Spam Protection

Spam Workflows

The administrators can select any of these workflows when spam is detected in emails.

Note - Spam protection workflow is configurable only for Office 365 email and Gmail.

Workflow

Description

Email is allowed. Deliver to Junk folder

(Available only for Office 365 Mail)

The Anti-Phishing engine marks the email as Spam by updating the Spam Confidence Level (SCL) to 9 (by setting value of header X-CLOUD-SEC-AV-SCL to True). The email will be moved to the Spam folder by Office 365 (with the proper Mail Flow rules), based on the configured action for SCL=9 (by default set to deliver the message to the recipients' Junk Email folder).

For more information on SCL levels, see SCL.

Email is allowed. Move to Spam

(Available only for Gmail)

The Anti-Phishing engine delivers the email to the user's Spam folder.

Add [Spam] to subject

The email is delivered to the inbox and the subject is modified to start with '[Spam]' (for example, the email subject 'Are you interested' will be delivered with new subject: '[Spam] Are you interested').

Quarantine. User is alerted and allowed to restore the email

The email is quarantined and the user is allowed to restore the email.

Quarantine. User is not alerted (admin can restore)

The email is quarantined and the admin can restore the email.

Email is allowed. Header is added to the email

The detected email is delivered to the recipient with an additional header that can be configured in the policy.

Do nothing

The email is delivered to the end user inbox.

For more information on who receives the restored emails, see Who Receives the Emails Restored from Quarantine.

Trusted Senders

Administrators can allow end users to trust senders and domains, so that spam emails sent from these senders are delivered directly to the users' mailbox.

Note - If the emails are classified as phishing or containing malware, they will still be quarantined.

To allow end users to trust senders:

  1. Access the Harmony Email & Collaboration Administrator Portal and click Policy.

  2. Open an existing Threat Detection policy or create a new one. See Threat Detection Policy for Incoming Emails.

  3. Scroll down to the Spam section and select the Allow end-users to trust senders of Spam emails checkbox.

  4. Click Save and Apply.

For information about how to manage senders trusted by end users, see Trusted Senders - End-User Allow-List.

Trusting Senders - End User Experience

When the administrator has configured the policy such that the user is allowed to trust senders, the user gets an option in the End-User Daily Quarantine Report (Digest) to trust senders and their domains.

To trust a sender or domain:

  1. Click Trust sender in the End-User Daily Quarantine Report (Digest).

  2. Enter your email address and click Submit.

    The system sends an email notification with a verification code.

    Enter the verification code received from the email and click Submit.

    After successful verification, the system shows the status.

Graymail Workflows

Graymails are legitimate but often unwanted emails, such as newsletters and promotional emails, which many users find unnecessary, making it harder to find important messages.

The Graymail workflow moves these unwanted emails to a dedicated folder in the user's mailbox, ensuring a well-maintained inbox and enhancing productivity.

Note - This workflow is supported only for Office 365 Mail.

To configure the graymail workflow and customize the dedicated folder name:

  1. Access the Harmony Email & Collaboration Administrator Portal and click Policy.

  2. Open an existing Threat Detection policy for Office 365 Mail or create a new one. See Threat Detection Policy for Incoming Emails.

    The Edit Policy Rule page appears.

  3. Go to the Spam section.

  4. From the Graymail workflow list, select the workflow:

    • Do nothing

    • Same as Spam workflow

      For more information, see Spam Workflows.

    • Email is allowed. Deliver to Promotions folder.

      • In the Folder Name field, enter the folder name. The default folder name is Promotions.

        The system creates a dedicated folder in the user's mailbox.

  5. Click Save.

Graymail Dedicated Folder

When the Email is allowed. Deliver to Promotions folder workflow is selected, the system creates a folder with the specified name in each user's inbox assigned to the policy.

If a user deletes the folder, the system recreates it within 24-48 hours. During this period, graymail emails are delivered to the user's inbox.

For new users added to the group associated with the policy, the system creates the folder within 24-48 hours. During this period, graymail emails are delivered to their mailbox.

Notes:

  • This option is available only for the Protect (Inline) policy mode.

  • After the initial configuration, you cannot change the folder name. To modify it, contact Check Point Support.

Deliver to Promotions Folder - End User Footprint

When the Email is allowed. Deliver to Promotions folder workflow is enabled, the following changes apply to the end user:

  1. The system creates a dedicated folder under the user's mailbox.

  2. The system adds X-CLOUD-SEC-CP-GRAYMAIL header to all the graymails.

  3. The system applies a mailbox rule to each protected user, routing emails with the X-CLOUD-SEC-CP-GRAYMAIL header to the new folder.