Content security policy

You define your content policy from the Policy Center Home Page.

If you have a conjoined policy where you have a Email or Exchange, and Web Gateway in the same peer group, you can configure each Gateway from a single Policy Center Home page. For example, although HTTPS Policy is specific to the Web Gateway, you can configure it from the Policy Center Home page on the Email Gateway where a conjoined configuration exists. A conjoined policy will also allow you configure Policy References that are exclusive to either the Web or Email Gateway from a single Policy Center Home page.

Tell me about...

• Content rules

  Content rules are the email processing rules of your content security policy. Each content rule states that if a message meets a specified set of conditions, the Policy Engine will perform a specified set of actions.

  When you configure content rules in your Gateway, you set What to look for? clauses and What to do? actions for each rule. For example, you could have a What to look for? clause that checks for viruses in a particular file type and then a What to do? action that drops the message.

• Policy references

  Policy references are items that can be referenced when you define your security policy. For example, you can add the Informs reference to your policy route to send notifications when specific content rule conditions are met.

  If you have a conjoined policy where, for example, a Web and Email Gateway exist in the same peer group, you will be able configure references for both Gateways from one Policy Center Home page.

  For a list of policy references and what action they perform, see the About Policy Reference topic.

• Email Address lists

  An Email Address List is a grouping of email addresses of one or more users to whom you want to apply a common policy. Such groupings typically represent users who share a common link within your organization, for example:

  • Functional groupings, for example, a Sales department or regional office
  • Role-oriented groupings, for example, managers
  • Relational groupings, for example, company partners

  For more information, see the About Email Address Lists topic.

• Mail policy routes and how they relate to Email Address lists

  A mail policy route defines a "From" and "To" list of addresses. You configure these address lists from within your Gateway UI.

  A policy route must reference two Address Lists to define the mail route on which the policy route will be applied. One Address List supplies the sender address, and the other Address List supplies the recipient address.

  Your Gateway starter policy contains My Company and Anyone address lists.

  You apply a default decryption, delivery, and disposal action for messages that are matched with the route. You can, if required, apply content rules to the route to provide extra flexibility to the route.

  For more information, see the About Policy Routes topic.

• The SpamLogic feature

  You define your global anti-spam defense with the SpamLogic feature. SpamLogic settings determine how your Gateway controls spam at the perimeter and can stop spam before it gets processed by your content security policy.

  In addition to using SpamLogic to control spam at the perimeter, you can use the Spam Detection clause in content rules to add an extra level of spam protection.

• The Missing Manager feature

  Missing Manager can be used to ensure that sent emails will always include a specific recipient. For example, for a given policy route, you might want to ensure that a manager or compliance officer is aware of certain emails leaving your company. For more information, see the About Missing Manager Policy topic.

• How the Gateway processes messages

  Your Gateway is typically located inside your organization's DMZ. It receives incoming mail for your organization, and outgoing mail from your mail servers, and processes each message according to your content security policy. The main policy outcome for each message may be 'deliver', 'hold' (place in a message area), 'non-deliver', 'drop' (delete), or 'relay to another server'.

  If the policy outcome for an incoming message is 'deliver', Clearswift Gateway typically sends the message to your internal mail server. If the policy outcome for an outgoing message is 'deliver', Clearswift Secure Email Gateway typically routes the message using DNS, or sends it on to your external mail server.

  For detailed steps describing the processing of incoming mail, see the How Clearswift Gateway Processes Messages topic.

• Adaptive redaction and sanitization

  With Adaptive Redaction you can detect and manage sensitive data from information that flows through your Gateway. For example, a credit card number identified in a communication can be obscured before it is viewed by the recipient. Adaptive redaction can apply to documents, attachments and media types. For more information on using this feature, see Adaptive redaction.

  You use Sanitization to detect and remove active content, embedded content, URLs or hyperlinks, scripts or macros and document properties from communications. Sanitization purges potential harmful content from documents, attachments and media types. For more information on using this feature, see Sanitization.

See also...

• How Policy is Applied to Routes