Email Policy Customization  

An email policy or email usage policy is a set of rules and regulations laid down by an organization for its users to follow while using their professional email addresses. This can easily be confused with the email policy which administrators configure for specific users or groups. The Email Policy section under Mail Settings in Zoho Mail Admin Console allows an admin to manage and review the organization's email sending and receiving parameters.

In Zoho Mail, you can define multiple email policies and apply them to various sets of users and groups. You can add email policies to restrict email access from other devices, other networks and also add account restrictions in the email policies.

It also helps the administrator to define and apply different privilege levels and restrictions to users and groups based on their role, requirement, and permissions in the organization. The different types of policies that can be set using Zoho Mail's secure email policy can be classified based on email and domain, access, account and email forwarding restrictions. 

Zoho Mail applies the default Zoho Mail Business Policy to users and groups on creation. You can create new policies based on your organization's requirement and apply them to specific users and groups.

Steps to define new email policy

  1. Create a new email policy.
  2. Configure the General Restrictions for the policy.
  3. Add an Email and domain Restriction.
  4. Add an Account Restriction.
  5. Add an Access Restriction.
  6. Add an Email Forwarding Restriction. 
  7. Apply the relevant restrictions to the policy.
  8. Apply the configured policy to users and groups.

Creating a new email policy

  1. Login to the Zoho Mail Admin Console.
  2. Go to the Mail Settings menu from the left pane and select Email Policy.
  3. You will see the default Zoho Mail Business Policy listed.
  4. Click Create to create a new policy.
  5. Enter a name for the policy that you are going to create, and click Create.
  6. You will now have to define the restrictions that you would like to apply in this policy.

General Restrictions

  1. In the General tab of a policy that you have created, you can change the name of the policy if required.
  2. Enter the maximum incoming and outgoing email size that you want to allocate for this policy. A maximum of 40MB is permitted. 
  3. Then, enter the number of incoming emails permitted per minute in this policy. A maximum of 100 emails per minute is permitted. 
  4. You can choose to enable/ disable the Mailbox delegation access to the users to whom the policy is assigned.

Email Restrictions

In this section, you can define the allowed or blocked domains, email addresses, attachment types and the subject text for incoming and outgoing emails.

Steps to define new email restrictions:

  1. In the Admin Console, go to the Mail Settings menu. 
  2. Go to the Email Restrictions section.
  3. Click Create and enter a new name for the restriction.
  4. You can define restrictions for domains, email addresses, attachments and email subjects in this section.

Domains

The options available under domain restrictions are:

  • No restrictions
  • Org Domains only - To allow emails only within the organization
  • Blocked domains
  • Allowed domains

You can define the restrictions for incoming emails, outgoing emails or for both. You can allow or block certain domains for incoming and/or outgoing emails.

Allow: When you specify a domain as allowed domain for outgoing, the users and groups for whom the policy is applied will be able to send emails only to those domains. When they send emails to other domains, the outgoing server will reject them and bounce the email back to the sender.
Block: When you specify a domain as a blocked domain, emails can be sent to all the domains, other than the ones specified in the blocked domain.
Org Domains only: You can also allow email sending or receiving within the organization domains alone. When this restriction is applied, emails cannot be sent outside the organization domains or received from external accounts.

You can choose no restrictions to allow sending and receiving of emails without any domain restrictions.

Email Address

The options available under email address restrictions are:

  • No restrictions
  • Blocked email addresses
  • Allowed email addresses

You can define the restrictions for incoming emails, outgoing emails or for both.  You can allow or block certain email addresses for incoming and/or outgoing emails.

Allow: When you specify an email address as allowed email address for outgoing, the users and groups for whom the policy is applied will be able to send emails only to those email addresses. When they send emails to other email addresses, the outgoing server will reject them and bounce the email back to the sender. The same can be applied to incoming emails as well. When the restriction is applied for incoming, the incoming emails are delivered only from the allowed email addresses. Any email from the other email addresses not specified in the list will be rejected (bounced back). 
Block: When you specify an email address as blocked email address, the emails can be sent to all the email addresses, other than the one specified in the blocked email addresses.

You can choose no restrictions to allow sending and receiving of emails without any email address restrictions.

Attachment

The options available under attachment restrictions are:

  • No restrictions
  • Blocked attachments
  • Allowed attachments

You can define the attachment type restrictions for incoming, outgoing or for both. You can allow or block certain attachment types for incoming and/or outgoing emails.

Allow: When you specify some attachment types as allowed type for outgoing, the users and groups for whom the policy is applied will be able to send emails only with the specified attachment type. When they send emails with other attachment types, the outgoing server will reject them and bounce the email back to the sender.
Block: When you specify a type as blocked attachment type, the emails can be sent with any other attachment, other than the ones specified in the blocked attachment.

You can make sure that attachments with specific file names are blocked or allowed for both the incoming and outgoing emails. 

For example, if you want to specify files with the name check, follow the below instructions:

  1. Select whether you want to apply the attachment conditions for incoming or outgoing.
  2. Once you click on either incoming or outgoing, select the condition you want to apply.
  3. You can choose no restrictions to allow sending and receiving of emails without any attachment restrictions.
  4. If you choose either the Allowed or Blocked option, enter the file name that you would like to specify.
  5. Follow the below convention to mention the file names:
    • Mention check if the file might contain the name check
    • Mention "check" if the name of the file might be check
    • Mention *check if the file name might end with check
    • Mention check* if the file name might begin with check
  6. The restriction will be applied according to your specifications.

Subject

The options available under email subject restrictions are:

  • No restrictions
  • Blocked subjects
  • Allowed subjects

You can define the restrictions for incoming, outgoing or for both. You can allow or block certain subjects for incoming and/or outgoing emails.

Allow: When you specify some subjects as allowed email subject for outgoing, the users and groups for whom the policy is applied will be able to send emails only with that subject. When they send emails with other subjects, the outgoing server will reject them and bounce the email back to the sender.
Block: When you specify a subject as a blocked email subject, the emails can be sent with any other subject, other than the ones specified in the blocked subject.

Ex: If you specify the word "pharmacy" in the subject, it will block the emails irrespective of where the word appears in the subject. 
You can choose no restrictions to allow sending and receiving of emails without any subject restrictions.

Account Restrictions

You can define the account-based restrictions in this section. In this section, you can provide permissions to add external accounts as POP in Zoho and options to customize their signatures in Zoho Mail. You can also restrict the import/export of emails by the users and groups. 

Steps to define new account restrictions:

  1. In the Admin Console, go to the Mail Settings menu. 
  2. Go to the Account Restrictions section.
  3. Click Create and enter a new name for the restriction.
  4. You can define account-based restrictions such as external account access, import/export of emails, etc. from this section.

External Accounts Access

By default, Zoho Mail allows users to configure their external accounts via POP or IMAP. As an administrator, if you do not want the users to access their other accounts via POP, you can turn it off in this section. When turned off, the users for whom the policy is applied, will not be able to add the external accounts via POP. 

Signature Customization

Zoho Mail allows the users to configure and use multiple signatures for their accounts. As an administrator, you can turn off the feature. When the option is turned off, the users for whom the policy is applied, will not be able to customize their signatures, from the webmail console. 

Import/ Export Emails

In the webmail and in the Admin Console, users and administrators have a feature to migrate emails in EML or ZIP format using the Import/Export Emails option. For security and privacy reasons, you can choose to turn off this feature for the users through email policy. 

When turned off, the users will not be able to import emails into Zoho Mail or export the emails from Zoho Mail. 

Add to Cloud

Users can save incoming attachments to Zoho Docs and also other cloud services like Google Drive, Dropbox, etc. However, the administrator can turn off the Add to Cloud option using the email policy to not allow users to save attachments to cloud storage. 

Attach from Cloud

Users can attach files from Zoho Docs or other cloud services like Google Drive, Dropbox, etc. to the emails that they are sending. However, the administrator can turn off the Attach from Cloud option using the email policy to not allow users to add attachments from cloud services.

Display BCC

While composing emails, users will have the option to send emails as a Blind Carbon Copy (BCC). However, the administrator can turn off the Display BCC option, to make sure that users do not have the option to BCC email addresses in their emails.

Access Restrictions

You can define the access restrictions in this section. You can provide permissions to access the account via POP, IMAP, and/or ActiveSync. Additionally, you can also decide whether the user can set up email forwarding from the account or not. 

Steps to define new email restrictions:

  1. In the Admin Console, go to the Mail Settings menu. 
  2. Go to the Access Restrictions section.
  3. Click Create and enter a new name for the restriction.
  4. You can define restrictions for domains, email addresses, attachments and email subjects in this section.

POP Access

Zoho Mail allows users to enable their POP access, and retrieve emails via POP in email clients like Outlook, Thunderbird, etc. If you want to enable any access restrictions, you can turn off the POP access for the specific set of users. When turned off, the users, for whom the policy is applied, will not be able to access the Zoho account via POP. If they try to enable POP in webmail, they will receive an error message.

IMAP Access

Zoho Mail allows users to enable their IMAP access, and retrieve emails via IMAP in email clients like Outlook, Thunderbird, etc. When turned off, the users for whom the policy is applied, will not be able to access the Zoho account via IMAP in other clients like iPhone, K9 etc. 

ActiveSync

When turned off, the users for whom the policy is applied, will not be able to access the Zoho account via Active Sync in other clients like iPad, Android etc.

Email Forwarding

When turned off, the users, for whom the policy is applied, will not be able to configure email forwarding from the Zoho accounts to external accounts.

Display POP/IMAP Settings

The POP/IMAP options will be visible to the users in their Settings Page. However, if the admins turn off the Display POP&IMAP Settings option, users will not be able to change their POP/IMAP status. Only the admins will be able to enable/disable POP/ IMAP access for the users' accounts.

Display Email Forwarding Settings

The Email Forwarding options will be visible to the users in their Settings Page. However, if the admins turn off the Display Mail Forward Settings option, users will not be able to change their email forwarding settings. Only the admins will be able to add or remove the email forwarding for the users' accounts.

You can also specify the IP restrictions if any for the users to whom the policy is applied to.

Maximum Session Count

The maximum number of open sessions for a specific user account can be set. Turn on the Max Session Count option and enter the necessary limit. A minimum limit of 1 and a maximum limit of 25 can be set. Once the maximum limit set has been crossed, the user will not be able to log into their account in a new session. The user can close the current sessions and then log in to a new one. 

Mail Client IP Restriction

If you have set up an IP restriction for your users, you can turn on the Mail Client IP Restriction to apply the IP range if external email clients are being used. Users to whom this policy has been applied will be able to access their mailbox only from this IP range, irrespective of whether they are logging in from webmail or external email clients. If an IP range is not set, this IP restriction will not take effect.

Allowed IP Addresses

If you would like to restrict the IP addresses from which users can log in to their accounts, you can set up the IP range in the Allowed IP Addresses section. Users will not be able to log in to their accounts outside this IP range.

Forward Restrictions

If you would like all outgoing emails sent by users to whom this policy is applied to be forwarded to another email address in the organization, you can configure it here.

Steps to define new forward restrictions:

  1. In the Admin Console, go to the Mail Settings menu. 
  2. Go to the Forward Restrictions section.
  3. Click Create and enter a new name for the restriction.
  4. In the Outgoing Email Forwarding Policy field, enter the email address to which all outgoing emails should be forwarded. 

The outgoing emails can be forwarded only to another organization account and not to any external account.

Applying restrictions to the policy

After you have created all the necessary restrictions, you need to apply them to the relevant policy. 

  1. In the Admin Console, go to the Mail Settings menu.
  2. Go to Policies, and select the policy with which you would like to associate the restrictions.
  3. In the Restrictions dropdown, select Email Restriction.
  4. In the Email Restriction Applied dropdown, select the restriction that you'd like to associate with this policy.
  5. Review the settings once, and click Change.
  6. In the Restrictions dropdown, select Account Restriction.
  7. In the Account Restriction Applied dropdown, select the restriction that you'd like to associate with this policy.
  8. Review the settings once, and click Change.
  9. In the Restrictions dropdown, select Access Restriction.
  10. In the Access Restriction Applied dropdown, select the restriction that you'd like to associate with this policy.
  11. Review the settings once, and click Change.
  12. In the Restrictions dropdown, select Forward Restriction.
  13. In the Mail Forward Restriction Applied dropdown, select the restriction that you'd like to associate with this policy.
  14. Review the settings once, and click Change.

​Now, the relevant restrictions will be applied to the policy that you have created.

Associate policy with users and groups

Next, you need to associate this policy with the respective users and groups.

Steps to associate policy with users and groups

  1. In the Admin Console, go to the Mail Settings menu.
  2. Go to Policies, and select the policy with which you would like to associate users and groups.
  3. Go to the Associated Users tab.
  4. Click Add to manually select the users for this policy. Select the users that you'd like to add, and click Proceed.
  5. Click Import if you'd like to import users for this policy using a CSV file. Browse and select the CSV file containing the user list, and click Import.
  6. Similarly, go to the Associated Groups ​tab.
  7. Click Add to manually select the groups for this policy. Select the groups that you'd like to add, and click Proceed.
  8. Click Import if you'd like to import groups for this policy using a CSV file. Browse and select the CSV file containing the group list, and click Import.
  9. You can also change the policy of users in this section by clicking the Change Policy icon the respective user. You can also select multiple users, click on the Change Policy icon and select the policy you'd like to apply for all the selected users.

You can also apply the email policy for users and groups in the user-specific or group-specific settings, or even at the time of creating the user or group.

Note:

  • You can create multiple policies and apply them to different sets of users or groups, but you can apply only one policy to a particular user or group.
  • If you delete a specific policy, all users or groups under that policy will be moved to the Default Policy.
  • If an admin associates another admin with an email policy, the restrictions in that policy will apply to the admin as well. 
  • The restrictions created by the email policy apply not only in the Mail Settings but in the Mail Admin Console too.

Still can't find what you're looking for?

Write to us: support@zohomail.com