Smart Alerts - Incoming Email Alerts
With Incoming Email Alerts, administrators can configure alert messages or banners that will be displayed when users view specific sets of emails. Incoming alerts can be associated with a user, multiple users, or the entire organization, protecting them from phishing or fraudulent emails. All the enabled alerts will be processed in sequence and trigger specified actions for emails with the matching conditions.
These alerts are designed to enhance security and efficiency in managing incoming emails. For example, you can add alerts for emails from external users who are not a part of your organization. These alerts play a crucial role in safeguarding users from deceptive emails.
Note:
- It is mandatory to enable Organization Rules from the Spam Processing section in the Admin Console.
- The Incoming Alerts feature will be rolled out in a phased manner and be available only for organizations that use one of our paid plans.
- If you want the option enabled for your organization, please reach out to us at support@zohomail.com.
Table of Contents
Create New Alert
Follow these steps to create a new Incoming Alert:
- Log in to Zoho Mail Admin Console and select Security & Compliance in the left pane.
- Navigate to Smart Alerts and select Incoming Alerts.
- Click Create Now or select the Create button from the top menu, if there are any existing alerts.
- Provide an Alert Name and an optional Alert Description.
- Specify an Expiry date if needed.
- Select the Condition Type as per your requirement:
- Apply for matching conditions - Preferred action will be performed only if the incoming emails satisfy the conditions provided by you.
- No Conditions. Apply to all emails. - When chosen, all the emails you receive will go through the preferred action.
- Select one or more Conditions, the Operating parameter and the corresponding Action.
- Select the users, to whom you want to apply the alert from the Apply To drop-down:
- All Users - The alert will be applied to all the users in your organization.
- All users except selected users - The alert will be applied to all the users except the ones added to the list.
- Selected Users - The alert will be applied to the specific set of users you add.
- Select the respective option and click the Select users button to include or exclude users.
- Select the users you want to add to the list and click Submit. You can also remove a user from the list by clicking the Delete icon next to the user.
- If needed, fill in the Remarks column. These remarks will be linked to the relevant operational details within the Admin Report’s Audit Log for future reference.
- Review your alert and do one of the following:
- Create and enable alert- Your alert will not only be created but also be activated automatically to start processing emails with respect to its conditions and actions.
- Create alert - Your alert will only be created and not activated. That means if you want the alert to be applied to the emails you receive, you will have to manually activate it.
Available Condition
Zoho Mail provides multiple conditions based on which you can add alerts to the incoming emails. There can be more than one condition for a single alert depending on your organization's requirement. The various conditions are listed in the tables that follow:
| Parameter | Description | Value |
| Subject | The subject of the email | Click Add values, enter the desired subject and click Add. |
| MIME Message ID* | The ID that can be gathered from a MIME email's header | Click Add values, enter the desired MIME value and click Add. |
| MIME size (in MB) | The size of the non-text attachment specified in MB | Enter a value between 1 to 40. |
| X Mailer* | The desktop client from which the email was sent | Click Add values, enter the X-Mailer you wish to validate and click Add. |
| Header | The email header that needs to be verified for the provided values | Enter the Header Name and Header Value. |
Note:
*MIME message - Multipurpose Internet Mail Extensions supports non-text email attachments. A MIME header is added to the original email header from where you can gather the unique content ID/message ID used to identify the message.
*X-Mailer - Specifies which desktop client (For example, Apple client, Thunderbird, etc) was used to draft or send the email. Can be found in the email header.
| Parameter | Description | Value |
| Sender domain | The domain address of the email sender | Click Add domains, enter the sender domain name and click Add. |
| Sender IP address | The IP address of the email sender | Enter the sender's IP address that you wish to validate. |
| Sender DNS | The DNS address of the sender | Click Add values, provide the sender DNS and click Add. |
| Sender display name | The display name of the sender | Click Add values, enter the user's display name and click Add. |
| New sender | Checks if the email is received for the first time from the sender | Select Yes or No from the drop-down. |
| Is external sender | Checks if the sender is not part of the organization | Select Yes or No from the drop-down. |
| Is authenticated sender | Validates whether the sender's identity is authenticated | Select Yes or No from the drop-down. |
| Return path email address | The reverse-path/ bounce address of an incoming email | Click Add email addresses, enter the desired email address and click Add. |
| Reply-to email address | The reply-to address of an incoming email | Click Add email addresses, enter the desired email address and click Add. |
| Return path domain | The reverse-path/ bounce address's domain | Click Add domains, enter one or more domain names and click Add. |
| Sender email address | The 'from' address of the email sender | Click Add email addresses, enter the desired email address and click Add. |
| Parameter | Description | Value |
| To/CC email address | The email address in the To/CC field | Click Add email addresses, enter the desired email address and click Add. |
| Recipient's group | The groups that the user is part of | Select the preferred group from the drop-down. |
| Recipient's email policy | The email policy associated with the recipients | Select the email policy from the drop-down. |
| Recipient domain | Validates the domain address of the recipient | Click Add domains, enter one or more domain names and click Add. |
| Recipient count | Validates the number of recipients in the email | Provide a value between 1 to 100. |
| Parameter | Description | Value |
| SPF verification | The result of SPF verification | Select the desired authentication result from the available list:
|
| DKIM verification | The result of DKIM verification | Select the desired authentication result from the available list:
|
| DMARC verification | The result of DMARC verification | Select the desired authentication result from the available list:
|
| Parameter | Description | Value |
| Content | The content of the email | Click Add values, enter the content to be validated and click Add. |
| Email language | The language in which the email was composed | Click Select languages, add the desired languages and click Add. |
| Originating country | The country from which the email was sent | Click Select countries, add the desired countries and click Add. |
| URL domain in content | The domain names of the URLs available in email content | Click Add domains, enter one or more domain names and click Add. |
| URL in content | The existence of specified URLs in the email content | Click Add values, provide the URLs to be validated and click Add. |
| Parameter | Description | Value |
| Has attachment | Checks if any file is attached | Select Yes or No from the drop-down. |
| Attachment type | The type of attached file | Click Select attachments, add the attachment types and click Add. |
| Attachment size (in MB) | The size of the attached file in MB | Enter a value between 1 to 40. |
| Parameter | Description | Value |
| Has web bugs | The existence of web bugs in incoming email content | Select Yes or No from the drop-down. |
| Has JavaScript content | The existence of javascript content in the email content | Select Yes or No from the drop-down. |
| Has macros | The existence of macros in the email content | Select Yes or No from the drop-down. |
| Is bulk email | Validates if the email received is a bulk email | Select Yes or No from the drop-down. |
| Has frame tags | The existence of iframe tags in the email content | Select Yes or No from the drop-down. |
| Has object tags | The existence of object tags in the email content | Select Yes or No from the drop-down. |
| Has embed tags | The existence of embed tags in the email content | Select Yes or No from the drop-down. |
| Has form tags | The existence of form tags in the email content | Select Yes or No from the drop-down. |
| Has shortened URL | The existence of shortened URLs in the email content | Select Yes or No from the drop-down. |
| Has suspicious macros | The existence of suspicious macros in the email content | Select Yes or No from the drop-down. |
| Is sender display name spoofed | Verifies if the email sender name is spoofed | Select Yes or No from the drop-down. |
| Is cousin domain verification failed | Validates whether the cousin domain verification is failed for the sender domain | Select Yes or No from the drop-down. |
| Is suspicious FROM header | Verifies if the FROM header is suspicious | Select Yes or No from the drop-down. |
| Operators | Description |
| is | The respective parameter in the incoming email should exactly match the given criteria value. |
| is not | The respective parameter in the incoming email should not match the given criteria value. |
| contains | The respective parameter in the incoming email doesn't have to be an exact match but will pass even if it contains the given criteria value. |
| does not contain | The respective parameter in the incoming email doesn't have to be an exact match but will pass if it does not contain the given criteria value. |
| begins with | The respective parameter in the incoming email should begin with the given criteria value. |
| ends with | The respective parameter in the incoming email should end with the given criteria value. |
| is empty | The respective parameter in the incoming email should be empty. |
| is not empty | The respective parameter in the incoming email should not be empty. |
| is group member in | The recipient is a part of the selected group. |
| is not group member in | The recipient is not a part of the selected group. |
| matches | The respective parameter in the incoming email should match the regular expression pattern. |
| does not match | The respective parameter in the incoming email should not match the regular expression pattern. |
| true | The given condition should be true. |
| false | The given condition should be false. |
| is greater than | The respective parameter in the incoming email should only be greater than the given criteria value. |
| is lesser than | The respective parameter in the incoming email should only be lesser than the given criteria value. |
| is greater than or equal to | The respective parameter in the incoming email can be greater than or equal to the given criteria value. |
| is lesser than or equal to | The respective parameter in the incoming email can be lesser than or equal to the given criteria value. |
| is in range | The incoming email's IP address falls within the range entered. |
| is not in range | The incoming email's IP address does not fall in the range entered. |
After selecting the Conditions and the Operating parameters, provide the values with respect to the chosen conditions that need to be verified against. Upon providing these proceed to select the Actions that need to be performed for the emails with the chosen conditions.
The emails that match the specified conditions will be processed as per the actions defined in the alert. Select the necessary action and, if required, provide a value as given in the table that follows:
| Action | Description | Value |
| Show warning message | Displays a warning message | Click Add warning message, enter the text which you want to be displayed as warning and click Add. |
| Append text to subject | Appends a text in the subject | Click Add subject, enter the text which you want to be appended to the subject and click Add. |
| Add custom header | Adds a custom value in the header | Click Add header details, provide the header name and value and click Add. |
Alert processing and priority
You can add any number of Incoming alerts to different types of incoming emails. In the case of multiple alerts, the sequence of processing is determined by the sequence in which they are listed. The alert with the highest priority(1), i.e., the one listed first, will take precedence over alerts with lower priorities listed subsequently. Once an email matches the conditions of a particular alert, the actions specified in the alert will be applied to the email. The same email will not be scrutinized against the subsequent alerts in the list.
Modify Incoming Alert
Follow the below steps to edit an alert:
- Log in to Zoho Mail Admin Console and select Security & Compliance on the left pane.
- Navigate to Smart Alerts and select Incoming Alerts.
- Select the alert that requires modification from the list and click Edit in the top right corner.
- Make the necessary changes and click Update.
Additionally, you can search and edit the incoming email alerts based on the associated users. Navigate to the search bar and select the applicable to or not applicable to parameters from the listing as per your requirements. Choose a specific user from the list and press enter. All the incoming alerts associated with or not associated with that particular user will be displayed. You can then select the alerts from the list and make the required changes.
Enable or Disable an Alert
Follow the below steps to enable or disable an Alert:
- Log in to Zoho Mail Admin Console and select Security & Compliance on the left pane.
- Navigate to Smart Alerts and select Incoming Alerts.
- Toggle the status button to ON or OFF in order to enable or disable an alert.
Remove Alerts from the list
In situations where an alert is no longer required or has expired, they can be removed by using the Delete option. Follow these steps to delete an alert:
- Log in to Zoho Mail Admin Console and select Security & Compliance on the left pane.
- Navigate to Smart Alerts and select Incoming Alerts.
- To remove an Alert:
- Hover over an existing or expired alert and click the delete icon.
- Alternatively, you can select the desired alert, click Delete on the top menu and choose the required option:
- Delete selected alerts
- Delete all expired alerts
- Delete all alerts
- Click Delete in the confirmation dialog that appears.
This will remove the incoming alerts from your list. Please note that once removed, the alerts cannot be retrieved and will be permanently removed from the list.