Email Protection

Zoho eProtect has a spam control system that provides multiple options to customize the email protection settings to suit your organization's needs. You can customize the actions to be taken on unverified emails, set up allowed or blocked lists, define the quarantine controls for outgoing and incoming emails, and so much more.

Table of Contents

Anti-Spam in Zoho eProtect

Spam Processing

The Spam Processing settings get configured when you set up your organization in Zoho eProtect. However, you can customize the settings that best suit your organization's requirements at any point of time from the Email Protection section. Follow these steps to modify the Spam processing settings:

  1. Log in to Zoho eProtect and select Email Protection on the left pane.
  2. Navigate to Anti-spam and select Spam Processing. The configuration you chose while setting up your organization appears.
    spam processing in eProtect
  3. Select the type of spam processing that you want to set up:
    • Add header and forward - eProtect updates the email header with the content provided by admins and then forwards the email to the intended recipient.
    • Add subject tag and forward - eProtect appends the subject with the content provided by admins and then forwards the email to the intended recipient.
    • Quarantine - eProtect quarantines the email which can then be scrutinized by admins.
  4. If you choose Add header and forward, follow these sub-steps:
    1. Enter a Header Name and Header Value.
    2. Click the + icon to add multiple headers as per your requirements.
    3. To delete a header row, click the delete icon.
  5. If you select Add subject tag and forward, enter a Subject Tag.
  6. If you choose Quarantine, eProtect quarantines the email. Admins can moderate these emails from the Quarantine section.
  7. Click Save.

You have successfully configured the Spam Processing settings.

Spam Control Lists

Zoho eProtect lets you set up spam control lists specific to your organization. You can configure allowed lists, trusted lists, and blocked lists. To each of these lists, you can add domains, email addresses, IP addresses, etc. 

Allowed List

As an administrator, if you do not want certain emails to be marked as spam, you can add the domain and specific email addresses to the Allowed List. However, in case there is an SPF failure, and there is no action set for SPF failure, the emails from allowed list domains or addresses will not be marked as 'Not Spam'. In the case of SPF failure, the email may be a possible spoofed email, and hence the email address/domain added to the allowed list will not be effective in that case.

Follow these instructions to configure Allowed List:

  1. Log in to Zoho eProtect and select Email Protection on the left pane.
  2. Navigate to Anti-spam and select Allowed List. The Email ID tab appears with a list of email addresses that you have already configured.
    eProtect allowed email list
  3. To add a new email address to the list, follow these steps:
    1. Click the Add button in the Email ID tab.
    2. Add one or more email addresses separated by a comma.
    3. Click Add email address.
    4. Alternatively, you can add email addresses in bulk by selecting the Import button on the top pane.
    5. Click Browse CSV Files, and select the file containing the email addresses. The email addresses in the CSV file get added to the allowed list.
  4. To add a new Domain to the Allowed List, navigate to the Domain List tab and follow these steps:
    1. Click Add and enter one or more domain names separated by a comma.
      eProtect allowed domains list
    2. Click the Add domain button.
    3. Alternatively, you can also import domains by clicking on Import.
    4. Click Browse CSV Files, and select the file containing the domain names. The domain names in the CSV file will get added to the allowed list.
  5. To allow emails from a certain IP address range, navigate to the IP Addresses tab and do these steps:
    1. Click on Add to enter the IP addresses.
    2. Enter the IP addresses and select the IP mask, depending on the IP range that you'd like to add. Refer here to know more about IP masks.
    3. Finally, click Add IP Address.
    4. Alternatively, you can also import IP addresses by clicking on Import.
    5. Click Browse CSV Files, and select the file containing the IP addresses. The IP addresses in the CSV file will get added to the allowed list.

Note:

  • You can use the sample CSV file for bulk Importing email addresses or Domains.
  • When you add a domain to the allowed list, any emails from its associated sub-domains won't be marked as spam.

TIP:

This option to add addresses to the Allowed List is particularly handy when you know that the sending domain has incorrect SPF/ DKIM settings and you want to allow only these domains from your otherwise strict SPF/ DKIM policies for Spam Control.  

Trusted List

The trusted list is where you can add any email addresses, domains, or IP addresses that you want to exclude from any sort of spam processing. None of the usual spam checks will be conducted on emails that are received from the entities added to the trusted list and they will not be validated for SPF, DKIM, or block list checks. While adding values to the trusted list, be doubly cautious since the organization could be exposed to spam or phishing attacks, as there is no spam check.

Follow the below instructions to define the trusted list for your organization:

  1. Log in to the Zoho eProtect and select Email Protection on the left pane.
  2. Navigate to the Trusted List section under Anti-spam. You will land in the Email List tab.
    eProtect trusted emails list
  3. To add specific email addresses to the trusted list, follow these steps:
    1. Click Add and enter one or more email addresses separated by a comma and click Add email address.
    2. Alternatively, you can also import email addresses by clicking on Import.
    3. Click Browse CSV Files, and select the file containing the email addresses. The email addresses in the CSV file will get added to the trusted list.
  4. To add one or more domains to the trusted list, click on the Domain List tab and follow these steps:
    1. Click Add and enter one or more domain names separated by a comma and click Add.
      eProtect trusted domains list
    2. Alternatively, you can also import domains by clicking on Import.
    3. Click Browse CSV Files, and select the file containing the domain names. The domain names in the CSV file will get added to the trusted list.

Blocked List

A Blocked list can also be defined commonly for the entire organization. The administrators can add entire domains, TLDs, specific email addresses, IP addresses, or recipient email addresses to the blocked list. In these cases, even if the domain passes the SPF test, the email from that domain will be marked as spam.

Additionally, while defining the blocked list, the admin can also choose the action to be taken on the blocked emails. They can either:

  • Mark it as spam - The email will be moved to the respective user's spam folder.
  • Move it to quarantine - The email will be quarantined from where the admin will have to process the email further.
  • Reject the email - The email will be permanently rejected.

Follow the below instructions to define the blocked list for your organization:

  1. Log in to the Zoho eProtect and select Email Protection on the left pane.
  2. Select Anti-spam, and select Blocked List. You will land in Emails tab.
    eProtect blocked emails list
  3. To add specific email addresses to the blocked list, do these steps:
    1. Click Add and enter one or more email addresses separated by a comma.
    2. Select the action to be taken on these emails and click Add email address.
    3. Alternatively, you can also import email addresses by clicking on Import.
    4. Select the action to be taken on these emails.
    5. Click Browse CSV Files, and select the file containing the email addresses. The email addresses in the CSV file will get added to the blocked list.
  4. To add one or more domains to the blocked list, click the Domains tab and follow these steps:
    1. Click Add and enter one or more domain names separated by a comma.
      eProtect blocked domains list
    2. Select the action to be taken on these emails and click Add Domain.
    3. Alternatively, you can also import domains by clicking on Import
    4. Select the action to be taken on these emails.
    5. Click Browse CSV Files, and select the file containing the domain names. The domain names in the CSV file will get added to the blocked list.
  5. To block emails from a certain IP address range, select the IP Addresses tab and follow these instructions:
    1. Click Add to enter the IP addresses.
      eProtect blocked IP address list
    2. Enter the IP addresses and select the IP mask, depending on the IP range that you'd like to add. Click here to know more about IP masks.
    3. Select the action to be taken on these emails and click Add IP Address.
    4. Alternatively, you can also import IP addresses by clicking on Import. Select the action to be taken on these emails.
    5. Click Browse CSV Files, and select the file containing the IP addresses. The IP addresses in the CSV file will get added to the blocked list.
  6. A Top-level Domain (TLD) is the last segment of a domain name. For example, in the domain name zylker.com, .com is the TLD. To block a TLD, click the TLDs tab and do these steps:
    1. Click Add and enter one or more TLDs separated by a comma.
      eProtect blocked TLD list
    2. Select the action to be taken on these emails and click Add TLD.
    3. Alternatively, you can also import domains by clicking on Import.
    4. Select the action to be taken on these emails.
    5. Click Browse CSV Files, and select the file containing the TLDs. The TLDs in the CSV file will get added to the blocked list.
  7. If you want to block emails addressed to certain org members, click the Recipient Emails tab and do these steps:
    1. Click Add and enter one or more email addresses separated by a comma.
      eProtect blocked recipients list
    2. Select the action to be taken on these emails and click Add recipient email address.
    3. Alternatively, you can also import email addresses by clicking on Import. Select the action to be taken on these emails.
    4. Click Browse CSV Files, and select the file containing the email addresses. The email addresses in the CSV file will get added to the blocked list.

IP Addresses and IP Masks

If you are entering the entire IP address that denotes a specific machine, you will have to select the subnet as 32 from the dropdown list. If you mention just the network to denote all the computers that come under that network, enter the network part of the IP address and select the subnet depending on the number of bits that you have used in the IP address. 

For example, if you are entering 172.20.0.0 and select 30 from the dropdown list, it will refer to IP addresses in the range 172.20.0.0 - 172.20.0.3. This will denote a total of 4 IP addresses. This can be derived by calculating 2(32-n). In this case, the value of n will be 30, and by performing the calculation we derive at 22, which will be 4. Hence the 4 IP addresses will be added to the respective List. Similarly, you can add a consecutive range of IP addresses by selecting the relevant value from the dropdown list. 

Note:

  • You will not be allowed to include your domain's TLD in your organization's Blocked List.
  • The IP Address options for the allowed list and the blocked list will not be available for organizations in the free plan.
  • When you add a domain to the blocked list, any emails from its associated sub-domains will be blocked too.

Blocked List Patterns

Blocked List Patterns in Zoho eProtect will allow the administrator to add the usual patterns in which the spam emails get delivered to the users in the organization. The patterns that can be added are:

Sender Pattern

You can add texts or regular expression patterns to this list to make sure that the emails containing these patterns in the sender's email address are marked as spam. You can set the Email delivery action to mark the email as spam or move the emails to quarantine.
eProtect blocked sender patterns

To configure a pattern click on Add and provide any text/regex as the pattern value. You can set an expiry date for the pattern. You can also choose to add the pattern as a regular expression. Click Add to save the pattern.

You can also Edit/ Delete a pattern using the icons provided over the saved patterns.

Subject Pattern

You can add text or regular expression patterns to this list to make sure that the emails containing these patterns in the subject of the email are marked as spam. You can set the Email delivery action to mark the email as spam or move the emails to quarantine.
eProtect blocked subject patterns

To configure a pattern click on Add and provide any text/regex as the pattern value. You can set an expiry date for the pattern. You can also choose to add the pattern as a regular expression. Click Add to save the pattern.

You can also Edit/ Delete a pattern using the icons provided over the saved patterns.

Content Pattern

You can add text or regular expression patterns to this list to make sure that the emails containing these patterns in the content of the email are marked as spam. You can set the Email delivery action to mark the email as spam or move the emails to quarantine. You also have the option to Mark blank emails as spam.
eProtect blocked content patterns

To configure a pattern click on Add and provide any text/ regex as the pattern value. You can set an expiry date for the pattern. You can also choose to add the pattern as a regular expression. Click Add to save the pattern.

You can also Edit/ Delete a pattern using the icons provided over the saved patterns.

International Spam

Language-based spam

You can allow or reject emails based on the language of the email. You can set the languages according to your preference in the Zoho eProtect.

Follow these steps to add languages:

  1. Log in to Zoho eProtect and select Email Protection on the left pane.
  2. Select Anti-spam, and navigate to International Spam. You will land in the Language tab.
    eProtect language based spam processing
  3. Select the action that you'd like to take in the Spam processing action drop-down. 
  4. Select either Allowed languages only or Block chosen languages.
  5. Select the languages, and finally click Apply.

Based on the preferences set, emails in the languages that you've entered will either be blocked or allowed.

Country-based spam processing

Based on the location of the origin of emails, you can either reject the email, mark it as spam or move it to the quarantine list.

Follow the below steps to add locations:

  1. Log in to Zoho eProtect and select Email Protection on the left pane.
  2. Select Anti-spam, select International Spam, and select the Country tab.
    eProtect country based spam processing
  3. Click on Add.
  4. Select the countries, and choose the respective action that you'd like to take on emails from these countries.
  5. You can either mark the emails as spam, move it to quarantine or reject it.

Emails from the respective countries will be processed according to the preferences that you have set.

Anti-Phishing

Zoho eProtect lets you customize the actions that need to be taken when certain emails fail verification of protocols such as SPF, DKIM, DMARC, etc. You can choose an action that best suits your organization's requirements from the actions permitted.

Table of Contents

Spoof Protection

The Spoof Protection section in Zoho eProtect contains multiple settings with which you can configure your organization's spoof protection. Listed below are the spoof control settings available in eProtect:

SPF Verification

SPF or Sender Policy Framework is the DNS record that defines the email servers that are allowed to send emails based on the particular domain. For incoming emails, the SPF validation is based on the sending domain's published SPF Record and the IP from which the emails are received. In case of a conflict, the SPF validation returns soft fail or fail for the emails. The administrator can choose to 'Temporary Reject' or 'Reject' or 'Allow (Process further)' or 'Move the emails to Quarantine' for the SPF Soft Fail and Fail cases. 

To customize the action on emails that have failed SPF validation, follow the below instructions:

  1. Log in to Zoho eProtect and select Email Protection on the left pane.
  2. Navigate to Spoof Protection under Anti-Phishing.
    eProtect spoof protection
  3. Under SPF Verification, select the actions for SPF failure and SPF soft failure.
    • Permanent reject: To directly bounce back the emails, if the SPF fails/ soft fails based on the option chosen.
    • Temporary reject: To temporarily reject emails with 4xx errors. The retries will be checked for SPF Again and will be accepted if the sender has corrected or updated the SPF records.
    • Move to quarantine: To move the email to the spam quarantine, for review by the administrator.
    • None: To move the email to further spam processing, without rejecting the email.

DKIM Verification

When an incoming email has a DKIM signature in the header, the DKIM validation happens for the email. In case the DKIM is found not valid, then the administrator can choose one of the available actions for such emails.  

To customize the action on emails that have failed DKIM validation, follow the below instructions:

  1. Log in to Zoho eProtect and select Email Protection on the left pane.
  2. Navigate to Spoof Protection under Anti-Phishing.
    eProtect DKIM verification settings
  3. Under DKIM Verification, select the desired action.
    • Permanent reject: To directly bounce back the emails, if the DKIM validation fails based on the option chosen.
    • Temporary reject: To temporarily reject emails with 4xx errors. The retries will be checked for DKIM again and will be accepted if the sender has corrected or updated the DKIM records.
    • Move to quarantine: To move the email to the spam quarantine, for review by the administrator.
    • None: To move the email to further spam processing, without rejecting the email.

DMARC Verification

DMARC policy is an email authentication protocol built on the widely deployed SPF and DKIM protocols. If there is an authentication failure, and the DMARC policy is set to quarantine, the administrator of the recipient domain can choose one of the available actions to perform on the emails.

  1. Log in to Zoho eProtect and select Email Protection on the left pane.
  2. Navigate to Spoof Protection under Anti-Phishing.
    eProtect DMARC verification settings
  3. Under DMARC Verification, select the desired action.
    • None: To move the email to further spam processing, without rejecting the email.
    • Move to spam: To mark the email as spam, without any further checks.
    • Move to quarantine: To move the email to the spam quarantine, for review by the administrator.

DNSBL Verification

Zoho maintains a consolidated Blocklist based on User Spam Marking, Abuse patterns, and certain third-party Blocklists subscribed by us. Similar to SPF and DKIM, the organization administrator can add rules to control the execution of the Zoho Blocklist. The administrator can control the delivery of emails based on his organization's requirements. 

  1. Log in to Zoho eProtect and select Email Protection on the left pane.
  2. Navigate to Spoof Protection under Anti-Phishing.
    eProtect DNSBL verification settings
  3. Under DNSBL Verification, select the desired action.
    • Permanent reject: To directly bounce back the emails, if the sending domain/ email address or IP address is present in the Zoho Blocklist.
    • Temporary reject: To temporarily defer the emails, if the sending domain/ email address or IP address is present in the Zoho Blocklist.
    • Move to spam: To mark the email as spam, without any further checks.
    • Move to quarantine: To move the email to the Spam Quarantine, for review by the administrator.

Cousin Domains

Cousin Domains are domain names that are very similar to any other valid domain name. If you expect a domain to send genuine emails, but want to mark an email from any other variations of the domain name as spam, you can add it in this section.

For example, if 'zylker.com' sends genuine emails, but emails from 'zylker1.com' need to be processed for spam, you can add zylker.com here. Follow these steps to add Cousin Domains:

  1. Log in to Zoho eProtect and select Email Protection on the left pane.
  2. Navigate to Cousin Domains under Anti-Phishing and enable Cousin Domain Verification.
    eProtect cousin domain settings
  3. In the Email Delivery Action dropdown, select the actions for emails that have look-alike domain names.
    • If you select None, no action will be taken.
    • If you select Move to spam, the email will be moved to the spam folder of the email recipient.
    • If you select Move to quarantine, the email will be moved to the quarantine list, from where the admin will have to process it further.
  4. You can also choose to Include Internal Domains, which means that all of your organization's domains will undergo the cousin domains check by default. So, any domain name that is similar to yours will undergo the specified action.
  5. Click Add, enter the domain names for which the cousin domain check has to be done and click Add domain.
  6. You can also choose to include the domain names by clicking on Import, and selecting a CSV file which has all the domain names. 
  7. In the Email Delivery section, select the action for emails that have similar domain names.
  8. In the Domain List, enter the names of domains for which the cousin domain check has to be done.

The Cousin Domains feature is especially useful in cases where an email sender might try to trick recipients with a valid domain name.

For example, you might expect the domain webhosting.com to send valid emails to your org users. So, when an email arrives from user@vvebhosting.com, your org members might consider it legitimate, but the email sender has tricked the recipient by replacing the 'w' in webhosting.com with 'vv'. In cases like these, the Cousin Domains feature comes into play. 

VIP Display Names

Administrators can control the fraudulent usage of display names by setting up the respective conditions for emails that violate your customization. You can set up a display name and associate one or more email addresses with this display name in the Zoho eProtect.

For example, consider the email address ceo@mydomain.com, you can ensure that if an email with the display name 'CEO' arrives from any other email address, the action defined by you is taken on this email address.

Follow the below steps to add a policy to prevent display name fraud:

  1. Log in to Zoho eProtect and select Email Protection on the left pane.
  2. Navigate to VIP Display Names under Anti-Phishing.
    eProtect VIP display name settings
  3. In the Email Delivery Action drop-down, select the action for emails that have spoofed display names.
    • If you select None, no action will be taken.
    • If you select Move to spam, the email will be moved to the spam folder of the email recipient.
    • If you select Move to quarantine, the email will be moved to the quarantine list, from where the admin will have to process it further.
  4. Click Add, enter the display name, and the email addresses that can be associated with this name, and click Add users.

You will be able to see a list of the Display Names and the respective Email Addresses that you have added to the list.

Inbound Rules

Connection Filtering for Inbound Rules

With the help of connection filtering rules, you can decide which emails get to reach your inbox and filter out unnecessary emails right at the authentication level. In order to filter out emails, you have to establish a set of conditions against which the incoming emails of your organization will be validated before transferring them to the respective inboxes.
enable connection filter in eProtect

Table of Contents

Create a Connection Filtering Rule

To create a connection filtering rule, 

  1. Log in to the Zoho eProtect and select Email Protection on the left pane.
  2. Navigate to Inbound Rules and click Connection filter (Level 1).
  3. Click the Create button and select the preferred option:
    • Create new rule
    • Quarantine emails from external senders
    • Reject emails from specific senders or domains
    • Quarantine emails for users belonging to a group
      create connection filter in eProtect
  4. Enter the rule name, provide an optional description and click Proceed.
  5. Choose the Condition type.
    • AND - Only if the incoming emails satisfy all the conditions you provided, the preferred action will be performed.
    • OR - Even if the incoming emails satisfy one of the conditions you provided, the preferred action will be performed.
    • Advanced - You can combine both AND & OR condition types, within a single condition, for the preferred action.
    • No Condition - When chosen, all the emails you receive will go through the preferred action.
  6. Select your condition, operating parameter and enter the appropriate value in the Add values field.
  7. Click the + icon to add multiple Conditions

  8. Select the desired action and click Proceed.

    ActionDescription
    Move to spamAll the emails that satisfy the given condition/s will be moved to the spam folder of the recipient's inbox.
    Permanent RejectAll the emails that satisfy the given condition/s will not be accepted by our servers and will be rejected permanently removing the chances of delivery retries.
    Move to quarantineThe emails that satisfy the given condition/s will be moved to quarantine for the administrator's approval.
    None (Allow email)No action will be taken for emails that satisfy the given condition/s.
  9. In the APPLY TO page, you can choose to which users you want the rule to be applied. You can select one of the options below:
    • All Users - The rule will be applied to all the users in your organization.
    • Selected Users - The rule will be applied to the specific set of users you add.
    • All users except selected users - The rule will be applied to all the users except the ones added to the list.
  10. To add users to the Selected Users or Excluded users list, simply select the respective option, and click the Add button. Select the users you want to add to the list and click Proceed. You can also remove a user from the list by clicking the Delete icon next to the user.
  11. Once done, click Proceed. On the preview page, you can review your rule and set an expiry date if needed.
  12. After reviewing your rule, you can,
    • Create & Enable Rule - Your rule will not only be created but also be activated automatically to start processing emails with respect to its conditions and actions.
    • Create Rule - Your rule will only be created and not activated. That means if you want the rule to be applied to the emails you receive, you will have to manually activate it.

Available Conditions

You can set up more than one condition in a single rule depending on your requirement.

ParameterDescription
SubjectThe subject of the email
Sender email addressThe 'from' address of the email sender
Sender domainThe domain address of the email sender
Return path email addressThe reverse-path/ bounce address of an incoming email
Return path domainThe reverse-path/ bounce address's domain
Sender IP addressThe IP address of the email sender
Is external senderChecks if the sender is not part of the organisation
Originating countryThe country from which the email was sent
Sender DNSThe DNS address of the sender
Sender display nameThe display name of the sender.
SPF verification resultThe result of SPF verification
DKIM verification resultThe result of DKIM verification
DMARC verification resultThe result of DMARC verification
MIME message ID*The ID that can be gathered from a MIME email's header
X Mailer**The desktop client from which the email was sent
Sender not previously contacted Checks if the recipient has previously sent any emails to the sender
To email addressThe 'to' email address of the incoming email
MIME size in MbThe size of the non-text attachment is greater than the specified MB
Add header criteriaThe type of email header criteria that needs to be verified for the provided values

Note:

  • *MIME message - Multipurpose Internet Mail Extensions supports non-text email attachments. A MIME header is added to the original email header from where you can gather the unique content ID/message ID used to identify the message.
  • **X-Mailer - Specifies which desktop client (For example, Apple client, Thunderbird, etc) was used to draft or send the email. Can be found in the email header.

Operating Parameters

OperatorsDescription
isThe respective parameter in the incoming email should exactly match the given criteria value.
is notThe respective parameter in the incoming email should not match the given criteria value.
containsThe respective parameter in the incoming email doesn't have to be an exact match but will pass even if it contains the given criteria value.
does not containThe respective parameter in the incoming email doesn't have to be an exact match but will pass if it does not contain the given criteria value.
begins withThe respective parameter in the incoming email should begin with the given criteria value.
ends withThe respective parameter in the incoming email should end with the given criteria value.
is emptyThe respective parameter in the incoming email should be empty.
is not emptyThe respective parameter in the incoming email should not be empty.
matchesThe respective parameter in the incoming email should match the regular expression pattern
Does not matchThe respective parameter in the incoming email should not match the regular expression pattern
trueThe given condition should be true.
falseThe given condition should be false.
is greater thanThe respective parameter in the incoming email should only be greater than the given criteria value.
is lesser thanThe respective parameter in the incoming email should only be lesser than the given criteria value.
is greater than or equal toThe respective parameter in the incoming email can be greater than or equal to the given criteria value.
is lesser than or equal toThe respective parameter in the incoming email can be lesser than or equal to the given criteria value.

After selecting the Conditions and the Operating parameters, provide the values with respect to the chosen conditions that need to be verified against. Upon providing these proceed to select the Actions that need to be performed for the emails with the chosen conditions.

Rule processing and priority

You can add any number of connection filters to process different types of incoming emails. In the case of multiple filters, the sequence of processing will be based on the priority of filters. The filter with the highest priority (1) will take precedence over the filters with lower priority (2). To change the sequence or priority of the filters,

  1. Log in to Zoho eProtect and select Email Protection on the left pane.
  2. Navigate to Inbound Rules and click Connection filter (Level 1).
  3. On the connection filtering page, you will find the list of all filters you have already added.
  4. Simply rearrange the filters by dragging and dropping them in the order of your preference.

Enable or Disable a rule

You can enable or disable a rule to start or stop filtering.

  1. Log in to Zoho eProtect and select Email Protection on the left pane.
  2. Navigate to Inbound Rules and click Connection filter (Level 1).
  3. On the connection filtering page, you will find the list of all filters you have already added.
  4. Toggle the Status key to ON/OFF in order to Enable or Disable a rule.

Remove expired rules from the list

In case you set an expiry date for the rules, you will find a number of expired conditions in your list. You can remove them by using the Sweep option.

  1. Log in to Zoho eProtect and select Email Protection on the left pane.
  2. Navigate to Inbound Rules and click Connection filter (Level 1).
  3. On the connection filtering page, click Sweep.

This will remove all the filters that have already expired from your list.

Content filtering for incoming emails

With the help of content filtering rules, you can decide which emails get to reach your inbox and filter out unnecessary emails based on the content of the email. In order to filter out emails, you have to establish a set of conditions against which the incoming emails of your organization will be validated before transferring them to the respective inboxes. Content filtering will also support all the connection filtering criteria.

Table of Contents

Create a Content Filtering Rule

To create a content filtering rule, 

  1. Log in to Zoho eProtect and select Email Protection on the left pane.
  2. Navigate to Inbound Rules and select Content filter (Level 2).
    create content filter in eProtect
  3. Click Create and select the preferred option:
    • Create new rule
    • Quarantine emails from external senders
    • Mark blank emails as spam
    • Move emails with .exe attachments to spam
    • Quarantine emails for users belonging to a group
  4. Enter a rule name, provide a description and click Proceed.
  5. Before providing the Conditions, based on which the processing of emails would take place, you can choose a condition type.
    • AND - Only if the incoming emails satisfy all the conditions you provided, the preferred action will be performed.
    • OR - Even if the incoming emails satisfy one of the conditions you provided, the preferred action will be performed.
    • Advanced - You can combine both AND & OR condition types, within a single condition, for the preferred action.
    • No Condition - When chosen, all the emails you receive will go through the preferred action.
  6. Choose the condition for the rule, operating parameter and enter the appropriate value.
  7. Click the + icon to add multiple conditions.

  8. Select the preferred action:

    ActionDescription
    Move to spamAll the emails that satisfy the given condition/s will be moved to the spam folder of the recipient's inbox.
    Move to spam & Append text to subject Emails that satisfy the given condition/s will be moved to the recipient's spam folder & a prefix configured in this rule will be added to the subject of the received mail.
    Move to spam & Add custom headerEmails that satisfy the given condition/s will be moved to the recipient's spam folder & a custom header with name and value will be added to those emails
    Move to quarantineThe emails that satisfy the given condition/s will be moved to quarantine for the administrator's approval.
    Append text to subject A prefix configured in this rule will be added to the subject of the received mail
    Add custom header A custom header with name and value will be added to the emails.
    None (Allow email)No action will be taken for the emails that satisfy the given condition/s.
  9. After creating the filter, you can choose to which users you want the rule to be applied. You can select one of the options below.
    • All Users - The rule will be applied to all the users in your organization.
    • Selected Users - The rule will be applied to the specific set of users you add.
    • All users excluding selected users - The rule will be applied to all the users except the ones added to the list.
  10. To add users to the Selected Users or Excluded users list, simply select the respective option, and click the Add button. Select the users you want to add to the list and click Proceed. You can also remove a user from the list by clicking the Delete icon next to the user.
  11. Once done, click Proceed. On the preview page, you can review your rule and set an expiry date if needed.
  12. After reviewing your rule, you can,
    • Create & Enable Rule - Your rule will not only be created but also be activated automatically to start processing emails with respect to its conditions and actions.
    • Create Rule - Your rule will only be created and not activated. That means if you want the rule to be applied to the emails you receive, you will have to manually activate it.

Note:

If an email falls under the conditions set under Connection filtering, the conditions for Content filtering will not be processed for that email

Available Conditions

You can set up more than one condition in a single rule depending on your requirement. 

ParameterDescription
SubjectThe subject of the email
Sender email addressThe 'from' address of the email sender
Sender domainThe domain address of the email sender
Return path email addressThe reverse-path/ bounce address of an incoming email
Return path domainThe reverse-path/ bounce address's domain
Sender IP addressThe IP address of the email sender
Originating countryThe country from which the email was sent
Sender DNSThe DNS address of the sender
Sender display nameThe display name of the sender.
SPF verification resultThe result of SPF verification
DKIM verification resultThe result of DKIM verification
DMARC verification resultThe result of DMARC verification
MIME message IDThe ID that can be gathered from a MIME email's header
X MailerThe desktop client from which the email was sent
Sender not previously contacted The sender is not on the contact list of the recipient
To email addressThe 'to' email address of the incoming email
MIME size in MbThe size of the non-text attachment is greater than the specified Mb
Add header criteriaThe type of email header criteria that needs to be verified for the provided values
Is external senderThe sender is not a member of the organisation
To/cc email addressThe 'to' or 'cc' email address of the incoming mail
Recipient (group)Checks if the recipient belongs to the organisation group
Recipient's email policyThe email policy applied to the recipient
Recipient domainThe domain name of email recipients
ContentThe content of the email
Attachment typeThe type of attachments present in the email
Attachment sizeAttachments that exceed the specified size
Email languageThe language in which the email was composed
Has attachmentThe existence of an attachment in an email content
Has web bugsThe existence of web bugs in an incoming email content
Has JavaScript contentThe existence of javascript content in the email content
Has macrosThe existence of macros in the email content
Has frame tagsThe existence of iframe tags in the email content
Is bulk emailChecks if the email received is a bulk email 
Has object tagsThe existence of object tags in the email content
Has embed tagsThe existence of embed tags in the email content
Has form tagsThe existence of form tags in the email content
Has shortened URLThe existence of shortened URLs in the email content
Has suspicious macrosThe existence of suspicious macros in the email content
URL domainThe domain names of the URLs available in email content
URLThe existence of specified URLs in the email content

Note:

  • MIME message - Multipurpose Internet Mail Extensions supports non-text email attachments. A MIME header is added to the original email header from where you can gather the unique content ID/message ID used to identify the message.
  • X-Mailer - Specifies which desktop client (For example, Apple client, Thunderbird, etc) was used to draft or send the email. Can be found in the email header.

Operating parameters

OperatorsDescription
isThe respective parameter in the incoming email should exactly match the given criteria value.
is notThe respective parameter in the incoming email should not match the given criteria value.
containsThe respective parameter in the incoming email doesn't have to be an exact match but will pass even if it contains the given criteria value.
does not containThe respective parameter in the incoming email doesn't have to be an exact match but will pass if it does not contain the given criteria value.
begins withThe respective parameter in the incoming email should begin with the given criteria value.
ends withThe respective parameter in the incoming email should end with the given criteria value.
is emptyThe respective parameter in the incoming email should be empty.
matchesThe respective parameter in the incoming email should match the regular expression pattern
Does not matchThe respective parameter in the incoming email should not match the regular expression pattern
trueThe given condition should be true.
falseThe given condition should be false.
is greater thanThe respective parameter in the incoming email should only be greater than the given criteria value.
is lesser thanThe respective parameter in the incoming email should only be lesser than the given criteria value.
is greater than or equal toThe respective parameter in the incoming email can be greater than or equal to the given criteria value.
is lesser than or equal toThe respective parameter in the incoming email can be lesser than or equal to the given criteria value.

Rule processing and priority

You can add any number of content filters to process different types of incoming emails. In the case of multiple filters, the sequence of processing will be based on the priority of filters. The filter with the highest priority (1) will take precedence over the filters with lower priority (2). To change the sequence or priority of the filters,

  1. Log in to the Zoho eProtect and select Email Protection on the left pane.
  2. Navigate to Inbound Rules and click Content filter.
  3. On the content filter page, you will find the list of all filters you have already added.
  4. Simply rearrange the filters by dragging and dropping them in the order of your preference.

Enable or Disable a rule

You can enable or disable a rule to start or stop filtering.

  1. Log in to the Zoho eProtect and select Email Protection on the left pane.
  2. Navigate to Inbound Rules and click Content filter.
  3. On the content filter page, you will find the list of all filters you have already added.
  4. Toggle the Status key to ON/OFF in order to Enable or Disable a rule.

Remove expired rules from the list

In case you set an expiry date for the rules, you will find a number of expired conditions in your list. You can remove them by using the Sweep option.

  1. Log in to the Zoho eProtect and select Email Protection on the left pane.
  2. Navigate to Inbound Rules and click Content filter.
  3. On the connection filtering page, click Sweep.

This will remove all the filters that have already expired from your list.

Outbound Rules

With the help of Outbound Rules, you can decide which emails can be sent by the users and filter out unnecessary emails based on the entire content of the email including the email header, email content and attachment content. In order to filter the outgoing emails, you have to establish a set of conditions against which all the outgoing emails of your organisation will be validated. The rules are processed sequentially, and once a particular rule is processed, subsequent rules will not be processed.

Table of Contents

Create an Outbound Rule

To create a new Outgoing rule, 

  1. Log in to the Zoho eProtect and select Email Protection on the left pane.
  2. Navigate to Outbound Rules and click Create.
    create outbound rules in eProtect
  3. Select the preferred option:
    • Create new rule
    • Quarantine emails from senders
    • Reject emails with more than 50 recipients
  4. Enter a rule name, provide a description and click Proceed.
  5. Select a condition type for the rule from the below options:
    • AND - Only if the incoming emails satisfy all the conditions you provided, the preferred action will be performed.
    • OR - Even if the incoming emails satisfy one of the conditions you provided, the preferred action will be performed.
    • Advanced - You can combine both AND & OR condition types, within a single condition, for the preferred action.
    • No Condition - When chosen, all the emails you receive will go through the preferred action.
  6. Set the condition for the rule, choose the operating parameter.
  7. Click the + icon to add multiple conditions.

  8. Select the desired action and click Proceed.

    ActionDescription
    Block senderAll the emails that satisfy the given condition/s will not be delivered by our servers and email outgoing will be blocked permanently for the sender.
    RejectAll the emails that satisfy the given condition/s will not be delivered by our servers and a default warning message will be sent upon rejection.
    Reject with a custom messageAll the emails that satisfy the given condition/s will not be delivered by our servers and a custom warning message will be sent upon rejection
    Move to quarantine The emails that satisfy the given condition/s will be moved to quarantine for the administrator's approval.
  9. After creating the filter, you can choose to which users you want the rule to be applied from Choose user dropdown. You can select one of the options below.
    • All Users - The rule will be applied to all the users in your organization.
    • Selected Users - The rule will be applied to the specific set of users you add.
    • All users excluding selected users - The rule will be applied to all the users except the ones added to the list.
  10. To add users to the Selected Users or Excluded users list, simply select the respective option, and click the Add button. Select the users you want to add to the list and click Proceed. You can also remove a user from the list by clicking the Delete icon next to the user.
  11. Once done, click Proceed. On the preview page, you can review your rule and set an expiry date if needed.
  12. After reviewing your rule, you can,
    • Create & Enable Rule - Your rule will not only be created but also be activated automatically to start processing emails with respect to its conditions and actions.
    • Create Rule - Your rule will only be created and not activated. That means if you want the rule to be applied to the emails you receive, you will have to manually activate it.

Available Conditions

You can set up more than one condition in a single rule depending on your requirement.

ParameterDescription
SubjectThe subject of the email
From email addressThe sender email address of the outgoing mail.
Display NameThe display name of the sender
Sender (group)Checks if the sender belongs to an organisation group
Original sender's email address Email address of the actual sender of the outgoing mail
Sender's email policy The email policy applied to the sender
Reply-to- email addressThe reverse-path/ bounce address of an outgoing email.
Originating countryThe country from which the email was sent
To/Cc email addressThe 'To' or 'cc' email address of the outgoing mail.
Recipient domainThe domain name of the email recipient.
Recipient count in the emailThe maximum number of recipients permitted in an outgoing email.
Email languageThe language in which the email was composed.
Sender IP addressThe IP address of the email sender.
MIME message ID*The ID present in the MIME email's header.
X-Mailer**The desktop client from which the email was sent.
User-agent The software/ Client used to send the emails.
URL domainThe domain names of the URLs available in the email content.
MIME size (in MB)The non-text attachment exceeds the specified size.
Attachment typeThe type of attachments present in the email
Suspicious login activityChecks for any suspicious login activity of the sender
Has macrosThe existence of macros in the email content.
Has suspicious macrosThe existence of suspicious macros in the email content.
Has attachmentThe existence of attachments in the email content.
Attachment size (in MB)Attachment that exceeds the specified size.

Note:

  • *MIME message - Multipurpose Internet Mail Extensions supports non-text email attachments. A MIME header is added to the original email header from where you can gather the unique content ID/message ID used to identify the message.
  • **X-Mailer - Specifies which desktop client (For example, Apple client, Thunderbird, etc) was used to draft or send the email. Can be found in the email header.

Operating parameters

OperatorsDescription
isThe respective parameter in the outcoming email should exactly match the given criteria value.
is notThe respective parameter in the outgoing email should not match the given criteria value.
containsThe respective parameter in the outgoing email doesn't have to be an exact match but will pass even if it contains the given criteria value.
does not containThe respective parameter in the outgoing email doesn't have to be an exact match but will pass if it does not contain the given criteria value.
begins withThe respective parameter in the outgoing email should begin with the given criteria value.
ends withThe respective parameter in the outgoing email should end with the given criteria value.
is emptyThe respective parameter in the outgoing email should be empty.
is not emptyThe respective parameter in the outgoing email should not be empty.
matchesThe respective parameter in the outgoing email should match the given criteria value.
trueThe given condition should be true.
falseThe given condition should be false.
is greater thanThe respective parameter in the outgoing email should only be greater than the given criteria value.
is lesser thanThe respective parameter in the outgoing email should only be lesser than the given criteria value.
is greater than or equal toThe respective parameter in the outgoing email can be greater than or equal to the given criteria value.
is lesser than or equal toThe respective parameter in the outgoing email can be lesser than or equal to the given criteria value.

After selecting the Conditions and the Operating parameters, provide the values with respect to the chosen conditions that need to be verified against. Upon providing these proceed to select the Actions that need to be performed for the emails with the chosen conditions.

Rule processing and priority

You can add any number of outbound rules to process different types of outgoing emails. In the case of multiple filters, the sequence of processing will be based on the priority of filters. The filter with the highest priority (1) will take precedence over the filters with lower priority (2). To change the sequence or priority of the filters,

  1. Log in to Zoho eProtect and select Email Protection on the left pane.
  2. Navigate to Outbound Rules.
  3. On the Outbound Rules page, you will find the list of all filters you have already added.
  4. Simply rearrange the filters by dragging and dropping them in the order of your preference.

Enable or Disable a rule

You can enable or disable a rule to start or stop filtering.

  1. Log in to Zoho eProtect and select Email Protection on the left pane.
  2. Navigate to Outbound Rules.
  3. On the Outbound Rules page, you will find the list of all filters you have already added.
  4. Toggle the Status key to ON/OFF in order to Enable or Disable a rule.

Remove expired rules from the list

In case you set an expiry date for the rules, you will find a number of expired conditions in your list. You can remove them by using the Sweep option.

  1. Log in to Zoho eProtect and select Email Protection on the left pane.
  2. Navigate to Outbound Rules.
  3. On the Outbound Rules page, click the Sweep icon 

This will remove all the filters that have already expired from your list.

Quarantine

In the quarantine section of Zoho eProtect, you can decide how to process emails that have been quarantined as a result of your Email Protection settings. Both incoming and outgoing quarantined emails can be processed from the respective sections. Further, you can also set up notifications for quarantined emails, and assign certain users to process their quarantined emails.

The Quarantine section in Zoho eProtect lists all the emails that have been quarantined as a result of the spam processing configured. From the Quarantine section, admins can choose to deliver or deny the emails. Further, notifications can also be configured for the quarantined emails to ensure that they are not missed.

Table of Contents

Quarantined Emails

The emails that are considered spam due to any validation errors, organization blocklists, or Zoho blocklists are listed in the Quarantine section. As an administrator, you can optionally move such emails for review based on the spam processing settings.

Incoming Quarantine

To access and moderate the incoming quarantined emails, follow these steps:

  1. Log in to Zoho eProtect and select Email Protection on the left pane.
  2. Select Quarantine. The Quarantined Emails tab under the Incoming section, displays the emails awaiting moderation.
    eProtect incoming quarantine
  3. Click on an email to review its contents and the email headers in detail.
  4. Select the Deliver or Deny options as per your requirement.

To know more about the options available refer to the Delivering emails and Denying emails sections.

Outgoing Quarantine

To access and moderate the outgoing quarantined emails, follow these steps:

  1. Log in to Zoho eProtect and select Email Protection on the left pane.
  2. Navigate to the Outgoing section under Quarantine. The Quarantined Emails tab displays the outgoing emails awaiting moderation.
    eProtect outgoing quarantine
  3. Click on an email to review its contents and the email headers in detail.
  4. Select the Deliver or Deny options as per your requirement.

To know more about the options available refer to the Delivering emails and Denying emails sections.

Delivering emails

When you select one or more emails to deliver, you can choose how you want to deliver them.

  • Deliver selected - Only those quarantined emails you selected will be delivered.
  • Deliver & Add - Select this option if you wish to add an email address/ domain to the Allowed/Trusted list simultaneously while delivering a quarantined email. After the email is delivered, the email address/domain will be added to the Allowed/Trusted list depending on the quarantine reason.
    A dialog box will be displayed asking you to confirm if you wish to add the email address/domain to the Allowed/Trusted list (Refer to the table below for more details).
  • Deliver partially - Emails which has multiple recipients can be sent to specific users using the Deliver partially option. Select an email which has multiple recipients and select Deliver partially from the drop-down. In the Deliver partially dialog, search for recipients and click Add. After you finish the selection, click Proceed.
    The email will be delivered only to the users you selected, after which it will move to the Denied Emails tab. To view the list of delivered and denied recipients, refer here.
  • Deliver All - All the quarantined emails will be delivered.

Note:

The Deliver partially option appears only if there are multiple recipients for an email. It does not appear if you select more than one email.

Denying emails

While denying quarantined emails, you can choose from one of the four options.

  • Deny selected- Only those quarantined emails you selected will be denied.
  • Deny & Add- Select this option if you wish to add an email address/ domain to the blocked list simultaneously while denying a quarantined email. After the email is denied, the email address/domain will be added to the blocked list depending on the quarantine reason. A dialog box will be displayed asking you to confirm if you wish to add the email address/domain to the blocked list (Refer to the table below for more details). 
  • Deny & Notify- Selecting this option will notify the sender of the email that you have denied their email. A dialog box will be displayed asking you to confirm if you wish to send en email notification to the sender that their emails have been denied.
  • Deny All- All the quarantined emails will be denied.

Note:

You should select only one email at a time for the Deny & Notify option to appear. The option won't appear if you select multiple emails.

The table lists the different reasons an email can be quarantined and how the sender email/domain to the allowed/blocked list based on the quarantined reason.

Quarantined reasonOn Deliver actionOn Deny action
SPF FailThe domain gets added to the Trusted Domains list.The domain gets added to the Blocked Domains list with Reject action.
SPF Soft FailThe domain gets added to the Trusted Domains list.The domain gets added to the Blocked Domains list with Reject action.
DKIM FailThe domain gets added to the Trusted Domains list.The domain gets added to the Blocked Domains list with Reject action.
DMARC FailThe domain gets added to the Trusted Domains list.The domain gets added to the Blocked Domains list with Reject action.
DNSBLThe domain gets added to the Trusted Domains list.The domain gets added to the Blocked Domains list with Reject action.
Blocked EmailThe email address gets added to the Allowed emails list.The email address gets added to the Blocked emails list with Reject action.
Blocked DomainThe domain gets added to the Allowed Domains list.The domain gets added to the Blocked Domains list with Reject action.
Blocked TLDThe domain gets added to the Allowed Domains list.The domain gets added to the Blocked Domains list with Reject action.
Blocked IPThe email address gets added to the Allowed emails list.The domain gets added to the Blocked Domains list with Reject action.
Cousin Domain SpamThe domain gets added to the Allowed Domains list.The domain gets added to the Blocked Domains list with Reject action.
Blocked sender patternThe domain gets added to the Allowed Domains list.The domain gets added to the Blocked Domains list with Reject action.
Blocked subject patternThe email address gets added to the Allowed emails list.The email address gets added to the Blocked emails list with Reject action.
Blocked content patternThe email address gets added to the Allowed emails list.The email address gets added to the Blocked emails list with Reject action.
Display Name SpoofingThe email address gets added to the Allowed emails list.The email address gets added to the Blocked emails list with Reject action.
Quarantined CountryThe email address gets added to the Allowed emails list.The email address gets added to the Blocked emails list with Reject action.
Blocked recipientThe email address gets added to the Allowed emails list.The email address gets added to the Blocked emails list with Reject action.
Org spam settingsThe email address gets added to the Trusted emails list.The email address gets added to the Blocked emails list with Reject action.

You can also search for specific quarantined emails based on the available criteria. The search can be performed based on criteria such as Subject, Sender, To or Cc, Email Content, Attachment Name, Attachment Content or Date. By default, the entire message will be searched. 

Further, you can also use the Filter option to select the particular validation failure of quarantined emails and filter out those emails which match the criteria.

A notification email can be sent to the recipient of the quarantined email and a selected admin each time an email is quarantined. The quarantine section should be monitored regularly, and if there is a particular pattern in legitimate emails being quarantined, the spam processing settings of the organization can be adjusted accordingly.

Delivered and Denied Emails

In Zoho eProtect, the quarantined emails that have been approved or rejected can be viewed under the Delivered Emails and Denied Emails tabs respectively in the Quarantine section. All the information including the reason for quarantine and the date the emails were quarantined gets listed so that you can always have a complete record of those emails you had quarantined. You can export the list of delivered and denied emails by clicking on the Export icon placed on top of the list.

If you wish to deliver any email under Denied Emails, you can do so by selecting that email and clicking the Deliver button placed above the list or the Deliver icon which appears when you hover over any user. To deliver multiple denied emails, select the emails and click on the Deliver button. To deliver all the denied emails, simply select all the emails, click the Deliver drop-down and select the Deliver all option.

Emails that were delivered partially will have an info icon adjacent to the recipients list. When you click the info icon, the Email delivery/denial status dialog appears with the details of delivered and denied recipients.

Quarantine Settings

Previewing Quarantined Emails

While previewing quarantined emails, you can choose between the original content format or the email content format from the Settings. The administrators who have access to the quarantined emails can change the preview type for the organization.

By default, the emails are displayed in the original format. Once you choose your preferred format, the selected format will be applied across the organization. Follow these steps to change the email preview type:

  1. Log in to Zoho eProtect and select Email Protection in the left pane.
  2. Select Quarantine Settings under the Quarantine section. The General tab appears by default.
    quarantine settings in eProtect
  3. Select between Show Original or Show Email preview type. The chosen preview type is now applied across the organization

Note:

You can also change views from the email preview but that's temporary and won't be applied across the entire organization.

Quarantine Notifications:

When an email is quarantined due to the failure of any of the spam checks, the admin can choose to trigger a notification email. This email will be sent to all the selected admins. You can control whether you want to send the notification email to the corresponding recipients by enabling/disabling email notifications for the recipients.

Similarly, when an email that is sent to a group is quarantined, the notification email will be sent to the group moderator. If the group does not have a moderator, it will be sent to the organization admin. 

The notification email will contain details such as the sender of the quarantined email, the email subject, the date and time at which the email was sent and the reason why it was quarantined.

Follow these steps to set up quarantine notifications:

  1. Log in to Zoho eProtect and select Email Protection in the left pane.
  2. Select Quarantine Settings under the Quarantine section. The General tab appears by default.
  3. Select the Notifications tab.
  4. Switch the toggle across Incoming Email Notification to ON.
  5. Select how often you'd like to receive notifications from the Notification email frequency drop-down.
  6. If you want to send an email to the corresponding recipients, check the box which says, Send quarantine notification email to recipients. If you wish to send the email only to the selected admins, uncheck the box. 
  7. Click   and add the admins you'd like to notify about quarantined emails.

Based on the frequency set, an email containing the details of all the quarantined emails in that duration will be sent to the selected admins. If you have enabled email notification for the recipients, the corresponding details will be sent to the recipients to whom the quarantined email is addressed.

Self Moderators

Aside from administrators being able to manage the quarantined emails, you can also assign your organization users as self moderators to approve the quarantined emails. However, the self moderators will only be able to approve those quarantined emails that are addressed to them. If a particular quarantined email contains multiple recipients, the email will be delivered only to the user who approves it. 

For example, say there are two users named Rebecca and Paula, and Rebecca has been assigned as a moderator. There's a quarantined email from a sender id name@company1.com addressed to them both. If Rebecca approves the email, the email will be delivered only to her.

To add a self moderator, follow these steps:

  1. Log in to Zoho eProtect and select Email Protection in the left pane.
  2. Select Quarantine Settings under the Quarantine section. The General tab appears by default.
  3. Select the Self Moderators tab.
  4. Click on the Add button (+). The Self Moderators pop-up window opens with a list of all the organization users.
  5. Click the Add button to add a user to the Selected users portion of the window. You can also search for users using the search bar in the pop-up window.
  6. After selecting the users, click Proceed
  7. To quickly remove any user from the window, click on the Delete icon next to the user. To remove all the users you've added from the window, click on Remove All

You can also delete users from the self-moderators position should you wish. To delete a self-moderator, follow these steps:

  1. In the Self moderators tab, click on the user who you wish to remove. To remove multiple users, select them all.
  2. Click on the Delete button displayed above the list.
  3. You can also delete individual users by clicking on the Delete icon appearing next to each user when you hover over them

Note:

If the admin denies an email before the self-moderator could approve and deliver it to their inbox, the self-moderator can't approve the email later.