Getting Started with Zoho eProtect

If you are searching for a solution to protect your organization's emails from hackers, and fraudsters or to stay in-line with the industry specific compliance requirement standards, you are at the right place.

Table of Contents

Zoho eProtect Overview

Zoho eProtect by Zoho Mail is a robust cloud-based email Security and Compliance software solution which can work with many email providers such as Google Workspace, Microsoft 365, Exchange servers, and other on-premise email providers. eProtect acts as the first line of defence against threats such as viruses, spam, phishing, malware, spoofing, and so on.

Zoho eProtect's exceptional email archival and eDiscovery feature ensures your organization stays with the industry specific Compliance laws. FRCP, SOX, HIPAA, FINRA, GLB, NYSE, NASD, and SEC are the compliance standards to name a few. As an administrator, you can choose which emails should be stored using retention policies.

Email Protection

Email has become a medium of professional communication for every organization. Emails are used to send and receive various data, and these communications can be easily tracked and stored for compliance purposes. While emails serve as an effective mode of communication, these can be compromised as well.

Email Protection is important to ensure your organization does not become a target for attacks. Attacks include spoofing, phishing, vishing, malware, etc.

Email Archival

Email archival is the process of retaining emails in an organization for a specific period in an organized manner based on the policies of the organization. This is done for compliance or other such purposes, based on the organizational policies.

The main purpose of retention policy are the following:

  • Archival of email content for a specific period, so that it cannot be permanently deleted before the retention period.
  • Deleting the email content permanently after the defined retention period.
  • Compliance with industry regulations and internal policies to retain content for a minimum period of time.
  • Reduce the risk, in case of any security breach or litigation caused due to deletion of content by employees.

eDiscovery

eDiscovery (electronic discovery) refers to a legal process of “discovering” electronic data by identifying, processing, reviewing and producing retained emails which are potentially relevant to litigation. The eDiscovery section in Zoho eProtect provides a complete solution to retain, review, export the emails related to your organization's internal, external or legal investigations. It empowers the legal teams to manage the holds and investigations.

Overall, it assures that the legal team can gather and access the required information in a simple interface, without technical dependency or complexity.

Setting Up Zoho eProtect

Setting up your organization in Zoho eProtect is a simple process. To set up eProtect, you must have a Zoho account for your organization with which you can request beta access. For more details, contact presales@zohoeprotect.com

Sign Up

Follow the below steps to set up your organization in Zoho eProtect:

  1. Open Zoho eProtect in your web browser.
  2. Create a new Zoho account if you do not have one already.
    • Enter your Name, Email Address/ Mobile Number, Password and select I agree to the Terms of Service and Privacy Policy and click SIGN UP. Zoho eProtect's Welcome page appears. 
  3. If you already have a Zoho account, log in with your credentials.
  4. Enter your organization name and click Proceed. Add Domain page appears.
    enter organization name

Add Domain

To start receiving emails in Zoho eProtect, process spam filters, and retain the emails, you must add your organization's domain and confirm your ownership. Select your email provider from the available options:

If your email service provider is Google Workspace or Microsoft 365, eProtect simplifies the domain verification and user addition process. Organizations that have their email hosted on another service provider or on-premise email infrastructure can manually add and verify their domain with a few extra steps.

Note:

Domain verification is not required if you have already verified your domain with your email service provider for organizations with a Google Workspace or Microsoft 365 account.

Google Workspace

Follow these steps to add your Google Workspace account in eProtect:

  1. Select Import from Google Workspace.
  2. Enter the Administrator Email Address, Service Email Address and upload the Key File. Refer to Authorize Zoho eProtect to access your Google Workspace for more details.

    Note: You can also add your organization manually using the Add Manually option. Follow the steps provided in the Add Manually section.

  3. Once you have downloaded the JSON or P12 file, click the Upload button and attach the key file.
  4. Click Proceed to import domains.
    import google domains
  5. Select the domains which you want to add to Zoho eProtect. If you choose more than one domain, select the preferred primary domain by clicking on the start icon.

    Note:

    Only the domains that are already verified in your Google Workspace account can be imported automatically to eProtect.

  6. Click Import and proceed to the Add Users section.
    import domains

Note:

Ensure that you have administrator privileges to import the domains configured in Google Workspace.

Microsoft 365

Follow these steps to add your Microsoft 365 account in Zoho eProtect:

  1. In the Add Domain page select Microsoft and click Proceed.
    import microsoft domains
  2. Enter the admin email address, and admin password on the Microsoft login page and click Next.
  3. In the permission window, click Accept. The Import Domain page appears.
    Microsoft account permissions
  4. Select one or more domains to add to Zoho eProtect.
  5. Choose the primary domain by clicking the star icon and click the Import button.
    import domains

You have successfully authenticated your Microsoft credentials. You can now proceed to Add Users section.

Add Domain Manually

Zoho eProtect offers the Add Manually option for the below cases:

  • Organizations who have hosted their email on a different email provider other than Google Workspace or Microsoft 365.
  • For on-premise email providers such as Microsoft Exchange server or Zimra, etc. or other hosted email providers.
  • Google and Microsoft account organizations who wish to manually add their domains instead of the import process.

Follow the below instructions to add your domain manually:

  1. Select the Add Manually option.
  2. Enter the Domain Name and click Proceed.

Once you add your domain manually, you must prove ownership of the domain by following the steps given in Verify Domain.

Verify Domain

The domain verification procedure is required only if your email is hosted on a different service provider other than Google Workspace or Microsoft 365. For domains imported from Google Workspace and Microsoft 365, the domain verification steps are not required.

Domain verification can be done either by adding a TXT record or CNAME record or uploading an HTML file. Zoho eProtect verifies your domain to ensure that:

  • The domain you entered is a valid/ active domain
  • You are the owner or an administrator with appropriate privileges to access your domain provider's DNS page.
  • The domain is not a spoofed address

Before proceeding to domain verification, log in to your domain provider's account and navigate to the DNS page (DNS Manager or DNS Control Panel or Advanced DNS editor).

TXT Record Method

Follow these steps to verify your domain using the TXT record option:

  1. Select Add a TXT record in the DNS page from the PROVE DOMAIN OWNERSHIP page.
  2. Copy the auto-generated zb code from the table.
  3. Locate the option to add a TXT record on the DNS page and click Add a record.
  4. In the Name/ Host/ Alias/ TXT, enter @ or leave it blank.
  5. In the Value/ Points To/ Destination field, paste the verification zb code that you copied.
  6. If the TTL is editable, set it to the minimum possible value recommended by your domain provider.
  7. Save the TXT Record and give it an hour to two to propagate.
  8. Switch back to Zoho eProtect and click Verify TXT Record.

Your domain gets verified if the TXT records are propagated.

CNAME Record Method

Follow these steps for domain verification using the CNAME method:

  1. Select Add a CNAME record in the DNS page from the drop-down menu.
  2. Copy the CNAME Name/ Alias value from eProtect.
  3. Locate the option to add a CNAME record on the DNS page, click Add a record.
  4. In the Name/ Host/ Alias/ CNAME field paste the value that you copied.
  5. Copy the CNAME Value/ Points To/ Destination value from Zoho eProtect.
  6. Switch to the DNS page and paste the value in the Value/ Points To/ Destination/CNAME field.
  7. If the TTL is editable, set it to the minimum possible value recommended by your domain provider.
  8. Save the CNAME Record and give it an hour to two to propagate.
  9. Switch back to Zoho eProtect and click Verify CNAME Record.

Your domain gets verified if the CNAME records are propagated.

HTML Method

Follow these steps to verify your domain using the HTML method:

  1. Select Upload HTML file in the website from the drop-down menu.
  2. Download the html file - verify.html given in the Zoho eProtect's Prove Domain Ownership page.
  3. Access your root directory and create a folder named zohoverify.
  4. Inside the zohoverify folder, upload the HTML file that you downloaded from Zoho eProtect.
  5. You will see a verification code at http://domain name/verification/verify.html
  6. Click Verify HTML File to complete the domain verification process.

If you encounter any errors during domain verification refer to Troubleshoot Domain Verification Failure.

For domain verification instructions specific to your domain provider, select the appropriate link from the below options.

Note:

If your domain is not listed above and you have trouble verifying your domain using the generic domain verification instructions, reach out to your email service provider or support@zohoeprotect.com.

Add Users in eProtect

Upon successful addition of your domain, the Add users page appears. By default, the user who creates the account will be added as a Super Administrator. Zoho eProtect provides multiple options to add your organization's users based on your email provider:

The Add Users page shows the list of users with their Name, Email Address, and Status. If required you can change the Super Admin from the Roles & Permissions section under Organization.

Import from Google Workspace

Follow these steps to import users from Google Workspace:

  1. Upon successful domain addition, the Users landing page appears.
  2. Select Import from the top menu and click the Import users button. The domains you added in eProtect get selected automatically.
  3. Click Proceed, select the desired users and click the Proceed button.
  4. The upper portion of the SELECT USERS page displays the below data:
    • Total users in the selected domains
    • Users selected to import
    • Available license
  5. In the START IMPORT page, enter a value in the below fields:
    • Name for the import
    • Password for the users being imported
    • Confirm the new password
    • If required, select Force user to change password on next log in
    • If required, Import users only if provided alias available
  6. Click the Start button.
  7. Select Refresh from the top menu to view the import status.
  8. Click Proceed to Setup email protection for your organization.

Once you are done adding users, click Proceed. The Setup email protection page appears.

Import from Microsoft 365

  1. Upon successful domain addition, the Add users landing page appears.
  2. Click the Import users button.
    import users
  3. Select Import from the top menu and click the Import users button. The domains you added in Zoho eProtect get selected automatically.
    select domains
  4. Click Proceed to select the desired users. The SELECT USERS page appears and displays the below data:
    • Total users in the selected domains
    • Users selected to import
    • Available license
      select users to import
  5. Once you finish selecting the users, click the Proceed button.
  6. In the START IMPORT page, enter a value in the below fields:
    • Name for the import
    • Password for the users being imported
    • Confirm the new password
    • If required, select Force user to change password on next log in
    • If required, Import users only if provided alias available
  7. Click the Start button.
    start user import
  8. Select Refresh from the top menu to view the import status.
    import user status
  9. Click Proceed to Setup email protection for your organization.

Import Users via CSV

Follow these steps to import bulk users with a CSV file:

  1. Click Import and select Import using CSV file from the drop-down menu.
  2. Click the Import button.
  3. Use the drop-down menu to select the preferred domain to which you wish to import the users.
  4. Select Choose file.
  5. You can either drag and drop or Choose the file to upload. The users in your CSV file will be displayed for you to further scrutinize. You can choose to import all or only select users depending on your requirement.
  6. Click Proceed once you choose the users.
  7. On the START IMPORT page, Name your import for future reference.
  8. Enter the password for the users being imported and reconfirm the password.
  9. If required select the desired options from the below:
    • Force users to change password on next log in
    • Import users only if provided group exists
  10. Click Start.
  11. The import status on success and failure of user upload will be displayed. If the import status does not refresh automatically, you can click the refresh icon. You can start using other features in eProtect and access the import status in the Import using CSV file page.

Add Users Manually

Follow these steps to add users manually:

  1. Select Add Manually on the Add users page and click the Create button.
    create user manually
  2. Provide a value in the fields that follow:
    • Enter the First Name of the user.
    • Enter the user's Last Name.
    • Enter the preferred Username.
    • Enter a Password for the user's account.
    • Confirm the password.
    • Select Force user to change password on first log in if you want the user to change their password.
    • Select Department or click the + icon to add a new department.
    • Enable/disable Email Protection and eDiscovery based on your requirement.
  3. Click the Save button. The user gets added successfully.
    add user details
  4. Click the Proceed button to Setup email protection for your organization.

Setup email protection

Once you complete the add/import users, the Spam Processing page appears. You can Setup email protection for your organization on this page by following these steps:

  1. Select the type of Spam Processing that you want to set up:
    • Add header and forward - eProtect updates the email header with the content provided by admins and then forwards the email to the intended recipient.
    • Add subject tag and forward - eProtect appends the subject with the content provided by admins and then forwards the email to the intended recipient.
    • Quarantine - eProtect quarantines the email which can then be scrutinized by admins.
      setup email protection
  2. If you choose Add header and forward, follow these sub-steps:
    • Enter a Header Name and Header Value.
    • Click the + icon to add multiple headers as per your requirements.
    • To delete a header row, click the delete icon.
  3. If you select Add subject tag and forward, enter a Subject Tag.
  4. If you choose Quarantine, admins can moderate the quarantined emails from the Quarantine section.
  5. Click Proceed to Setup eDiscovery for your organization.

Setup Email Archival

To use Zoho eProtect's email archival feature, you must first configure eDiscovery settings. Follow these steps to setup email archival for your organization:

  1. Select the preferred option to receive emails for archival:
    Email Provider/
    Archival Type    		Google WorkspaceMicrosoft 365Other Providers
    JournalingYesYesNo
    APIYesYesNo
    MXYesYesYes
  2. Click the Advanced Settings drop-down and choose the Default retention policy.

    Note:

    If required, you can configure the default retention rule in the Retentions section after completing the setup.

  3. You can either select Retain forever or enter the number of days in the Retain for field.
    setup ediscovery
  4. Configure the eDiscovery Ingestion Filter. The filter you configure here will get saved as the default EDISCOVERY_FILTER in the Filter Rules section under eDiscovery.
  5. Choose either All emails or Emails based on the conditions below.
  6. If you selected Emails based on the conditions below, set the ingestion rule conditions from the below list:
    • Retain all sent emails
    • Retain all sent emails - outside the organization
    • Retain emails sent - only within the organization
    • Alternatively, you can specify selected domains and choose to retain the emails that are sent only to those domains.
    • Retain all received emails
    • Retain emails received - only within the organization
    • Retain emails received from external organization accounts
    • Alternatively, you can specify selected domains and choose to retain the emails that are received from those domains.
    • Exclude spam emails.

    Note:

    You can configure the eDiscovery ingestion filter in the Filter Rules section after completing the setup.

  7. Click Proceed.

Setup Outbound Relay

The final step in setting up your organization in Zoho eProtect is configuring Outbound Relay. Follow the Outbound Relay configuration steps based on your email provider:

Configure Outbound Relay in Google Workspace

Follow these steps to configure outbound server details in your Google Workspace account:

  1. Enable Outbound Relay in Zoho eProtect and enter your outbound IP address and IP mask.
    enable outbound relay
  2. Click the Add button.
    setup outbound relay
  3. Log in to your Google Workspace Admin Console.
  4. Select Apps on the left menu and select Google Workspace.
  5. Navigate to Gmail and select Routing.
  6. Hover over the Outbound gateway section and click the edit icon.
  7. Add eProtect's outbound Server details in the Outbound gateway section and click SAVE.
    • eprotect-outbound.zoho.com
    • eprotect-outbound2.zoho.com
    • eprotect-outbound3.zoho.com

You have successfully configured the outbound relay settings. Your organization's sent emails will be scrutinized by eProtect and then delivered to the intended recipients.

Note:

Since your emails will now be sent via Zoho eProtect, there is a possibility of an SPF mismatch and hence your emails could land in the spam folders. To avoid this, it is recommended that you configure Zoho eProtect's SPF records in your domain provider's DNS settings.

Configure Outbound Relay in Microsoft 365

Follow these steps to configure outbound server details in your Microsoft 365 account:

  1. Enable Outbound Relay in Zoho eProtect and enter your outbound IP address and IP mask.
    enable outbound relay
  2. Click the Add button.
    setup outbound relay
  3. Log in to your Microsoft Exchange Admin Center and select Mail flow on the left menu.
  4. To create a connector follow these instructions:
    1. Navigate to Connectors and click the Add a connector button. The New connector page appears.
    2. Choose Office 365 in the Connection from and Partner organization in the Connection to and click Next.
    3. Enter a connector name, an optional description and click Next. Make sure that the Turn it on checkbox is selected.
    4. Select Only when I have a transport rule set up that redirects messages to this connector and click Next.
    5. On the Routing page, select Route email through these smart hosts.
    6. Add the below outbound Server details by clicking the + icon.
      • eprotect-outbound.zoho.com
      • eprotect-outbound2.zoho.com
      • eprotect-outbound3.zoho.com
    7. Click Next. The Security restrictions page appears.
    8. Select the default security settings and click Next.
    9. Enter an active email address for validation, click the + icon and then select Validate.
    10. Click the Next button once validation is successful and click Save.
  5. To create a rule, navigate to the Rules section under Mail flow and follow the below steps:
    1. Click Add a rule on the top menu and select Create a new rule.
    2. Enter a rule name in the Set rule conditions page.
    3. Select The sender and is external/internal in the Apply this rule if field.
    4. Choose Inside the organization in the select sender location and click Save.
    5. Select Redirect the message to and the following connector in the Do the following field.
    6. Choose the connector which you created for eProtect in the select connector drop-down and click Save.
    7. Click Next. The Set rule settings page appears.
    8. Retain the default settings and click Next.
    9. Review the rule and click Finish.

You have successfully configured the outbound relay settings in your Microsoft 365 account. Your organization's sent emails will be scrutinized by eProtect and then delivered to the intended recipients.

Note:

Since your emails will now be sent via Zoho eProtect, there is a possibility of an SPF mismatch and hence your emails could land in the spam folders. To avoid this, it is recommended that you configure Zoho eProtect's SPF records in your domain provider's DNS settings.

Configure SPF records

When your organization's sent emails are routed through eProtect, the receiving server might detect a discrepancy in SPF value added in your DNS records. This can result in your emails to land in the spam folder. To avoid this scenario, it is recommended that you add Zoho eProtect's SPF record to your domain provider's Manage DNS page.​ Follow these steps to configure the SPF record:

  1. Log in to your domain provider's Manage DNS page.
  2. Locate the option to add a TXT record on the DNS page and click Add a record.
  3. In the Name/ Host/ Alias/ TXT, enter @ or leave it blank.
  4. In the Value/ Points To/ Destination field, add the SPF value v=spf1 include:one.zoho.com -all.
  5. If the TTL is editable, set it to the minimum possible value recommended by your domain provider.
  6. Save the TXT Record and give it an hour to two to propagate.
  7. Switch back to Zoho eProtect and click Proceed.
    setup outbound relay

You have successfully completed setting up your account in Zoho eProtect. Click Start using eProtect to proceed to the Zoho eProtect's landing page.
setup complete

You can familiarize the various options in Zoho eProtect by taking the site tour. Click the Get Started button to start the site tour. Based on your organization's need, navigate to the eDiscovery or Email Protection sections and configure the corresponding settings.
eProtect site tour