Views:
Just like physical letters, an email message has two sets of addresses: the envelope address and the message header address. The envelope address, like the address on the outside of an envelope, is used by the MTA to route and deliver the email message; the message header address, which is part of the message header, is similar to the address attached to a salutation at the start of a physical letter.
The Settings tab on the Sender Filter screen enables you to choose the type of sender addresses Cloud Email Gateway Protection uses to match the approved or blocked sender list.
The following options are available:
  • Envelope addresses
  • Message header addresses
By default, both options are selected. Cloud Email Gateway Protection uses both addresses for matching. The Message header addresses option can be modified while the Envelope addresses option cannot.
Note
Note
If Message header addresses is selected on the QuarantineEnd User Quarantine Settings screen, Trend Micro recommends you also select it on the Sender Filter Settings screen. Otherwise, the approved or blocked senders added by end users will not work as expected.
Cloud Email Gateway Protection provides the capability of inserting an X-Header in the message header for email messages matching approved senders. If you select the Insert an X-Header in the message header if an approved sender matches check box, you can do extra actions based on the message header on your own MTA or mail server.
  • The following X-Header is inserted in the message header once an approved sender's envelope address matches:
    X-TM-Approved-Sender: envelope-sender
  • The following X-Header is inserted in the message header if an approved sender's envelope address does not match but the message header address matches:
    X-TM-Approved-Sender: header-sender
Cloud Email Gateway Protection also allows you to specify which of the following scanning criteria should not be applied to emails from approved senders:
  • IP reputation-based filtering
  • Unknown sender domain check
  • Spam
  • BEC
  • Phishing and other suspicious content
  • Graymail
  • Web Reputation
  • Social engineering attack
  • Unusual signal
  • Security risks
    Note
    Note
    When this option is selected, suspicious files identified by Correlated Intelligence will not be sent to Virtual Analyzer for further observation.
  • Anomalies
Note
Note
Unless specified otherwise, Cloud Email Gateway Protection considers the envelope address as the common sender address.
Regardless of your sender address settings, IP reputation-based filtering and unknown sender domain check will always use Envelope addresses rather than Message header addresses to match the approved or blocked sender list. Unknown sender domain check refers to the check that verifies if the sender's envelop address has a valid DNS A or MX record.