Security and Compliance Dashboard
The security and compliance dashboard in the Zoho Mail Admin console provides an overview of all the recommended security configurations. It displays the overall security and compliance score along with the completion status for each action.
The security and compliance score assesses your progress in completing the recommended actions to improve your organisation's security. The highest score indicates that your organisation is highly secure against all types of spoofing, account breaches and any data leaks, while the lowest score indicates that your organisation is vulnerable to a security breach. It is recommended to complete all the mentioned actions to keep your data secure.
- Spoofing - An email is considered to be spoofed when spammers forge an email address of an organization/ person.
- Malware - Malware is any file or program that is intentionally designed to harm your computer/ network/ server.
- Account Breach - Account breach is a security violation that exposes any confidential or sensitive information by an outsider.
- Data Exfiltration - Data exfiltration is an unauthorised removal or movement of data from a device.
- Data Leak - Data leak is accidental exposure of sensitive data onto the internet.
Certain security actions will be configured automatically such as MX records, SPF verification, and so on. Click Incomplete to quickly view the list of pending security actions.
|DKIM Verification||DKIM is an email authentication method that uses encryption to validate if an email is generated from systems authorized by the domain administrator. Emails are detected as spam in case of DKIM Failure. Learn more|
|DMARC Verification||DMARC is an email authentication protocol, which builds on the widely deployed SPF and DKIM protocols. In case of authentication failure, the DMARC policy is set to quarantine. Learn more|
|DMARC Policy||DMARC is an email authentication protocol. It builds on the widely deployed SPF and DKIM protocols. Additionally, it includes a reporting function that allows senders and receivers to monitor and protect their domain from fraudulent email. Learn more|
|DNSBL Verification||DNSBL is a consolidated blocked list based on user spam marking, abuse patterns, and certain third-party blocklists. Emails are detected as spam if the sending domain/ email address or IP address is present on the blocked list. Learn more|
|SPF Verification||Sender Policy Framework, commonly known as SPF, is a text record associated with the domain to identify the servers permitted to send emails using the particular domain name. Emails are detected as spam in the case of SPF Failure and SPF Soft Failure. Learn more|
|Suspicious Login Alerts||Suspicious Login Alerts, if enabled send an email alerting users of any unusual logins into their email accounts. Learn more|
|Organization-wide TFA||Two-factor authentication is an additional security process to secure organization accounts with the combination of a password and a mobile device. You can choose to enable or disable TFA for your organization. Learn more|
|MX Record Configuration||MX records are special DNS Server records that designate recipient email servers for your domain. Configuring MX records for your domain ensures that all emails addressed to your domain are sent to the Zoho servers. Learn more|
|SPF Record Configuration||SPF is an authentication mechanism that helps in identifying the IP addresses permitted to send emails using the domain name. Learn more|
|DKIM Configuration||DKIM is an email validation system that uses encryption to validate if an email has been sent from authorized servers configured by the administrator of the domain. Learn more|
|S/MIME Configuration||Secure/Multipurpose Internet Mail Extensions (S/MIME) provides high-level security to your organization's emails. This encrypts the content of the email using keys, and curbs any misuse. It ensures that only authorized personnel can access your data. Learn more|
|No Trusted Senders||Emails from email addresses that are added to the Trusted Emails List get delivered to the mailbox without any spam check. These emails will not be validated for SPF/ DKIM/ blocklist checks. Please be doubly cautious before you add any email address to this list, as it may expose the organization to spam/ phishing attacks using this email address. Learn more|
|No Trusted Domains||Emails from domains that are added to the Trusted Domains List get delivered to the mailbox without any spam check. These emails will not be validated for SPF/ DKIM/ blocklist checks. Please be doubly cautious before you add any domain to this list, as it may expose the organization to spam/ phishing attacks using this domain. Learn more|
|Cousin Domain Verification||Cousin domains or look-alike domains are spoofed domains with their names similar to valid domains. If you expect a domain to send genuine emails, but want to mark an email from any other variations of the domain name as spam, you can add it in this section. Learn more|
|Display Name Verification||You can set up a display name and associate one or more email addresses with this display name. The emails that arrive with other display names, other than the ones added here will be considered fraudulent or spoofed emails. Learn more|
|Internationalised Spam Settings||You can allow or reject emails based on the language used in the email. If you allow certain languages, emails sent in those languages will be allowed and all the other emails will be moved to spam. Similarly, if you block certain languages, emails sent in those languages will be moved to spam and other emails will be allowed. Learn more|
|Group Privilege Settings||You can choose who can have access to create organization and personal groups under group privileges settings. By default, the super admin will have all the privileges in the organization. Learn more|
After you complete the security settings, click the tooltip next to each security Action to view the current configuration. You can modify the settings based on your organization's requirement.
This security feature will be available only for organizations that are using one of our paid plans.