Spam Control Settings

Spam Verification Settings

The Zoho Mail Admin Console lets you customize the actions that need to be taken when certain emails fail verification of protocols such as SPF, DKIM, DMARC, etc. You can choose an action that best suits your organization's requirements from the actions permitted. Additionally, you can also choose the type of spam processing and many other such settings for your organization.

Spam Processing:

Zoho Mail lets you choose the type of spam processing, and customize the sender-based alerts and post-delivery spam checks for your organization.

  1. Login to the Zoho Mail Admin Console.
  2. Go to the Security & Compliance menu, and select Spam Control .
  3. The ​Spam Processing section will open up.
  4. Organization Spam Process Type: The level of spam processing that you'd like to configure for the organization. Zoho Mail's spam filters will act based on the option chosen by you.
    Select the type of spam processing that you want to set up. 
    • Complete - The entire email, including the content, sender, and headers will be processed by our spam filters.
    • Content only - Only the email content will be processed for spam.
    • Sender only - The sender of the email will be processed by our spam filters.
    • Sender and header only - The email header and the sender will be processed for spam.
    • Spam settings only- Based on the organizations' or users' spam settings, the emails will be processed for spam. However, the system level spam checks based on the email header and content won't be done.
    • Off - Spam processing will be turned off for your organization.

      System level spam email rejection: You can choose to enable or disable system level spam email rejection. If enabled, all emails classified as spam based on system level spam checks like sender reputation, previous spam email history, and system level blacklists at reception level, will be rejected from entering the system. If disabled, the emails classified as spam will be sent to the Spam folder.
      Spam processing 
  5. Sender-based Alerts: You can choose to alert your organization users based on the sender of the email. The kind of senders for whom you'd like to alert the recipient can be chosen here. 
    Select what type of senders you would like to alert your org users for. 
    • Disable - This option will disable sender-based alerts.
    • Unauthenticated emails - Org users will be alerted if emails do not pass SPF or DKIM validation.
    • External emails - Users will be alerted if email senders are not a part of your organization.
    • Non-contact emails - Users will be alerted if email senders are not a part of their address book. 
      sender-based alerts
  6. Post-delivery Spam Checks: Even after emails have been delivered to users' mailboxes, background spam checks are conducted on the emails. You can choose the emails on which you would like to conduct a spam check after email delivery. ​Select the emails on which you want to perform spam check after the email delivery.
    • Disable - This will disable spam check after email delivery.
    • Unread emails alone - Spam processing will be conducted only on unread emails after email delivery.
    • All emails - Spam processing will be conducted on all delivered emails.
      post-delivery spam checks

SPF Verification:

SPF or Sender Policy Framework is the DNS record that defines the email servers that are allowed to send emails based on the particular domain. For incoming emails, the SPF validation is based on the sending domain's published SPF Record and the IP from which the emails are received. In case of a conflict, the SPF validation returns soft fail or fail for the emails. The administrator can choose to 'Temporary Reject' or 'Reject' or 'Allow (Process further)' or 'Move the emails to Quarantine' for the SPF Soft Fail and Fail cases. 

To customize the action on emails that have failed SPF validation, follow the below instructions:

  1. Login to the Zoho Mail Admin Console.
  2. Go to the Security & Compliance menu, and select Spam Control, and select Spam Verification .
  3. Under SPF Verification, select the actions for SPF failure and SPF soft failure.
    • Permanent reject: To directly bounce back the emails, if the SPF fails/ soft fails based on the option chosen.
    • Temporary reject: To temporarily reject emails with 4xx errors. The retries will be checked for SPF Again and will be accepted if the sender has corrected or updated the SPF records.
    • None: To move the email to further spam processing, without rejecting the email.
    • Move to quarantine: To move the email to the spam quarantine, for review by the administrator.
      SPF

DKIM Verification:

When an incoming email has a DKIM signature in the header, the DKIM validation happens for the email. In case the DKIM is found not valid, then the administrator can choose one of the below actions for such emails.  

To customize the action on emails that have failed DKIM validation, follow the below instructions:

  1. Login to the Zoho Mail Admin Console.
  2. Go to the Security & Compliance menu, and select Spam Control, and select Spam Verification .
  3. Under DKIM Verification, select the actions.
    • Permanent reject: To directly bounce back the emails, if the DKIM validation fails based on the option chosen.
    • Temporary reject: To temporarily reject emails with 4xx errors. The retries will be checked for DKIM Again and will be accepted if the sender has corrected or updated the DKIM records.
    • None: To move the email to further spam processing, without rejecting the email.
    • Move to quarantine: To move the email to the spam quarantine, for review by the administrator.
      DKIM

DMARC Verification:

DMARC policy is an email authentication protocol built on the widely deployed SPF and DKIM protocols. If there is an authentication failure, and the DMARC policy is set to quarantine, the administrator of the recipient domain can choose one of the below actions to perform on the emails.

  1. Login to the Zoho Mail Admin Console.
  2. Go to the Security & Compliance menu, and select Spam Control, and select Spam Verification .
  3. Under DMARC Verification, select the actions.
    • None: To move the email to further spam processing, without rejecting the email.
    • Move to Spam: To mark the email as spam, without any further check.
    • Move to quarantine: To move the email to the spam quarantine, for review by the administrator.
      DMARC

DNSBL Verification:

Zoho maintains a consolidated Blocklist based on User Spam Marking, Abuse patterns, and certain third-party Blocklists subscribed by us. Similar to SPF and DKIM, the organization administrator can add rules to control the execution of the Zoho Blocklist. The administrator can control the delivery of emails based on his organization's requirements. 

  1. Login to the Zoho Mail Admin Console.
  2. Go to the Security & Compliance menu, and select Spam Control, and select Spam Verification .
  3. Under DNSBL Verification, select the actions.
    • Permanent reject: To directly bounce back the emails, if the sending domain/ email address or IP address is present in the Zoho Blocklist.
    • Temporary reject: To temporarily defer the emails, if the sending domain/ email address or IP address is present in the Zoho Blocklist.
    • Move to Spam: To mark the email as spam, without any further check.
    • Quarantine: To move the email to the Spam Quarantine, for review by the administrator.
      DNSBL

 

Share this post : FacebookTwitter

Still can't find what you're looking for?

Write to us: support@zohomail.com