Organization Spam Control

Organization Spam Control

Spam Control section provides options to customize the Spam Control options, with custom controls to reject emails or move the emails to 'Quarantine' area from where the administrator can approve or reject the emails.

SPF Verification:

SPF or Sender Policy Framework are the DNS records that define the email servers that are allowed to send emails based on the particular domain.  For incoming emails, the SPF validation is based on the sending domain's published SPF Record and the IP from which the emails are received. In case of a conflict, the SPF validation returns soft fail or fail for the emails. The administrator can choose to 'Temporary Reject' or 'Reject' or 'Allow (Process further)' or 'Move the emails to Quarantine' for the SPF Soft Fail and Fail cases. 

The SPF Soft Fail and Fail are based on the domain's SPF Records set for the domain. 

  • Permanent Reject: To directly bounce back the emails, if the SPF fails/ soft fails based on the option chosen.
  • Temporary Reject: To temporarily reject emails with 4xx errors. The retries will be checked for SPF Again and will be accepted if the sender has corrected or updated the SPF records.
  • Allow: To move the email to further Spam Processing, without rejecting the email.
  • Quarantine: To move the email to the Spam Quarantine, for review by the administrator.

DKIM Verification:

When an incoming email has a DKIM signature in the header, the DKIM validation happens for the email. In case the DKIM is found not valid, then the administrator can choose one of the below actions for such emails.  

  • Permanent Reject: To directly bounce back the emails, if DKIM Validation for the email fails. 
  • Temporary Reject: To temporarily defer the emails. 
  • Allow: To move the email to further Spam Processing, without rejecting the email.
  • Quarantine: To move the email to the Spam Quarantine, for review by the administrator.

Zoho Blacklist (DNSBL)

Zoho maintains a consolidated Blacklist based on User Spam Marking, Abuse patterns and certain third-party blacklists subscribed by us. Similar to SPF and DKIM, the organization administrator can add rules to control the execution of the Zoho Blacklist. The administrator can control the delivery of emails based on his organization's requirements. 

  • Permanent Reject: To directly bounce back the emails, if the sending domain/ email address or IP address is present in the Zoho Blacklist.
  • Temporary Reject: To temporarily defer the emails, if the sending domain/ email address or IP address is present in the Zoho Blacklist
  • Allow: To move the email to further Spam Processing, without rejecting the email. 
  • Quarantine: To move the email to the Spam Quarantine, for review by the administrator. 

DMARC Verification:

DMARC policy is an email authentication protocol built on the widely deployed SPF and DKIM protocols. If there is an authentication failure, and the DMARC policy is set to quarantine, the administrator of the recipient domain can choose one of the below actions to perform on the emails.

  • Allow: To move the email to further Spam Processing, without rejecting the email.
  • Move to Spam: To mark the email as Spam, without any further check.
  • Move to quarantine: To move the email to the Spam Quarantine, for review by the administrator.

Quarantine Messages

The Quarantine is the section, where the emails, which may be considered as Spam due to SPF/ DKIM validation failure or based on Organization or Zoho Blacklist, can be optionally moved for review by the administrator based on Antispam.

From the quarantine, the administrator can select multiple emails and click Deliver to deliver the emails to the Inbox of users. Similarly, to reject the emails, the administrator needs to select the emails to reject and select delete. The administrator can click the email to view the message headers of the email.

You can also search for specific quarantined emails based on the available criteria. The search can be performed based on criteria such as Subject, Sender, To or Cc, Email Content, Attachment Name, Attachment Content or Date. By default, the entire message will be searched. 

A notification email can be sent to the recipient of the quarantined email and a selected admin each time an email is quarantined. From the quarantine, the administrator can select multiple emails and click Deliver to deliver the emails to the Inbox of users. Similarly, to reject the emails, the administrator needs to select the emails to reject and select delete. 

Quarantine Notifications:

When an email is quarantined due to the failure of any of the spam checks, a notification email will be triggered. This email will be sent to the recipient to whom the quarantined email is addressed, and a copy will be sent to one of the selected Admins.

Similarly, when an email that is sent to a group is quarantined, the notification email will be sent to the group moderator. If the group does not have a moderator, it will be sent to the organization admin. 

The notification email will contain details such as the sender of the quarantined email, the email subject, the date and time at which the email was sent and the reason why it was quarantined.

 In the Quarantine Notification section, you can choose whether you want to be notified by email or not, the members who need to be notified, and how often the notification can be sent.

You can also set the frequency at which the check for quarantine emails needs to be performed from the dropdown list.

Notification by email - You can choose whether you want to be notified by email here.

Check for new quarantined emails, once in - Select how frequently you want to receive notification about the quarantined emails.

Notification Email Address - Select the email address to which the notification has to be sent from the list of Admin / Super Admin email addresses.

Whitelist Email/ Domains:

Whitelists can be defined commonly for the entire organization. The administrators can define entire domains or specific email addresses as a Whitelist domain/ email address to make sure that the emails from the domain do not get marked as Spam. However, in case there is an SPF failure, and there is no action set for SPF failure, the whitelist domain/ email will not be marked as 'Not Spam'. In case of SPF failure, the email may be a possible Spoofed Email, and hence the email address/ domain added to the whitelist will not be effective in that case. 

The Trusted Emails List in this section refers to those email addresses that do not have to undergo any spam processing. If you have any email addresses that fall under this category, you can add it here. Any email from these addresses will directly get delivered to the respective mailbox.

The Trusted Domains list in the Whitelist section refers to the domains that do not need to undergo any Spam Processing at all. You can add domains for which you do not want any spam processing to happen in this section. Emails from these domains will directly get delivered to your mailbox. If a domain that you have added in the Trusted Domains list sends a spoofed email, this will also get delivered to the respective mailbox.

In the Trusted IP List you can enter the IP addresses that you would like to Whitelist. Click the Add IP Address button and enter the relevant IP addresses.

This is particularly handy when you know that the sending domain has incorrect SPF/ DKIM settings and you want to allow only these domains from your otherwise strict SPF/ DKIM policies for Spam Control.  

Blacklist Email/ Domains:

Blacklists can also be defined commonly for the entire organization. The administrators can mark entire domains, TLDs or specific email addresses as Blacklist domain/ Blacklist Email address. In these cases, even if the domain passes the SPF test, the email from that domain will be marked as Spam.

The administrator can control the delivery of emails based on his organization's requirements. 

  • Allow Email: To allow the email to reach the recipient's account.
  • Reject: To directly bounce back the emails, if the sending domain/ email address is present in the administrator-defined Blacklist.
  • Quarantine: To move the email to the Spam Quarantine, for review by the administrator. 

In the IP List ​tab you can enter the IP addresses that you would like to blacklist. Click the Add IP Address button and enter the relevant IP addresses.

Note:

  • You will not be allowed to include your domain's TLD to your Organization Blacklist.
  • The IP List options for Whitelist and Blacklist will not be available for organizations in the free plan.

Spoof Control:

Cousin Domains:

Cousin Domains are domain names that are very similar to any other valid domain name. If you expect a domain to send genuine emails, but want to mark an email from any other variations of the domain name as spam, you can add it here.

For example, if zoho.com sends genuine emails, but emails from zoho1.com, needs to be processed for spam, you can add zoho.com here.

  1. Login to the Zoho Mail Control Panel.
  2. Go to the Spam Control section, and navigate to the Spoof Control tab.
  3. Select the Cousin domains option.
  4. In the Email Delivery section, select the action for emails that have similar domain names.
  5. In the Domain List, enter the names of domains for which the cousin domain check has to be done.

By default, your internal domains will be considered here, and any emails from a domain name that is similar to yours will also be marked as spam.

Display Name Fraud:

You can control the fraudulent usage of display names by setting up the respective conditions for emails that violate your customization. You can set up a display name and associate one or more email addresses with this display name in the Zoho Mail Control Panel. For example, consider the email address ceo@mydomain.com, you can ensure that the display name, 'CEO' associated with this email address cannot be used by any other email address. 

Follow the below steps to add a policy to prevent display name fraud:

  1. Login to the Zoho Mail Control Panel.
  2. Go to the Spam Control section, and navigate to the Spoof Control tab.
  3. Select the Display name fraud option.
  4. In the Email Delivery section, select the action for emails that have spoofed display names.
  5. In the Display Name - Email Address List, enter the Display Name and the relevant Email Address, and click Add.

You will be able to see a list of the Display Names and the respective Email Addresses that you have added in the list.

Note:

The Cousin Domains and Display Name Fraud features will only be available for organizations that are using one of our paid plans.

Language / Location based Spam Control:

Language based spam:

You can allow or reject mails based on the language of the email. You can set the languages according to your preference in the Zoho Mail Control Panel.

Follow the below steps to add languages:

  1. Login to the Zoho Mail Control Panel.
  2. Go to the Spam Control section, and navigate to the Language/Location tab.
  3. Go to the Language based spam menu
  4. Select whether you want to allow or block specific languages.
  5. Search and add the languages that you would like to enter here.

Based on the preferences set, emails in the languages that you've entered will either be blocked or allowed.

Country based spam:

Based on the location of origin of emails, you can either reject the email, mark it as spam or move it to the quarantine list.

Follow the below steps to add locations:

  1. Login to the Zoho Mail Control Panel.
  2. Go to the Spam Control section, and navigate to the Language/Location tab.
  3. Go to the Country based spam menu
  4. Search and add the countries in the Reject or Spam or Quarantine list.

Emails from the respective countries will be processed according to the preferences that you have set.

Note:

The language and country-based spam control features will only be available for organizations that are using one of our paid plans.

Share this post : FacebookTwitter

Still can't find what you're looking for?

Write to us: support@zohomail.com