Configuring Reputation Definitions and Policies

Document created by user.oxriBaJeN4 Employee on Sep 12, 2015Last modified by user.Yo2IBgvWqr on Oct 9, 2017
Version 10Show Document
  • View in full screen mode

Reputation policies allow you to manually configure the reputation checks applied to inbound mail. Together with reputation definitions, they provide granular control over the default reputation spam detection technologies we apply. When an inbound message is rejected because of a reputation check, the event is logged in the Rejection Viewer. See the Monitoring Rejected Messages page for further details.

 

Configuring a Reputation Definition

 

To configure a Reputation definition:

  1. Log on to the Administration Console.
  2. Click on the Administration menu item. 
  3. Click on the Gateway | Policies menu item. 
  4. Click on the Definitions button. A list of the definition types is displayed.
    Definition list
  5. Click on the Reputation Definition menu item. Any existing definitions are listed.
  6. Either click on the
    • Add Reputation Definition button to create a definition.
    • Definition to be changed.
  7. Complete the Reputation Properties section as follows:
    Field / OptionDescription
    DescriptionSpecify a name for the definition to enable you to identity it's purpose.
    Mimecast Global Permitted ListIf selected, the connecting IP address of all inbound email is checked against an permit list maintained by our Security Team. This list comprises domains known to be of good reputation. If the connecting IP address is on the permit list, it bypasses spam checking.
    Global Block ListsIf selected, all inbound email is checked for spam against six IP address based block lists. This option is used in conjunction with the "Number of Block List Hits" option.
    Number of Block List HitsSpecify a value to set the number of hits required before the sending IP address of a message is rejected.
  8. Click on the Save and Exit button.

 

Configuring a Reputation Policy

 

To configure a Reputation policy:

  1. Log on to the Administration Console.
  2. Click on the Administration menu item. A menu drop down is displayed.
  3. Click on the Gateway | Policies menu item. The Gateway Policy Editor is displayed.
  4. Click on Reputation Policy. A list of policies is displayed.
  5. Either click on the:
    • Policy to be changed.
    • New Policy button to create a policy.
  6. Complete the Options section as required:
    OptionDescription
    Policy NarrativeProvide a description for the policy to allow you to easily identify it in the future.
    Select Notification SetSelect the required Reputation definition for the policy.
  7. Complete the Emails From and Emails To sections as required:
    Field / OptionDescription
    Addresses Based OnSpecify the email address characteristics the policy is based on. This option is only available in the "Emails From" section:
    OptionDescription
    The Return Address This default setting applies the policy to the SMTP address match, based on the message's envelope or true address (i.e. the address used during SMTP transmission).
    Applies From / ToSpecify the Sender characteristics the policy is based on. For multiple policies, you should apply them from the most to least specific. The options are:
    OptionDescription
    EveryoneIncludes all email users (i.e. internal and external). This option is only available in the "Emails From" section.
    Internal AddressIncludes only internal organization addresses.
    External AddressIncludes only external organization addresses. This option is only available in the "Emails From" section.
    Email DomainEnables you to specify a domain name to which this policy is applied. The domain name is entered in the Specifically field.
    Address GroupsEnables you to specify a directory or local group. If this option is selected, click on the Lookup button to select a group from the Profile Group field. Once a group has been selected, you can click on the Show Location field to display the group's path.
    Address AttributesEnables you to specify a predefined Attribute. The attribute is selected from the Where Attribute drop down list. Once the Attribute is specified, an attribute value must be entered in the Is Equal To field. This can only be used if attributes have been configured for user accounts.
    Individual Email AddressEnables you to specify an SMTP address. The email address is entered in the Specifically field.
  8. Complete the Validity section as required:
    Field / OptionDescription
    Enable / DisableUse this to enable (default) or disable a policy. Disabling the policy allows you to prevent it from being applied without having to delete or back date it. Should the policy's configured date range be reached, the it is automatically disabled.
    Set Policy as PerpetualSpecifies that the policy's start and end dates are set to "Eternal", meaning the policy never expires.
    Date RangeSpecify a start and end date for the policy. This automatically deselects the "Eternal" option.
    Policy OverrideSelect this to override the default order that policies are applied. If there are multiple applicable policies, this policy is applied first unless more specific policies of the same type have also been configured with an override.
    Bi-DirectionalIf selected, the policy also applies when the policy's recipient is the sender and the sender is the recipient.
    Source IP Ranges (n.n.n.n/x)Enter any required Source IP Ranges for the policy. These only apply if the source IP address used to transmit the message data, falls inside or matches the range(s) configured. IP ranges should be entered in CIDR notation.
  9. Click on the Save and Exit button.

 

Usage Examples

 

By default all block lists and reputation checks are applied to inbound mail. However by configuring a reputation definition, you can adjust or exclude some of these checks, or decrease their sensitivity. For example, you can:

  • Deactivate one of the default block lists to ensure that certain messages are allowed through.
  • Apply stronger hit rates before a message is rejected based on reputation.
If a message has been specifically permitted via an Auto Allow or Permitted Senders policy, this overrides any reputation definition.

Example 1: IP Address on Two or More Block Lists

 

In this example, messages are rejected when the IP address is found on a minimum of two block lists, and the policy applies to emails from "Everyone to Internal":

Reputation Definition Example 1

Example 2: Newsletter.com on all Block Lists

 

In this example, we deactivate the Mimecast Global Permitted List for newsletter.com, with a requirement that the sending server of the mail for newsletter.com is found on all block lists. In this example the policy is set to apply to messages from newsletter.com to "Internal".

Reputation Definition Example 2

See Also...

 

1 person found this helpful

Attachments

    Outcomes