Open with table of contents

The Starter Content Security Policy

Clearswift Gateway includes an initial content security policy as a starting point for creating your own corporate policy. The starter policy contains basic policy routes for incoming and outgoing mail, with suggested content rules and policy references already applied.

In addition, the default policy also includes settings to identify spam by using the SpamLogic feature. SpamLogic settings determine how your Gateway controls spam at the perimeter, and therefore stops spam before it needs to be processed by your content security policy.

Tell me about...

• The protection that the starter policy provides

  The starter policy provides routes and rules for outgoing and incoming mail. It also includes a route that catches messages that do not match the other policy routes.

  The starter policy is designed to provide a template which can be adapted to suit the requirements of your organization. We recommend customizing the policy as soon as possible to enhance system performance and avoid the potential for false positive results.

  Outbound messages

  Rules for outgoing email are contained within the My Company to Anyone policy route. The route has a default disposal action of Deliver, so the message is delivered unless at least one of the applied content rules triggers and specifies a different disposal action.

  Rules for outgoing email are contained within the My Company to Anyone policy routes. These routes have a default disposal action of Deliver, so the message is delivered unless at least one of the applied content rules triggers and specifies a different disposal action.

  Show me what happens to messages on the My Company to Anyone route:

  This starter policy route is configured to:

  Hold messages containing a virus in the Virus message area, and inform the administrator and sender.

  Hold messages containing encrypted files in the Encrypted message area, and inform the administrator and sender.

  Hold messages containing an unrecognized media type in the Unknown Binary message area.

  Hold messages containing confidential terms in the Confidential area, and inform the administrator.

  Hold messages over 20Mb in size in the Oversize message area and inform the sender.

  Hold messages containing English swear words in the Profanity message area, and inform the sender.

  Hold messages containing multimedia files in the Multimedia message area and inform the administrator and sender.

  Hold messages containing large images in the Large Images message area, and inform the administrator and sender.

  Add a legal disclaimer to the end of the message body, if not already present.

  If message modification fails, hold the message in the Message Processing Failure message area.

  If message processing fails, hold the message in the Message Processing Failure message area.

  * The starter policy is configured to sanitize all available document properties and hold a copy of the attachment in the Adaptive Redaction Hold area.

  Inbound messages

  Rules for incoming email are contained within the Anyone to My Company policy route. The policy route has a default disposal action of Deliver, so the message is delivered unless at least one of the applied content rules triggers and specifies a different disposal action.

  Show me what happens to messages on the Anyone to My Company route:

  This starter policy route is configured to:

  Drop messages containing a virus.

  Hold messages containing encrypted files in the Encrypted message area, and inform the recipients.

  Hold messages containing an unrecognized media type in the Unknown Binary message area.

  Hold messages containing executable files in the Executables message area.

  Hold messages containing Class 1 files in the Executables message area.

  Hold messages over 20Mb in size in the Oversize message area and inform the recipients.

  Hold messages containing English swear words in the Profanity message area, and inform the recipients.

  Hold messages containing multimedia files in the Multimedia message area and inform the administrator and recipients.

  Hold messages containing large images in the Large Images message area, and inform the recipients.

  If message modification fails, hold the message in the Message Processing Failure message area.

  If message processing fails, hold the message in the Message Processing Failure message area.

  * The starter policy is configured to sanitize all available document properties and hold a copy of the attachment in the Adaptive Redaction Hold area. We strongly recommend that you customize the Sanitize Document Content rule at the earliest possible opportunity to avoid overloading the message area and affecting system performance.

  Rules for messages that are not matched on the other policy routes are contained within the For all email that does not match another route policy route. This policy route is supplied without any applied content rules, so its default disposal action of holding messages in the Misrouted Messages message area is always applied.

  You must ensure you have at least one anti-virus scanner installed and enabled for the security policy to detect viruses.

• The supplied SpamLogic Settings

  The settings are as follows:

  • Address Validation

    The Gateway does not perform Address Validation checks. For more information, see Address Validation.

  • Bulk Email Detection

    The Gateway performs Bulk Email Detection checking on all messages from senders who do not have a TRUSTmanager reputation of Good. For more information, see Suspected Junk Email.

  • Junk Email Detection

    The Gateway performs Junk Email Detection checking on all messages from senders who do not have a TRUSTmanager reputation of Good. For more information, see Confirmed Junk Email.

  • TRUSTmanager

    The Gateway performs TRUSTmanager checks on all incoming messages. Messages with TRUSTmanager reputations of Good bypass all spam checks, other than those specified in your content rules. For more information, see TRUSTmanager.

  • Real-time IP Blocklist Settings

    The Gateway performs Real-time IP Blocklist (RBL) checks, using a recognized RBL server, on all messages from senders who do not have a TRUSTmanager reputation of Good. Messages that fail RBL checks are held in the 'Spam' message area. For more information, see Real-time IP Blocklists.

  • Spoof Detection

    The Gateway performs a check to determine whether emails are from an internal domain that has been whitelisted for spoof detection. For more information, see Spoof Detection.

  • Sender Domain Validation

    The Gateway attempts to resolve the sender domain of all messages from senders who do not have a TRUSTmanager reputation of Good. Messages from unresolvable domains are rejected. For more information, see Sender Domain Validation.

  • BATV Address Validation

    The Gateway uses Bounce Address Tag Validation (BATVBounce Address Tag Validation) to eliminate email bounce attacks. For more information, see Bounce Address Tag Validation (BATV).

  • Domain-based Message Authentication, Reporting & Conformance (DMARC) Settings

    The Gateway performs DMARCDomain-based Message Authentication, Reporting & Conformance verification checks on all messages from senders who do not have a TRUSTmanager reputation of Good. Messages that fail DMARC verification are rejected or quarantined. For more information, see Domain-based Message Authentication, Reporting & Conformance (DMARC).

  • Sender Policy Framework (SPF) Settings

    The Gateway performs SPFSender Policy Framework validation checks on all messages from senders who do not have a TRUSTmanager reputation of Good. Messages that fail SPF checks are rejected. For more information, see Sender Policy Framework Settings.

  • DomainKeys Identified Mail (DKIM) Settings

    The Gateway performs DKIMDomainKeys Identified Mail verification checks on all messages from senders who do not have a TRUSTmanager reputation of Good. Messages that fail DKIM checks are rejected. For more information, see DomainKeys Identified Mail (DKIM).

  • Greylisting

    The Gateway Greylists messages from senders with TRUSTmanager reputations of Suspicious or Bad. For more information, see Greylisting.

  • SpamLogic Signatures

    The Gateway performs SpamLogic Signature checking on all messages from senders who do not have a TRUSTmanager reputation of Good. Messages that fail SpamLogic Signature checking are rejected. For more information, see SpamLogic Signatures.

  For a comprehensive spam policy, you should use the 'Spam Detection' clause in your content rules in conjunction with the SpamLogic defenses.

How do I...

• Adapt the starter policy to fit my organization's requirement?

  For guidance on what aspects of the policy to adapt, and the steps you need to take, see the Adapting the Starter Policy topic.

• View the default lexical expression lists?

  To find out which terms are contained in the Confidential Material or PCI lexical expression lists, click Policy > Policy References > Lexical Expressions. The Lexical Expressions tab displays a list of the currently available lexical expression lists. See the Working with Lexical Expressions topic for more information.

See also...

• Policy Routes
• Content Rules