Dell SonicWALL Hosted Security. Administration Guide

(1)

(2)

©_{2015 Dell Inc.}

This guide contains proprietary information protected by copyright. The software described in this guide is furnished under a software license or nondisclosure agreement. This software may be used or copied only in accordance with the terms of the applicable agreement. No part of this guide may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording for any purpose other than the purchaser’s personal use without the written permission of Dell Inc.

The information in this document is provided in connection with Dell products. No license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of Dell products. EXCEPT AS SET FORTH IN THE TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT, DELL ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL DELL BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF DELL HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Dell makes no representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to make changes to specifications and product descriptions at any time without notice. Dell does not make any commitment to update the information contained in this document.

If you have any questions regarding your potential use of this material, contact: Dell Inc.

Attn: LEGAL Dept 5 Polaris Way Aliso Viejo, CA 92656

Refer to our website (software.dell.com) for regional and international office information.

Trademarks

Dell™, the Dell logo, SonicWALL™, SonicWALL ViewPoint™. Reassembly-Free Deep Packet Inspection™, Dynamic Security for the Global Network™, SonicWALL Clean VPN™, SonicWALL Clean Wireless™, SonicWALL Global Response Intelligent Defense (GRID) Network™, SonicWALL Mobile Connect™, and all other SonicWALL product and service names and slogans are trademarks of Dell Inc. Microsoft Windows 7, Windows Server 2010, Internet Explorer, and Active Directory are trademarks or registered trademarks of Microsoft Corporation. Adobe, Acrobat, and Acrobat Reader are either registered trademarks or trademarks of Adobe Systems Incorporated in the U.S. and/or other countries. Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products. Dell disclaims any proprietary interest in the marks and names of others.

HES Administration Guide Updated - April 2015 Version - 8.1 232-002880-00 Rev. A

Legend

CAUTION: A CAUTION icon indicates potential damage to hardware or loss of data if instructions are not followed.

WARNING: A WARNING icon indicates a potential for property damage, personal injury, or death.

(3)

Part 1 Introduction

• Using This Guide

(8)

1

Using This Guide

About this Guide

Welcome to the Dell SonicWALL Hosted Email Security Administration Guide. This document provides detailed configuration procedures for the various features of the Dell SonicWALL Hosted Email Security product. For installation and set up instructions for your HES solution, refer to the Dell SonicWALL Hosted Email Security

Quick Start Guide.

For configuration information for your Hosted Email Security Junk Box, refer to the Dell SonicWALL Hosted

Email Security User Guide.

Navigate to http://suppport.software.dell.com/sonicwall-email-security/ for the latest version of this guide as well as other Dell SonicWALL products and services documentation.

Guide Conventions

The following conventions used in this guide are as follows: Table 1. Guide conventions

Convention Use

Bold Highlights dialog box, window, and screen names. Also highlights buttons. Also used for file names and text or values you are being instructed to type into the interface.

(9)

2

Pre-Configuration Tasks

This chapter provides pre-configuration information, such as purchasing and activating the Dell SonicWALL Hosted Email Security solution.

This chapter includes the following sections: • Initial configuration on page 7

• Activating the Hosted Email Security service on page 7 • Logging in on page 9

Initial configuration

To configure a Dell SonicWALL Hosted Email Security solution, you must have a computer that meets or exceeds the following requirements:

• An Internet connection

• A Web browser supporting Java Script and HTTP uploads. Refer to the following table for supported browsers:

Activating the Hosted Email Security

service

After purchasing the Dell SonicWALL Hosted Email Security service, you are then directed to the activation screen.

Table 1. HES Supported Browsers

Accepted Browsers Browser Number Version Internet Explorer 7.0 or higher

Firefox 3.0 or higher

Opera 9.10 or higher for Windows

Chrome 4.0 or higher

Safari 3.0 or higher for Mac OS X

(10)

Specify the following fields, then click Activate Services:

• Domain Name—The primary domain name that is associated with your Dell SonicWALL Hosted Email Security solution.

• Inbound Mail Server Host / IP Address—The IP address of the mail server hosting your user mailbox(es) for inbound messages.

• Outbound Mail Server Host / IP Address—The IP address provided during the provisioning stage of your Hosted Email Security solution. For example, if you registered the domain name

soniclab.us.snwlhosted.com, then the Outbound Mail Server Host will be soniclab.outbound.snwlhosted.com.

• Email Address / Login—The email address or login name associated with your Dell SonicWALL Hosted Email Security account.

• Password—The password associated with your Dell SonicWALL Hosted Email Security account. • Re-enter Password—The password you entered in the previous field.

• Data Center Location—Select the location of your Data Center. You are not able to change this option once it has been specified.

A message displays confirming successful activation and product registration. Click Go to HES Console to continue.

Adding MX records

After activating your Hosted Email Security service, you may receive a message to replace your current MX records settings for inbound email messages.

Mail eXchange (MX) records specify the delivery route for email messages sent to your newly specified Dell SonicWALL Hosted Email Security domain name.The Dell SonicWALL Data Center can then create an internal MX record so mail is correctly routed to the specified domain.

Multiple MX records are assigned to your domain name. Each MX record designates a priority to organize the way your domain’s mail servers receive incoming email messages; the lower the number, the higher the priority. You should always set back-up priority numbers in case the primary mail server fails or is down.

For example, a customer wishes to activate the domain name jumbo.com. Since the Dell SonicWALL Data Center hosts snwlhosted.com, the domain then becomes jumbo.com.snwlhosted.com. After an MX record is created, where the customer publishes jumbo.com MX jumbo.com.snwlhosted.com, Dell SonicWALL then publishes an A record: jumbo.com.snwlhosted.com A 173.240.21.100, where 173.240.21.100 is the IP address that Dell SonicWALL’s Hosted analyzers use to route emails sent to the jumbo.com domain. Dell SonicWALL publishes an A record for outbound messages: jumbo.com.outbound.snwlhosted.com A 173.240.21.200.

(11)

For more information regarding MX records, contact your ISP or refer to the Knowledge Base Article “Setting Up Your MX Record for Email Security Hosted Solution” located at:

https://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=9670

Logging in

(12)

Part 2 Configuring Hosted Email Security

Settings

(13)

3

Configuring System Settings

This chapter provides more detailed configuration procedures and additional system administration capabilities for the Dell SonicWALL Hosted Email Security system.

This chapter contains the following sections: • System > License Management on page 11 • System > Administration on page 13 • System > Network Architecture on page 14 • System > LDAP Configuration on page 17 • System > User View Setup on page 20 • System > Monitoring on page 22

System > License Management

The System > License Management page allows you to view current Security and Support Services for your Hosted Email Security solution. To see more regarding the information on the License Management page, log in to your hosted.mysonicwall.com account.

The following settings display on the License Management page:

• Serial Number—The serial number of your Hosted Email Security solution.

• Authentication Code—The code you entered upon purchasing/activating the Hosted Email Security solution.

• Model Number—Since there is no physical appliance for the Hosted Email Security solution, the model number is listed as Software.

See the following topics for more information: • Available security services on page 11 • License table on page 12

• License Keys on page 12

Available security services

Dell SonicWALL Hosted Email Security comes with several services that must be licensed separately. For maximum effectiveness, all services are recommended. The following services are available:

• Email Security—The standard license that comes with the service and enables basic components. This license allows the use of basic service features.

(14)

• Email Anti-Virus (McAfee and SonicWALL Time Zero)—Provides updates for McAfee anti-virus definitions and Dell SonicWALL Time Zero technology for immediate protection from new virus outbreaks.

• Email Anti-Virus (Kaspersky and SonicWALL Time Zero)—Provides updates for Kaspersky anti-virus definitions and Dell SonicWALL Time Zero technology for immediate protection from new virus outbreaks.

• Email Anti-Virus (SonicWALL Grid A/V and SonicWALL Time Zero)—Provides updates for Dell SonicWALL Grid anti-virus definitions and Dell SonicWALL Time Zero technology for immediate protection from new virus outbreaks.

• Email Compliance Subscription—Provides a license for compliance features, including pre-defined Dictionaries, Approval Boxes, and Record ID Definitions.

• Email Encryption Service—Provides access to the secure delivery of your email messages. With this service, the user can also customize policies and actions to have messages routed through the Encryption Service.

License table

The following table provides details about the different types of licenses:

License Keys

Once the product is registered with hosted.mysonicwall.com, the Hosted Email Security obtains the purchased licenses. The License Management page displays a summary of the credentials that were received and stored on the Hosted Email Security server.

The Refresh Licenses button is used to synchronize the state of the licenses on the server with the

hosted.mysonicwall.com website. Upon successfully synchronizing, the licenses will automatically update to those of your online account. This button is used to update the license status of your product manually.

Security Service Name of the Dell SonicWALL Hosted Email Security service. Status The status may be one of the following:

• Licensed - Services have a regular valid license.

• Free Trial - Service has been using the 14-day free trial license.

• Not licensed - Service has not been licensed, neither through a regular license nor through a free trial license.

• Perpetual - The Base Key license comes with the purchase of the product and is perpetual. Note that the Base Key is the only perpetual license.

Count Number of users to which the license applies. Expiration Expiration date of the service.

• Never - Indicates the license never expires.

• Date - A specific date on which the given service expires.

(15)

System > Administration

The System > Administration page allows you to make changes to the master account, password policy, invalid login policy, custom text for login, and quick configuration.

Hosted Email Security Master Account

The Hosted Email Security Master Account section allows you to change the master account username and password.

To change the password:

1 On the System > Administration page, navigate to the Email Security Master Account section. 2 The Username you originally registered with appears as the default Username.

3 Specify the Old Password. 4 Specify the New Password.

5 Type the same new password in the Confirm password field. 6 Click Apply Changes.

Miscellaneous

The Miscellaneous section allows you to Enable Support user to handle organization changes. Select the check box to enable this feature.

(16)

System > Network Architecture

The System > Network Architecture page allows you to configure both inbound and outbound capabilities for your Hosted Email Security server.

See the following topics for more information: • Server Configuration on page 14 • Spooling on page 16

Server Configuration

(17)

The following table explains the available settings on the Inbound mail server:

Click the Outbound tab to configure the outbound mail server.

Setting Description

Any source IP address is allowed to connect to this path, but relaying is only allowed for emails sent to one of these domains.

This field only displays the domain for emails to be relayed to. Note the default domain listed is the domain you initially activated for the Hosted Email Security solution. Navigate to the Users, Groups & Domains > Domains screen to configure Domain settings.

Your mail server host name or IP address. If multiple destination servers are provided, then emails will be routed using load balancing.

Enter the mail server host name or IP address. Note the default IP address is the address you initially activated for the Hosted Email Security solution. If multiple destination servers are provided, email will be routed using load balancing, in which you can also configure as either Round-robin or Fail-over.

Test Downstream: Click this button to test

connection to the specified mail server host name or address. A message displays, notifying you if the connection was successful or if the connection failed. Require the destination server to support StartTLS Select the check box to enable Transport Layer

(18)

The following table explains the available settings on the Outbound mail server:

Spooling

The Inbound Spooling feature available on the Hosted Email Security solution allows users to spool, or hold, mail when all the customer’s receivers are unavailable. Inbound mail is then delivered when the receivers become available. The Hosted Email Security solution normally operates as an SMTP proxy, relaying email directly to your downstream receiver. However, it can also be configured to spool email when all of your organization’s downstream receivers are unavailable.

When spooling is engaged, the proxy directs all good mail to the Hosted Email Security MTA for queuing and later delivery. When spooling is disengaged, the proxy resumes directly relaying mail to the receivers, and the MTA delivers the queued mail.

Choose the spooling option that best suits your needs:

• Never Spool Email—Select this option to never spool mail, regardless of the state of the downstream receivers. This is the default setting.

• Automatic Fallback—Select this option to spool mail if the downstream receivers unexpectedly go down or become unreachable. When configured to Automatic Fallback, spooling engages after the receiver farm has been unavailable for a period of time. Spooling then disengages when the receiver farm becomes available again.

• Always Spool Email—Select this option to leave the spooling feature engaged for all mail and to remain engaged until the mode is configured to Never Spool Email or Automatic Fallback. Note that manual spooling is intended for situations when the administrator knows the receivers will be down, such as a scheduled maintenance.

Setting Description

Relaying is allowed only for emails sent from one of these domains

This field only displays domain name(s) for emails to be relayed to. Note the default domain listed is the domain you initially activated for the Hosted Email Security solution. Navigate to the Users, Groups & Domains > Domains screen to configure Domain settings.

Only these IP addresses/FQDNs can connect and relay through this path

Enter the server name or IP address t connect and relay with. Test Upstream: Click this button to test connection to the specified server name or address. A message displays, notifying you if the connection was successful or if it failed.

Require the destination server to

support StartTLS Select the check box to enable Transport Layer Security (TLS) encryption. Click the Configure StartTLS button to configure settings.

(19)

System > LDAP Configuration

See the following topics for more information: • LDAP Overview on page 17

• Configuring LDAP on page 17

• Using the LDAP Query Panel on page 18 • Add LDAP Mappings on page 19

LDAP Overview

Dell SonicWALL Hosted Email Security uses Lightweight Directory Access Protocol (LDAP) to integrate with your organization’s email environment. LDAP is an Internet protocol that email programs use to look up users’ contact information from a server. As users and email distribution lists are defined in your mail server, this information is automatically reflected in Hosted Email Security in real time.

Many enterprise networks use directory servers like Active Directory or Lotus Domino to manage user information. These directory servers support LDAP, and Hosted Email Security can automatically get user information from these directories using the LDAP. You can run Dell SonicWALL Hosted Email Security without access to an LDAP server as well. If your organization does not use a directory server, users cannot access their Junk Boxes, and all inbound email is managed by the message-management settings defined by the

administrator.

Dell SonicWALL Hosted Email Security uses the following data from your mail environment: • Login Name and Password

When a user attempts to log into the Hosted Email Security server, their login name and password are verified against the mail server using LDAP authentication. Therefore, changes made to the usernames and passwords are automatically uploaded to Dell SonicWALL Hosted Email Security in real time. • Multiple Email Aliases

If your organization allows users to have multiple email aliases, Hosted Email Security ensures any individual settings defined for the user extends to all the user’s email aliases. This means that junk sent to those aliases aggregates into the same folder.

• Email Groups or Distribution Lists

Email groups or distribution lists in your organization are imported into Dell SonicWALL Hosted Email Security. You can manage the settings for the distribution list in the same way as a user’s settings. LDAP groups allow you to assign roles to user groups and set spam-blocking options for user groups.

Configuring LDAP

Navigate to the System > LDAP Configuration screen to configure your Hosted Email Security solution for username and password authentication for all employees in the enterprise.

Dell SonicWALL recommends completing the LDAP configuration to get the complete list of users who are allowed to login to their Junk Box. If a user does not appear in the User list in the User & Group screen, their email will be filtered, but they cannot view their personal Junk Box or change default message management settings.

Enter the server information and login information to test the connection to the LDAP server. To configure LDAP:

(20)

2 The following check boxes appear under the Settings section:

• Show Enhanced LDAP Mappings fields—Select this option for Enhanced LDAP, or LDAP Redundancy. You will have to specify the Secondary Server IP address and Port number.

• Auto-fill LDAP Query fields when saving configurations—Select this option to automatically fill the LDAP Query fields upon saving.

3 Enter the following information under the LDAP Server Configuration section: • Friendly Name—The friendly name for your LDAP server.

• Primary Server Name or IP address—The DNS name or IP address of your LDAP server. • Port number—The TCP port running the LDAP service. The default LDAP port is 389. • LDAP server type—Choose the appropriate type of LDAP server from the drop down list. • LDAP page size—Specify the maximum page size to be queried. The default size is 100. • Requires SSL—Select this check box if your server requires a secured connection.

• Allow LDAP referrals—Leaving this option unchecked will disable LDAP referrals and speed up logins. You may select this option if your organization has multiple LDAP servers in which the LDAP server can delegate parts of a request for information to other LDAP servers that may have more information.

4 In the Authentication Method section, specify if the LDAP login method for your server is by Anonymous Bind or Login. Specify the Login name and Password. This may be a regular user on the network, and typically does not have to be a network administrator.

5 Click the Test LDAP Login button.

A successful test indicates a simple connection was made to the LDAP server. If you are using anonymous bind access, be aware that even if the connection is successful, anonymous bind privileges might not be high enough to retrieve the data required by Dell SonicWALL Hosted Email Security.

6 Click Save Changes.

Using the LDAP Query Panel

To access the LDAP Query Panel settings window, click the Friendly Name link or the Edit button of the server you wish to configure. If the Auto-fill LDAP Query Fields check box is selected in the Settings section, the following fields will be automatically filled in with default values after the basic configuration steps are completed.

Configuring Query Information for LDAP Users

1 Enter values for the following fields:

• Directory node to begin search—The node of the LDAP directory to start a search for users. (Configuration checklist parameter Q).

• Filter—The LDAP filter used to retrieve users from the directory.

• User login name attribute—The LDAP attribute that corresponds to the user ID. • Email alias attribute—The LDAP attribute that corresponds to email aliases.

• Use SMTP addresses only—Select the check box to enable the use of SMTP addresses. 2 Click the Test User Query button to verify that the configuration is correct.

(21)

3 Click Save Changes to save and apply all changes made.

Add LDAP Mappings

On some LDAP servers, such as Lotus Domino, some valid addresses do not appear in LDAP. Use this section with LDAP servers that only store the “local” or “user” portion of the email addresses. Click the View Rules button. The LDAP Mappings screen displays:

This panel provides a way to add additional mappings from one domain to another. For example, a mapping could be added that would ensure emails addressed to [email protected] are sent to [email protected]. It also provides a way of substituting single characters in email addresses. For example, a substitution could be created that would replace all the spaces to the left of the "@" sign in an email address with a "-". In this example, email addressed to Casey [email protected] would be sent to [email protected].

To add LDAP Mappings:

1 Click the Friendly Name link or the Edit button of the server you wish to configure. 2 Scroll to the Add LDAP Mappings section, and click View Rules.

3 From the first drop down list, choose one of the following:

• Domain is—Choose this option to add additional mappings from one domain to another. • Replace with—Choose this option from the second drop down menu to replace the domain. • Also add—Choose this option from the second drop down menu, then when first domain is found,

the second domain is added to the list of valid domains. For example, if “engr.corp.com” is the first domain and “sales.corps.com” is the second, then when the domain “engr.corp.com” is found in the list of valid LDAP domains, then “sales.corps.com” is also added to that list. • Left hand side character is—Choose this option to add character substitution mappings. • Replace with—Choose this option from the second drop down menu to replace all characters to

the left of the "@" sign in the email address.

• Also add—Choose this option from the second drop down menu to add a second email address to the list of valid email addresses.

4 Click the Add Mapping button.

NOTE: Click the Auto-fill User Fields button to have Dell SonicWALL Hosted Email Security automatically complete the remainder of this section.

NOTE: This feature does not make changes to your LDAP system or rewrite any email addresses; it makes changes to the way Hosted Email Security interprets certain email addresses.

(22)

System > User View Setup

Configure how the end-users of the Dell SonicWALL Hosted Email Security solution access the system and what capabilities of the solution are exposed to the end users on the System > User View Setup page.

To configure User View Setup settings:

1 Select which items appear in the User Navigation Toolbar:

• Select the Login enabled check box to allow users to log into Hosted Email Security and have access to their per-user Junk Box. If you disable this, mail is still analyzed and quarantined, but users will not have access to their Junk Box.

• Select the Anti-Spam check box to include the user-configurable options available for blocking spam emails. Users can customize the categories People, Companies, and Lists into their personal Allowed and Blocked lists. You can choose to grant users full control over these settings by selecting the Full user control over anti-spam aggressiveness settings check box, or force them to accept the corporate aggressiveness defaults by not selecting this check box.

• Select the Reports check box to provide junk email blocking information about your organization. Even if this option is selected, users may view only a small subset of the reports available to administrators.

(23)

• Select the Allow audit view to Helpdesk users check box to enable access to the audit view for Helpdesk users.

2 Determine the User Download Settings:

• With the Allow users to download SonicWALL Junk Button for Outlook check box selected, users will be able to download the Hosted Email Security Junk Button for Outlook. The Junk Button is a lightweight plugin for Microsoft Outlook. It allows users to mark emails they receive as junk, but does not filter email.

• With the Allow users to download SonicWALL Anti-Spam Desktop for Outlook and Outlook Express check box selected, users will be able to download the Anti-Spam Desktop. Anti-Spam Desktop is a plug-in for Microsoft Outlook and Outlook Express that filters spam and allows users to mark emails they receive as junk or good email.

• With the Allow users to Download SonicWALL Secure Mail Outlook plugin check box selected, users will be able to download the Secure Mail plugin for Microsoft Outlook. The Secure Mail button allows users to send mail securely through the Encryption Service. See Using the Encryption Service on page 67 for more information about this feature.

3 Determine the settings for Quarantined Junk Mail Preview Settings:

• Select the Users can preview their own quarantined junk mail check box to enable users to view their individual mail that is junked.

• Choose the other types of users can preview quarantined junk mail. These roles are configured within Hosted Email Security.

4 Determine the Reports view settings:

(24)

System > Monitoring

The System > Monitoring screen allows you to configure system monitoring settings and alerts. Note that some of these fields may be pre-defined based on the information provided upon initial setup of the Dell SonicWALL Hosted Email Security solution.

• Configure System Monitoring on page 22 • Viewing Alerts on page 22

Configure System Monitoring

The following settings are available for configuration:

• Email address of the administrator who receives emergency alerts—The email address of the mail server administrator. Enter the complete email address. For example, [email protected].

• Name or IP address of backup SMTP servers—Enter the name or IP address of one or more SMTP servers that can be used as fallback servers to send alerts to if the configured downstream email server(s) cannot be contacted. For example, mail2.example.com or 10.100.0.1.

• Customized Signature—Enter a signature to append at the end of your email messages. • Subscribe to alerts—Select the check box to receive alerts.

• View Alerts—Click this button to view all configured alerts. See Viewing Alerts on page 22 for more information.

• Test Fallbacks—Click this button to test the name or IP address(es) listed as backup SMTP servers.

Viewing Alerts

(25)

Alerts in Hosted Email Security provide the following details: • A time stamp

• In local time • In GMT

• The severity of the alert, which is one of the following: • Info

• Warning • Critical

• The domain of which the alert applies • A summary of the alert

(26)

4

Configuring Anti-Spoofing

This chapter provides an overview and configuration information specific to the Anti-Spoofing feature for Dell SonicWALL Hosted Email Security.

This chapter contains the following sections: • Anti-Spoofing Overview on page 24

• Enabling Inbound SPF Validation on page 24 • Configuring Inbound DKIM Settings on page 26 • Configuring Inbound DMARC Settings on page 28 • Outbound DKIM Settings on page 30

Anti-Spoofing Overview

The Anti-Spoofing page on your Dell SonicWALL Hosted Email Security solution allows you to enable and configure settings to prevent illegitimate messages from entering your organization. Spoofing consists of an attacker forging the source IP address of a message, making it seem like the message came from a trusted host. By configuring SPF, DKIM, and DMARC settings, your Hosted Email Security solution will run the proper validation and enforcement methods on all incoming messages to your organization.

The Anti-Spoofing page works in an order of precedence, where rules set at the top of the page are of a lower priority than rules set towards the bottom of the page. In general, a message will be subjected to SPF, DKIM, and DMARC if all are enabled. The results from DKIM validation will take precedence over the results from SPF validation, and DMARC validation results will take precedence over DKIM validation results.

Enabling Inbound SPF Validation

The Anti-Spoofing > Inbound tab features SPF validation for inbound email messages. Sender Policy Framework (SPF) is an email validation system designed to prevent email spam by detecting email spoofing by verifying the sender IP addresses. SPF records, which are published in the DNS records, contain descriptions of the attributes of valid IP addresses. SPF is then able to validate against these records if a mail message is sent from an authorized source. If a message does not originate from an authorized source, the message ‘fails.’ You can configure the actions against messages that ‘fail.’

There are two types of SPF fails:

• SPF HardFail—The SPF has designated the host as NOT being allowed to send messages and does not allow messages through to the recipient. See SPF Hard Fail on page 25 for more information.

• SPF SoftFail—The SPF record has designated the host as NOT being allowed through to the recipient.See SPF Soft Fail on page 26 for more information.

See the following topics for more information: • Configuring SPF Settings on page 25 • SPF Hard Fail on page 25

(27)

Configuring SPF Settings

To enable SPF, click the Enable SPF validation for incoming messages check box.

SPF Hard Fail

With SPF Validation enabled for incoming messages, you can configure the following SPF Hard Fail settings: • Ignore allow lists—When a SPF hard fail occurs, mail messages from senders in the Allow list are not sent

through to the recipient. This feature is enabled by default.

• Action for messages marked as SPF Hard Fail—Select one of the following actions for messages marked as SPF Hard Fail:

• No Action—No action is taken against messages marked as SPF hard fail.

• Permanently delete—Messages marked as SPF hard fail are permanently deleted.

• Reject with SMTP error code 550—Messages marked as SPF hard fail are rejected with an SMTP error code 550.

• Store in Junk Box—Messages marked as SPF hard fail are stored in the Junk Box. This is the recommended setting for most configurations.

• Send to [field]—Messages marked as SPF hard fail are sent to the user specified in the available field. For example, you can send to [postmaster].

• Tag with [field] added to the subject—Messages marked as SPF hard fail are tagged with a term in the subject line. For example, you may tag the messages [SPF Hard Failed].

(28)

EMSJudgedThisEmail” with value “spfhard” results in the email header as: “X-EMSJudgedThisEmail:spfhard”.

• Add Domain—Click this button to add a domain and configure SPF hard fail-specific settings for that domain.

SPF Soft Fail

With SPF Validation enabled for incoming messages, you can configure the following SPF Soft Fail setting: • Ignore allow lists—When a SPF soft fail occurs, mail messages from senders in the Allow list are not sent

through to the recipient. This feature is enabled by default.

Configuring Inbound DKIM Settings

Domain Keys Identified Mail (DKIM) uses a secure digital signature to verify that the sender of a message is who it claims to be and that the contents of the message have not been altered in transit. A valid DKIM signature is a strong indicator of a message’s authenticity, while an invalid DKIM signature is a strong indicator that the sender is attempting to fake his identity. For some commonly phished domains, the absence of a DKIM signature can also be a strong indicator that the message is fraudulent. Users benefit from DKIM because it verifies legitimate messages and prevents against phishing. Remember that DKIM does not prevent spam - proper measures should still be taken against fraudulent content.

(29)

With DKIM validation enabled for incoming messages, you can configure the following settings:

• Ignore allow lists—When a DKIM Failure occurs, mail messages from senders in the Allow list are not sent through to the recipient. This feature is enabled by default.

• Action for messages marked as DKIM signature failed—Select one of the following actions for messages marked as DKIM signature failed:

• No Action—No action is taken against messages marked as DKIM signature failed.

• Permanently delete—Messages marked as DKIM signature failed are permanently deleted. • Reject with SMTP error code 550—Messages marked as DKIM signature failed are rejected with

an SMTP error code 550.

• Store in Junk Box—Messages marked as DKIM signature failed are stored in the Junk Box. This is the recommended setting for most configurations.

• Send to [field]—Messages marked as DKIM signature failed are sent to the user specified in the available field. For example, you can send to [postmaster].

• Tag with [field] added to the subject—Messages marked as DKIM signature failed are tagged with a term in the subject line. For example, you may tag the messages [DKIM Failed].

• Add X-Header: X-[field]:[field]—Messages marked as DKIM signature failed add an X-Header to the email with the key and value specified to the email message. The first text field defines the X-Header. The second text field is the value of the X-Header. For example, a header of type EMSJudgedThisEmail” with value “dkim” results in the email header as:

“X-EMSJudgedThisEmail:dkim”.

• Add Domain—Click to add a domain and configure DKIM fail-specific settings for that domain. The following settings are configurable:

• Domains—List the domains to add, separating multiple domains with a comma.

• Ignore allow lists—When a SPF hard fail occurs, mail messages from senders in the Allow list are not sent through to the recipient. This feature is enabled by default.

• Action for messages marked as DKIM signature failed—Select one of the following actions for messages marked as DKIM signature failed:

• No Action—No action is taken against messages marked as DKIM fail.

• Permanently delete—Messages marked as DKIM fail are permanently deleted.

(30)

• Store in Junk Box—Messages marked as DKIM fail are stored in the Junk Box. This is the recommended setting for most configurations.

• Send to [field]—Messages marked as DKIM fail are sent to the user specified in the available field. For example, you can send to [postmaster].

• Tag with [field] added to the subject—Messages marked as DKIM fail are tagged with a term in the subject line. For example, you may tag the messages [DKIMFailed].

• Add X-Header: X-[field]:[field]—Messages marked as DKIM failed add an X-Header to the email with the key and value specified to the email message. The first text field defines the X-Header. The second text field is the value of the X-Header. For example, a header of type

EMSJudgedThisEmail” with value “dkim” results in the email header as: “X-EMSJudgedThisEmail:dkim”.

• Domain required to have DKIM signature—By default, this feature is enabled, which requires a DKIM signature for messages sent to the domain being added.

Configuring Inbound DMARC Settings

Domain-based Message Authentication, Reporting & Conformance (DMARC) is a policy that works in tandem with SPF and DKIM to fully authenticate incoming and outgoing email messages. A DMARC policy allows a sender to indicate that his emails are protected by SPF and/or DKIM, and also tells a receiver what to do if neither of those authentication methods passes, such as junk or reject the message.

To configure DMARC settings:

1 Navigate to the Anti-Spoofing > Inbound page.

2 Click the Enable DMARC judgement for incoming messages check box.

3 Click the Enable DMARC Policy Enforcement for incoming messages check box.

4 Exclude these sender domains—Enter any sender domains (for example, sonicwall.com or gmail.com) you want excluded from DMARC policy enforcement in the space provided. Multiple domains can be entered, separated by a comma.

5 Enable DMARC Outgoing Reports—By default, this feature is enabled when the “Enable DMARC” check box is also enabled. Select the check box to disable the sending of DMARC reports to outside domains. Once DMARC is enabled, outgoing reports are automatically sent. The following settings can be configured if you are attempting to override reporting attributes for a specific domain:

• Domain—Enter the domain name to send DMARC reports to. You have the option of using ‘*’ as a value for the domain field. A few considerations:

(31)

• A configuration created with the domain name * will be considered the default domain. • If the domain is not provided, DMARC will use configuration settings from the * domain. • If no * domain is added, then a hard-coded default value, such as postmaster@domain, will be

used as the Sender ID.

• Override DNS RUA Email Address—Click the check box to override reports being sent to the RUA email address specified in the DNS record. An example from the DNS record is

‘rua=mailto:[email protected]’.

• RUA Email Address—If you selected the Override DNS RUA Email Address, specify the RUA Email Address you would like the reports sent to.

DMARC Incoming Reports

You can configure DMARC Incoming Report settings by clicking the Add Domain button in the DMARC Incoming Reports Settings section. DMARC Incoming Reports will be collected and processed only for the domains added. In the Add Domain window that displays, enter the following information:

• Domain—Enter the domain name to add for DMARC incoming reports.

• Override DNS RUA Email Address—Click the check box to override reports being sent to the RUA email address specified in the DNS record. An example from the DNS record is

‘rua=mailto:[email protected]’.

• RUA Email Address—If you selected the Override DNS RUA Email Address, specify the RUA Email Address to which the reports are being sent.

NOTE: The RUA is the aggregated report for domains with published domain records. Reports are sent daily.

(32)

Outbound DKIM Settings

See the following topics:

• Configuring Outbound DKIM Settings on page 30 • Generating DNS Record on page 31

• Using Outbound DKIM Settings on page 31

Configuring Outbound DKIM Settings

Navigate to the Anti-Spoofing > Outbound tab to configure outbound DKIM settings.

To configure DKIM signature settings, click the Add Configuration button. The DKIM Outbound Configuration page displays:

Configure the following settings: • Domain—Enter the domain name.

• Identity of Signer—Enter an identity of the signer. Click the Same as domain check box to use the specified Domain name as the Identity of Signer.

(33)

• List of Header fields for Signing—Click the Sign all standard headers button to include all headers, or specify the headers in the designated field. Separate multiple headers with a colon (for example, “from:to:subject”).

• Generate Key Pair—Specify the Key Size from the values in the drop down list, then click the Generate Key Pair button. Copy and paste the Public Key into your DNS record. The Private Key is simply for your own reference and should be stored on your local machine.

• Import existing public-private key pair—Select this option to upload an existing public-private key pair. • Click the Browse button on the Upload Public key field to upload a Public key for DKIM signing. • Click the Browse button on the Upload Private key field to upload a Private key for DKIM signing. • Enter the Passphrase for the Private key in alphanumeric characters only. If a Private key is

uploaded in plain text without a passphrase, a default passphrase will be used to encrypt the Private key.

Click the Save button to finish. The signature will be added to the DKIM Signature Configurations list.

Generating DNS Record

Once a domain has been successfully added to the Outbound DKIM Settings tab, you can generate a DNS Record. Under the DNS Record column for the domain you want to generate a record for, click the Generate button.

The Generate DNS Record page displays with the following settings:

• Domain—This field auto-populates with the Domain you entered when adding a new configuration. This field cannot be edited.

• Selector—This field auto-populates with the Selector you entered when adding a new configuration. This field cannot be edited.

• Public Key—This field populates with the Public Key for your DNS record. You can copy and paste from this field.

• Domain is testing DKIM—Select the check box to enable testing DKIM for this domain.

• Subdomains required to have their own DKIM keys—Select the check box to enable the requirement for all subdomains to have their own DKIM keys.

Click the Generate DNS Record button to save the settings and generate your DNS record.

Using Outbound DKIM Settings

The Settings column of each domain listed in the Outbound DKIM Signature Configurations list has the following icons:

(34)

• Download—Click this icon to download the Public Key for this DKIM Signature.

(35)

5

Configuring Anti-Spam

This chapter provides an overview and configuration information specific to the Anti-Spam feature for Dell SonicWALL Hosted Email Security. This chapter contains the following sections:

• Identifying Spam on page 33

• Anti-Spam > Spam Management on page 34 • Anti-Spam > Address Books on page 36

• Anti-Spam > Anti-Spam Aggressiveness on page 39 • Anti-Spam > Languages on page 41

Identifying Spam

Hosted Email Security uses multiple methods of detecting spam and other unwanted email. These include using specific Allowed and Blocked lists of people, domains, and mailing lists, patterns created by studying what other users mark as junk mail, and the ability to enable third-party blocked lists.

Administrators can define multiple methods of identifying spam for your organization; users can specify their individual preferences to a lesser extent. In addition, Hosted Email Security provides updated lists and collaborative thumbprints to aid in identifying spam and junk messages.

When an email comes in, the sender of the email is checked against the various allowed and blocked lists first, starting with the corporate list, then the recipient’s list, and finally the Hosted Email Security-provided lists. If a specific sender is on the corporate blocked list but that same sender is on a user’s allowed list, the message is blocked, as the corporate settings are a higher priority than a user’s.

More detailed lists take precedence over the more general lists. For example, if a message is received from [email protected] and your organization’s Blocked list includes domain.com but a user’s Allowed list contains the specific email address [email protected], the message is not blocked because the sender’s full address is in an Allowed list.

(36)

Anti-Spam > Spam Management

Use the Anti-Spam > Spam Management window to select options for dealing with definite spam and likely spam. The default setting for definite spam and likely spam will quarantine the message in the user’s junk box.

To manage messages marked as definite spam or likely spam:

1 Choose one of the following responses for messages marked as Definite Spam and Likely Spam:

Response Effect

No Action No action is taken for messages.

Permanently Delete The email message is permanently deleted.

CAUTION: If you select this option, your organization risks losing wanted email. Deleted email cannot be retrieved. Reject with SMTP error code 550 The message is rejected and responds with a 550 error code,

which indicates the user’s mailbox was unavailable (for example, not found or rejected for policy reasons).

Store in Junk Box (default setting)

The email message is stored in the Junk Box. It can be unjunked by users and administrators with appropriate permissions. This option is the recommended setting.

Send To Forward the email message for review to the specified email

(37)

2 Select the Accept Automated Allowed List check box to allow automated lists that are created by User Profiles to prevent spam. With this feature enabled, User Profiles analyze the recipients of emails from members of your organization and automatically added them to Allowed Lists. This helps reduce the false positives, which are good email messages judged as junk. This feature can be configured globally, for particular groups, or for specific users. Dell SonicWALL recommends enabling this feature.

3 Select the Skip spam analysis for internal email check box to exclude internal emails from spam analysis, resulting in a reduced amount of false positives. If you are routing internal mail through the Hosted Email Security product, Dell SonicWALL recommends that you enable this feature.

4 Select the Allow users to delete junk email check box to allow users to control the delete button on individual junk boxes.

5 Click Apply Changes to save.

Tag With The email is tagged with a term in the subject line, for example [SPAM]. Selecting this option allows the user to have control of the email and can junk it if it is unwanted.

Add X-Header This option adds an X-Header to the email with the key and value specified to the email message. The first text field defines the X-Header. The second text field is the value of the X-X-Header. For example, a header of type “X-EMSJudgedThisEmail” with value “DefiniteSpam” results in the email header as:  “X-EMSJudgedThisEmail:DefiniteSpam”

NOTE: If this check box is unchecked in the Corporate, Group, or User windows, User Profiles have no effect.

NOTE: Leave this check box unselected if you have an extended away / out of the office message turned on so that your auto-reply does not automatically place all recipients on your Allowed list.

(38)

Anti-Spam > Address Books

The Anti-Spam > Address Books page enables you to allow or block people, companies, mailing lists or IP addresses from sending you email. The page shows a compilation of allowed and blocked senders from your organization’s lists and lists provided by default.

If you attempt to add your own email address or your organization’s domain, Dell SonicWALL Hosted Email Security will display a warning. A user’s email address is not automatically added to the allowed list because spammers sometimes use a recipient’s own email address. Leaving the address off the allowed list does not prevent users from emailing themselves, but their emails are evaluated to determine if they are junk.

See the following topics:

• Using the Search Field on page 36

• Adding People, Companies, Lists, or IPs on page 36 • Deleting People, Companies, Lists, or IPs on page 37 • Import Address Book on page 37

Using the Search Field

To search for an address, enter all or part of the email address in the Search field. For example, entering sale displays [email protected] as well as [email protected]. Narrow your search by selecting the People, Companies, Lists, or IPs check box(es) below the Search field. Click Go to perform the search.

Adding People, Companies, Lists, or IPs

To add People, Companies, Lists, or IPs to the Allowed or Blocked lists: 1 From the Anti-Spam > Address Books page, click the Allowed or Blocked tab. 2 Click the Add button.

(39)

When adding addresses, consider the following:

• You cannot put an address in both the Allowed and Blocked list simultaneously. If you add an address in one list that already exists on the other, it is removed from the first one.

• Hosted Email Security will warn you if you attempt to add your own email address or your own organization.

• Email addresses are not case-sensitive; Hosted Email Security converts the address to lowercase. • You can allow and block email messages from entire domains. If you do business with certain domains

regularly, you can add the domain to the Allowed list; Hosted Email Security allows all users from that domain to send email. Similarly, if you have a domain you want to block, enter it here and all users from that domain are blocked.

• Hosted Email Security does not support adding top-level domain names such as .gov or .abc to the Allowed and Blocked lists.

• Mailing list email messages are handled differently than individuals and domains because Hosted Email Security looks at the recipient’s address rather than the sender’s. Because many mailing list messages appear spam-like, entering mailing list addresses prevents misclassified messages.

Deleting People, Companies, Lists, or IPs

To delete people, companies, lists, or IPs from your Address Books: 1 From the Anti-Spam > Address Books page, click the Allowed or Blocked tab. 2 Select the check box next to the address(es) you want to delete.

3 Click the Delete button.

Import Address Book

You can also import an address book of multiple addresses. Note that users and secondary domains should be added prior to importing their respective address books.

The Address Book file for import must follow specific formatting to ensure successful importing: • <TAB> delimiter between data

• <CR> to separate entries

Each address book entry must include each of the following: • Identifier—Specified as <email address / primary domain> • Domain / List / Email—Specified as D / L / E

(40)

• Address List—Specified as [email protected], example.com See the following examples:

EmailID<TAB>E<TAB>A<TAB>[email protected],[email protected]<CR> Domain<TAB>L<TAB>B<TAB>[email protected],[email protected]<CR>

To import Address Books:

1 From the Anti-Spam > Address Books page, click the Import button on either the Allowed or Blocked tabs.

(41)

Anti-Spam > Anti-Spam Aggressiveness

The Anti-Spam > Anti-Spam Aggressiveness page allows you to tailor the Dell SonicWALL Hosted Email Security product to your organization’s preferences. Configuring this window is optional.

Dell SonicWALL Hosted Email Security recommends using the default setting of Medium unless you require different settings for specific types of spam blocking. This section includes the following subsections:

• Configuring GRID Network Aggressiveness on page 39

• Configuring Adversarial Bayesian Aggressiveness Settings on page 39 • Unjunking Spam on page 40

• Determining Amounts and Types of Spam on page 40

Configuring GRID Network Aggressiveness

The GRID Network Aggressiveness technique determines the degree to which you want to use the collaborative database. Hosted Email Security maintains a database of junk mail identified by the entire user community. You can customize the level of community input on your corporate spam blocking. Selecting a stronger setting makes Hosted Email Security more likely more responsive to other users who mark a message as spam. Use the following settings to specify how stringently Hosted Email Security evaluates messages:

• If you choose Mildest, you will receive a large amount of questionable email in your mailbox. This is the lightest level of Anti-Spam Aggressiveness.

• If you choose Mild, you are likely to receive more questionable email in your mailbox and receive less email in the Junk Box. This can cause you to spend more time weeding through unwanted email from your personal mailbox.

• If you choose Medium, you accept Hosted Email Security’s spam-blocking evaluation.

• If you choose Strong, Hosted Email Security rules out greater amounts of spam for you. This can create a slightly higher probability of good email messages in your Junk Box.

• If you choose Strongest, Hosted Email Security heavily filters out spam. This creates an even higher probability of good email messages in your Junk Box.

Configuring Adversarial Bayesian Aggressiveness

Settings

The Adversarial Bayesian technique refers to Dell SonicWALL Hosted Email Security’s statistical engine that analyzes messages for many of the spam characteristics. This is the high-level setting for the Rules portion of spam blocking and lets you choose where you want to be in the continuum of choice and volume of email. This setting determines the threshold for how likely an email message is to be identified as junk email.

Use the following settings to specify how stringently Dell SonicWALL Hosted Email Security evaluates messages: • If you choose Mildest, you will receive a large amount of questionable email in your mailbox. This is the

lightest level of Anti-Spam Aggressiveness.

• If you choose Mild, you are likely to receive more questionable email in your mailbox and receive less email in the Junk Box. This can cause you to spend more time weeding through unwanted email from your personal mailbox.

• If you choose Medium, you accept Hosted Email Security’s spam-blocking evaluation.

• If you choose Strong, Hosted Email Security rules out greater amounts of spam for you. This can create a slightly higher probability of good email messages in your Junk Box.

(42)

Unjunking Spam

Select the Allow users to unjunk spam check box if you want to enable users to unjunk spam messages. If left unchecked, users cannot unjunk spam messages.

Determining Amounts and Types of Spam

You can determine how aggressively to block particular types of spam, including sexual content, offensive language, get rich quick, gambling, advertisements, and images.

For each of the aforementioned types of spam:

• Choose Mildest to be able to view most of the emails that contain terms that relate to these topics. • Choose Mild to be able to view email that contains terms that relate to these topics.

• Choose Medium to cause Hosted Email Security to tag this email as likely junk. • Choose Strong to make it more likely that email with this content is junked. • Choose Strongest to make it certain that email with this content is junked.

(43)

Anti-Spam > Languages

From the Anti-Spam > Languages page, you can allow, block, or enter no opinion on email messages in various languages. If you select No opinion, Hosted Email Security judges the content of the email message based on the modules that are installed. After configuring Language settings, click the Apply Changes button.

(44)

6

Configuring Anti-Phishing

The Anti-Phishing page allows you to protect your organization from email messages with fraudulent content, intended to steal consumers’ personal identity data and financial account credentials.

This chapter contains the following sections: • Anti-Phishing Overview on page 42 • Configuring Phishing Protection on page 43

Anti-Phishing Overview

There are two audiences for fraud:

• Consumer phishers try to con users into revealing personal information such as social security numbers, bank account information, credit card numbers, and driver’s license identification. This is known as identity theft. Recouping from having a phisher steal your identity can take many hours and can cost consumers many dollars. Being phished can bring your life to a virtual standstill as you contact credit card companies, banks, state agencies, and others to regain your identity.

• Enterprise phishers attempt to trick users into revealing the organization’s confidential information. This can cost thousands of executive and legal team hours and dollars. An organization’s electronic-information life can stop abruptly if hackers deny services, disrupt email, or infiltrate sensitive databases.

Phishing aimed at the IT group in the organization can take the following forms:

• Email that appears to be from an enterprise service provider, such as a DNS server, can cause your organization’s network to virtually disappear from the Web.

• Hacking into your Website can cause it to be shut down, altered, or defaced.

• Email might request passwords to highly sensitive databases, such as Human Resources or strategic marketing information. The email might take the form of bogus preventive maintenance.

• Other information inside the organization’s firewall, such as Directory Harvest Attacks (DHA) to monitor your users.

Phishing can also take the form of malicious hackers spoofing your organization. Email is sent that appears to come from your organization can damage your community image and hurt your customers in the following ways:

• Spoofed email can ask customers to confirm their personal information.

(45)

Configuring Phishing Protection

To configure the Hosted Email Security solution for phishing: 1 Navigate to the Anti-Phishing page of your Hosted Email Security

solution.

2 Click the radio button to choose which action to take for messages identified as Definite Phishing. For more information about available actions, see the following table:

Response Effect

No Action No action is taken for messages.

Permanently Delete The email message is permanently deleted.

CAUTION: If you select this option, your organization risks losing wanted email. Deleted email cannot be retrieved. Reject with SMTP error code 550 The message is rejected and responds with a 550 error code,

which indicates the user’s mailbox was unavailable (for example, not found or rejected for policy reasons).

Store in Junk Box (default setting)

The email message is stored in the Junk Box. It can be unjunked by users and administrators with appropriate permissions. This option is the recommended setting.

Send To Forward the email message for review to the specified email

Dell SonicWALL Hosted Security. Administration Guide

Contents

Part 1

Introduction

• Using This Guide

1

Using This Guide

About this Guide

Guide Conventions

2

Pre-Configuration Tasks

Initial configuration

Activating the Hosted Email Security

service

Adding MX records

Logging in

Part 2

Configuring Hosted Email Security

Settings

3

Configuring System Settings

System > License Management

Available security services

License table

License Keys

System > Administration

Hosted Email Security Master Account

Miscellaneous

System > Network Architecture

Server Configuration

Spooling

System > LDAP Configuration

LDAP Overview

Configuring LDAP

Using the LDAP Query Panel

Configuring Query Information for LDAP Users

Add LDAP Mappings

System > User View Setup

System > Monitoring

Configure System Monitoring

Viewing Alerts

4

Configuring Anti-Spoofing

Anti-Spoofing Overview

Enabling Inbound SPF Validation

Configuring SPF Settings

SPF Hard Fail

SPF Soft Fail

Configuring Inbound DKIM Settings

Configuring Inbound DMARC Settings

DMARC Incoming Reports

Outbound DKIM Settings

Configuring Outbound DKIM Settings

Generating DNS Record

Using Outbound DKIM Settings

5

Configuring Anti-Spam

Identifying Spam

Anti-Spam > Spam Management

Anti-Spam > Address Books

Using the Search Field

Adding People, Companies, Lists, or IPs

Deleting People, Companies, Lists, or IPs

Import Address Book

Anti-Spam > Anti-Spam Aggressiveness

Configuring GRID Network Aggressiveness

Configuring Adversarial Bayesian Aggressiveness

Settings

Unjunking Spam

Determining Amounts and Types of Spam

Anti-Spam > Languages

6

Configuring Anti-Phishing

Anti-Phishing Overview

Configuring Phishing Protection