Open with table of contents

About Content Security Policy

The content security policy comprises a number of combined components that determine the email content that is allowed to flow in and out of your organization. You create your policy by adding Content Rules and other Policy References, to Mail Policy Routes. Each Mail policy route references two Email Address Lists. One list supplies the sender addresses, the other supplies the recipient addresses.

When email passes through the Gateway, it is checked against DLP and hygiene content rules that have been configured for the route the email is taking. Depending on those rules, a number of actions can be performed. Included in these actions is the detection and removal of sensitive, dangerous or inappropriate content, hidden macros, scripts and document properties from communication flow by using Adaptive Redaction and Sanitization.

In addition to routes and rules, you can:

Manage spam with the SpamLogic feature
Set To and CC fields within outgoing email to a specific email address by using the Missing Manager feature

You define your content policy from the Policy Center Home Page.

If you have a conjoined policy where you have a Email or Exchange, and Web Gateway in the same peer group, you can configure each Gateway from a single Policy Center Home page. For example, although HTTPS Policy is specific to the Web Gateway, you can configure it from the Policy Center Home page on the Email Gateway where a conjoined configuration exists. A conjoined policy will also allow you configure Policy References that are exclusive to either the Web or Email Gateway from a single Policy Center Home page.

Tell me about...

Content rules

Content rules are the email processing rules of your content security policy. Each content rule states that if a message meets a specified set of conditions, the Policy Engine will perform a specified set of actions.

When you configure content rules in your Gateway, you set What to look for? clauses and What to do? actions for each rule. For example, you could have a What to look for? clause that checks for viruses in a particular file type and then a What to do? action that drops the message.
Policy references

Policy references are items that can be referenced when you define your security policy. For example, you can add the Informs reference to your policy route to send notifications when specific content rule conditions are met.

If you have a conjoined policy where, for example, a Web and Email Gateway exist in the same peer group, you will be able configure references for both Gateways from one Policy Center Home page.

For a list of policy references and what action they perform, see the About Policy Reference topic.
Email Address lists
An Email Address List is a grouping of email addresses of one or more users to whom you want to apply a common policy. Such groupings typically represent users who share a common link within your organization, for example:
- Functional groupings, for example, a Sales department or regional office
- Role-oriented groupings, for example, managers
- Relational groupings, for example, company partners
For more information, see the About Email Address Lists topic.

The Missing Manager feature

Missing Manager can be used to ensure that sent email will always include a specific recipient. For example, for a given policy route, you might want to ensure that a manager or compliance officer is aware certain email leaving your company. For more information, see the About Missing Manager Policy topic.
How the Gateway processes messages

Your Gateway is typically located inside your organization's DMZ. It receives incoming mail for your organization, and outgoing mail from your mail servers, and processes each message according to your content security policy. The main policy outcome for each message may be 'deliver', 'hold' (place in a message area), 'non-deliver', 'drop' (delete), or 'relay to another server'.

If the policy outcome for an incoming message is 'deliver', Clearswift Gateway typically sends the message to your internal mail server. If the policy outcome for an outgoing message is 'deliver', Clearswift SECURE Email Gateway typically routes the message using DNS, or sends it on to your external mail server.

For detailed steps describing the processing of incoming mail, see the How Clearswift Gateway Processes Messages topic.
Adaptive redaction and sanitization

With Adaptive Redaction you can detect and manage sensitive data from information that flows through your Gateway. For example, a credit card number identified in a communication can be obscured before it is viewed by the recipient. Adaptive redaction can apply to documents, attachments and media types. For more information on using this feature, see Adaptive redaction.

You use Sanitization to detect and remove active content, embedded content, URLs or hyperlinks, scripts or macros and document properties from communications. Sanitization purges potential harmful content from documents, attachments and media types. For more information on using this feature, see Sanitization.

See also...

How Policy is Applied to Routes

© 1995–2018 Clearswift Ltd.