the rule will only trigger an action if ALL the conditions are met.

However, if for example you wanted to identify messages that are either sent from the Sales team or to a Channel Partner or it contains an MS Excel spreadsheet, you would build the rule as:

25

Rule 1– email from any member of the Sales team

Rule 2– email to a Channel Partner

Rule 3– email contains an MS Excel spreadsheet.

7. Rules view within Content Control

When you select Rules, you are presented with a page containing a drop down menu of all available domains for which the service is enabled. It also includes a Domain Default option.

If you select the Domain Default option you can manage generally applied rules. However, if you select an individual domain you can initially choose between using Domain Default or Custom Settings. By selecting Custom Settings you can manage rules specific to that domain.

Note:

• Rules defined at the Domain Default level can be applied at the individual domain level but cannot be modified at that level without converting that domain to use Custom Settings

• If you decide to switch from using Custom Settings back to the Domain Defaults ALL Custom Settings will be lost. To avoid accidental loss of settings, a warning is displayed requiring confirmation to continue

26

• You can create up to 500 rules.

By selecting the required domain or the Domain Default option you are presented with a menu of all rules available for modification at that level. The rules list provides a range of information about each rule including the rule name and the action to be taken when the rule is triggered. The actions taken are defined in the next table:

Note:

• Redirected and copied mails (inbound only) are tagged with X-Header information. This allows you to investigate the reason individual emails have triggered a rule by examining the history of the e-mail’s progress within the packet headers. Outbound emails are not tagged to avoid ‘informing’ on senders within your domains. Similarly, the restrictions on sender and recipient notifications avoid ‘informing’ on senders within your domains

• When the Compress Attachments rule is triggered it is applied to all attachments of an email and results in these attachments being individually converted to .ZIP files. By individually ZIPping each attachment, the attachment count and basic file naming is preserved while the overall email size is reduced. If the email does not have any attachments the action has no effect

Action Name

Log to

statistics

Tag

Header

Notifications End Scan-ning

Block and Delete

Yes No Sender, recipient and admin for inbound, sender

Yes

Redirect mail to Administrator

Yes Inbound only Sender and recipient for the inbound, sender

Yes

Copy mail to the Administrator

Yes Inbound only None No

Tag Suspected Mail with Header

Yes Inbound only Administrator only

No

Compress Attachments

Yes No None No

Log Only Yes No None No

27

• The order in which the rules are listed defines the sequence in which the rules are checked as an email is scanned

• If a rule is triggered whereby the resultant action indicates that a multi-recipient email should be stopped for a particular recipient, the action is only applied to that particular recipient, scanning continues for all other intended recipients. Furthermore, for inbound email where an intended recipient belongs to another domain, the email is passed through the rule set specific to that recipient’s domain.

• An email may trigger multiple rules, none of which have a block action. Depending upon the resultant rule actions this may result in multiple copies of an email being sent to the administrator – one for each rule triggered. To overcome this, each occurrence sent to the administrator is combined into a single email. This does not result in a banner being appended if the email also passes through the Anti-Virus service.

7.1 Per-Rule Notification Control Within the Content Control Rules page for each rule created there is a section described as Edit Action & Notifications. By selecting this option a pop-up dialogue will be displayed enabling the desired action to be configured along with the required email notifications.

This enables the administrator to turn on or off notifications by rule to the recipient, sender and/or administrator.

Note:

• The choice of email notifications available depends upon the action selected. – Only an action that leads to the email not being received by it’s intended recipient will send notifications

7.2 Create rule Hint: When you initially set up a new rule, we recommend that you set one of the less severe actions such as Log Only, Tag or Copy to check the rule is working, before instigating a more severe action such as Redirect or Block and Delete.

28

1. Select Rules from the top-left menu bar

2. Select Create New Rule...

7.1.1 Creating a new rule

3. Enter the rule title and select the required email direction condition

4. Enter, via the tabs and options provided, the required conditions.

Note:

• Rule Title can contain up to 255 alphanumeric characters plus spaces, but no other character types

• You must specify the email direction (the default is Both). All other conditions default to Ignore

• Where group names exceed the size of the display field, the dialogue can be re-sized to show additional text

• New rules are appended to the end of the rule listing, to avoid overwriting any existing rule sequence.

Sender Tab

You can build Sender conditions based on:

• Pre-defined groups

• Pre-defined domain lists.

29

7.1.2 Sender tab within create new rule

Recipient Tab

You can build Recipient conditions based on:

• Pre-defined groups

• Pre-defined domain lists.

30

7.1.3 Recipient tab within create new rule

Email Tab

You can build Email conditions based on:

• Maximum email size

• Comparing subject and body content against pre-defined email content lists

• Comparing MIME types against pre-defined MIME type lists.

31

7.1.4. Email tab within create new rule

Note:

• Email size is based on the size of the whole email, including encoded attachments

• You should specify email size in Kb

• The content of attachments is not checked by the conditions under the Email tab.

Attachment Tab

You can build Attachment conditions based on:

• Maximum number of attachments

• Maximum size of attachments (in encoded form)

• File extension matching implied contents (file spoofing)

• Comparing attachment file name against pre-defined file name lists

• Comparing MIME type against pre-defined MIME type lists.

32

7.1.5 Attachment tab within create new rule

Note:

• Attachments contained within zip files will not be scanned

• File spoofing detection identifies executables that have been sent under the guise of a file extension other than ‘.exe’

• Attachments contained within zip files will not be scanned.

Other Tab

You can build Other conditions based on:

• Email encryption

• Email urgency/priority

• Arrival time (at the mail server).

33

7.1.6 Other tab within create new rule

Note:

• The detection of encryption is based upon whether the email itself is encrypted and is limited to the detection of encryption using S/MIME

• Times are based on when the email arrives on a mail server within a tower and are converted to the time zone specified

• You must specify times using the 24-hour clock

• You must enter the intervals spanning midnight as two separate time intervals; one for the time interval leading up to midnight and one for the time interval following midnight the next day

• Daylight savings are determined via the time zone selected.

7.3 Edit rule 1. Select Rules from the top-left menu bar

2. Select Rule Name

3. Amend rule conditions as necessary.

7.4 Delete rule 1. Select Rules from the top-left menu bar

2. Select the rule(s) to delete by ticking the corresponding check box(es)

34

3. Select Delete Rule(s).b

Note:

• All subsequent rules are re-sequenced

• Confirmation of deletion is not requested.

7.5 Move rule 1. Select Rules from the top-left menu bar

2. Select the rule to move by ticking the corresponding check box

3. Select Move Rule...

7.4 Moving a rule

Note: Once the move has been validated, all rules affected by the move are automatically re-sequenced.

7.6 Copy rule 1. Select Rules from the top-left menu bar

2. Select the rule to copy by ticking the corresponding check box

3. Select Copy to New Rule...

4. Rename the rule and amend the conditions as required.

Note:

• Only one rule can be copied at a time

• Rules can only be copied within the same domain

• You must change the rule name in order to make it unique within the domain

• The new rule is appended to the end of the rule list to avoid overwriting your existing rule sequence.

35

8 Reports

8.1 Report configuration You can choose to receive emailed reports containing logs of emails detected by the service. Reports can be sent on a weekly and/or monthly basis. The email address to which you would like reports sent is user definable.

1. Log in to Insight

2. Select ADMIN from the top-left menu bar

3. Select Admin from the top-right menu bar

4. Select Content Control Statistics.

8.2 Statistics On the Statistics page, there is a tab for accessing statistics specific to Content Control. This tab is only displayed if the Content Control Service is enabled. The default display shows statistics based on rule name.

1. Log in to Insight

2. Select STATISTICS from the top-left menu bar

3. Select Content from the top-right menu bar.

36

8.2.1 By Rule statistics view

8.2.2 Detailed breakdown for a specific rule

37

8.2.3 By User statistics view

38

8.2.4 Detailed breakdown for a specific user

9 Frequently Asked Questions (FAQs)

9.1 Groups Q) What characters can I use in a group name?

A) Group names must be alphanumeric, spaces are allowed. Names may be up to 50 characters in length.

Q) I’ve searched for a user in one of my groups, the search did not return any results?

A) The search feature is case sensitive. The search string must also be 3 or more characters.

Q) I have deleted users from the available user list but they have re-appeared, why?

A) The email address in question has sent outbound mail through the towers and the address was added to the database again. This is expected.

Q) How many groups can I create?

A) 500 per domain.

Q) How many users can exist in a group?

A) 500,000

Q) Can I add a group to another group?

A) No, groups may only contain email addresses however; any single email address may exist in many groups.

Q) I can see groups available for selection when I create a new rule but visiting the groups page displays a message similar to ‘This domain has no groups’.

A) You are at domain level, groups created at default level may be applied to rules at domain level but may not be edited, therefore they are not visible in the groups

39

page at domain level.

Q) Why are some of my users not displayed in a group that I added them to?

A) The interface only displays the first 500 users, you will need to search for other users.

Q) I want to delete a group but I am unable to select it, the box is greyed out?

A) The group is being used within a rule and cannot be deleted until it is removed from any rules.

9.2 Lists Q) What characters can I use in a list name?

A) List names must be alphanumeric, spaces are allowed. Names may be up to 50 characters in length.

Q) Can I change the type of a list that already exists?

A) No, you will need to create a new list.

Q) A set of default lists is provided, can I delete these?

A) No, the default lists cannot be deleted.

Q) I can see lists available for selection when I create a new rule but visiting the lists page displays a message similar to ‘There are no existing lists to display’.

A) You are at domain level, lists created at default level may be applied to rules at domain level but may not be edited, and therefore they are not visible in the lists page at domain level.

9.3 Rules Q) I have just subscribed to Content Control and am unable to add any rules,

why?

A) Did you set an admin address and time zone by clicking the edit settings button?

40

Q) What characters can I use in a rule name?

A) Rule names must be alphanumeric, spaces are allowed. Names may be up to 50 characters in length.

Q) How many rules can I have?

A) 500 per domain.

Q) What order are my rules processed in?

A) The order in which they are displayed within the Insight interface.

Q) I set an attachment size restriction of 2Mb but mails are being blocked with attachments smaller than this, why?

A) Check that you haven’t set the size restriction on the email tab rather than the attachment tab.

Q) I applied the attachment-spoofing feature to a rule. I tested with ‘sol.exe’ and renamed it to ‘sol.txt’. It was not stopped by Content Control, why?

A) Skeptic supplies the spoofing feature for CC. It does not flag up attachments that it recognizes and have not been corrupted such as renamed system files.

Q) I have created a rule with multiple criteria and it is not stopping any emails, why?

A) There is an implicit ‘AND’ statement between elements of a single rule, if you create a rule that has, for example, both a list of prescribed words AND a list of prescribed file names it will only block emails containing BOTH the word AND the filename. In order to identify emails with EITHER element you need to create two separate rules.

9.4 Additional questions Q) How can you add email addresses to Content Control?

A) When a user sends an outbound email, Content Control will automatically capture/harvest his/her email address for future use. Addresses can also be added manually to a group, see section 5.1. Alternatively email addresses can be added manually via the groups interface or uploaded to a specific rule.

41

Q) Are email addresses case sensitive?

A) Yes, if you wish to do any search on an email address you will need to type it as it is recorded. Most email addresses are stored in lower case.

10 Glossary Term Definition

Action The selected consequence(s) of a rule being triggered by an email: Block and Delete, Redirect to Administrator, Copy to Administrator, Compress Attachments, Tag Only, Log Only.

‘AND’ Each of the conditions or options selected within a single rule have an implicit ‘AND’ function between them; i.e. an email will only trigger that rule if all conditions are met, not one or some. This implies two things:

1. Customers may need to create a greater number of rules than originally anticipated, as multiple search conditions cannot be incorporated into a single ‘cover-all’ rule.

2. It gives a great degree of control and granularity of policy implementation.

Attachment Number

The number of individual Attachments on a single email.

Attachment Spoofing

Attached executable programs that have been sent under the guise of a file extension other than ‘.exe’.

Body The message text of an email.

Both A condition within a rule which applies that rule to Inbound and Outbound email.

Change Domain

A drop-down menu on each administration screen, used to select the Default Domain rules or Custom Domains.

Condition A selectable option within a rule, defining the parameters or content that an email must match to trigger that rule.

Email Content

The Body and Subject Line text of an email.

42

Email Size Limit

The total size of a single email, including all content and attachments.

Encryption In specific reference to Content Control, this refers to an email encrypted with S/MIME.

Groups A group is a set of email addresses (users) that can be configured to use specific Content Control rules.

Ignore If a condition within a rule is set to ‘Ignore’, that condition is NOT used in that rule’s search parameters. Within a new rule every condition is initially set to ‘Ignore’.

Lists A list is a collection of search conditions that can be used for content-matching during the email scanning process. There are four types of lists available:

File Names Attachment file names are compared against a selected list within a rule.

Full or partial names can be used as search criteria; wildcards are permitted.

Email Content

The Subject Line and Body Text within an email are compared against custom-created or pre-defined lists of words and/or phrases.

A range of default lists are available through the rule interface for English, German and French.

Wildcards are not permitted, and will be interpreted literally as the asterisk character.

Mime Types Attachments are compared against a selected list of MIME types/subtypes.

Content Control does not validate or check the accuracy of types/subtypes entered. No default lists are provided, although they can easily found by using internet search engines.

Domain Names

The sender and/or recipient of an email is compared against entries in a custom list.

Wildcards are not permitted – domain name references must be specific and complete.

MIME Types Standard encoding dividing feature-rich content within an email or attachment into types (e.g. application, audio, video) and sub-types (e.g. application/msword, audio/wav, video/mpeg).

43

‘NOT’ Any selected ‘NOT’ conditions apply the reverse of that normal condition, making it an exception to the rule. E.g. If a rule blocks and deletes email containing ‘.exe’ attachments, if a group is highlighted under the Recipients tab, but has the ‘Recipient NOT in any selected group’ option enabled, all addresses within that Group are an exception to that rule and will be able to receive ‘.exe’ attachments.

Rule Title The administrator-assigned label applied to an individual rule. Must begin with an alphabetic letter.

S/MIME A protocol for adding cryptographic signature and encryption services to MIME data, to enable secure email.

Time Interval A condition within a rule which allows that rule to be in effect (or not) during one or more defined time-periods; configurable by day of the week, and hour of the day.

Update rule The on-screen button within the ‘Create/Edit Rule’ interface which inputs the existing/changed rule conditions.