Smart alerts
Administrators in eProtect can configure certain alerts to the outgoing and incoming emails as measure to protect them against spoofing and phishing attacks. These alerts, known as smart alerts can be added for the outgoing as well as incoming emails. They can be set to trigger alerts for various conditions, such as emails containing sensitive information, adherence to company policies, or the inclusion of specific keywords to the email. All the enabled alerts will be processed in sequence and trigger specified actions for emails with the matching conditions. Three such alerts can be added to emails. They are :
- Incoming alerts - All incoming emails will be scrutinized based on the conditions added and the relevant action will be taken.
- Outgoing alerts - The outgoing emails will be protected based on the conditions added and relevant action will be taken.
- Email banners - An email banner will be displayed inside emails that satisfy certain conditions.
Incoming email alert
With Incoming Email Alerts, administrators can configure alert messages or banners that will be displayed when users view specific sets of emails. Incoming alerts can be associated with a user, multiple users, or the entire organization, protecting them from phishing or fraudulent emails. All the enabled alerts will be processed in sequence and trigger specified actions for emails with the matching conditions.
Add a new alert
- Log in to Zoho eProtect.
- Navigate to Email Protection on the left pane and click Smart alerts.
- Enter a suitable name for the incoming alert and an optional description. Click Proceed.
Select the condition type :
- AND - Only if the incoming emails satisfy all the conditions you provided, the preferred action will be performed.
- OR - Even if the incoming emails satisfy one of the conditions you provided, the preferred action will be performed.
- Advanced - You can combine both AND & OR condition types, within a single condition, for the preferred action.
- No Condition - When chosen, all the emails you receive will go through the preferred action.
- Select one or more conditions, operating parameters and the corresponding action.
- Add the users to whom you wish to apply the conditions to :
- All Users - The alert will be applied to all the users in your organization.
- All users except selected users - The alert will be applied to all the users except the ones added to the list.
- Selected Users - The alert will be applied to the specific set of users you add.
- Select the respective option and click on the user to include or exclude them.
- Select the users you want to add to the list and click Proceed. You can also remove a user from the list by clicking the Delete icon available in the toolbar.
- Click Proceed.
- You will be taken to the preview page where you can add an expiry date if necessary. Review your alert and do one of the following :
- Create and enable Rule- Your alert will not only be created but also be activated automatically to start processing emails with respect to its conditions and actions.
- Create new Rule - Your alert will only be created and not activated. That means if you want the alert to be applied to the emails you receive, you will have to manually activate it.
Available Conditions
eProtect provides multiple conditions based on which you can add alerts to the incoming emails. There can be more than one condition for a single alert depending on your organization's requirement. The various conditions are listed in the tables that follow:
General Validation
| Parameter | Description | Value |
| MIME Message ID* | The ID that can be gathered from a MIME email's header | Click Add values, enter the desired MIME value and click Add. |
| MIME size (in MB) | The size of the non-text attachment specified in MB | Enter a value between 1 to 40. |
| Subject | The subject of the email | Click Add values, enter the desired subject and click Add. |
Note:
*MIME message - Multipurpose Internet Mail Extensions supports non-text email attachments. A MIME header is added to the original email header from where you can gather the unique content ID/message ID used to identify the message.
Attachment Validation
| Parameter | Description | Value |
| Has attachment | Checks if any file is attached | Select Yes or No from the drop-down. |
| Attachment size (in MB) | The size of the attached file in MB | Enter a value between 1 to 40. |
| Attachment type | The type of attached file | Click Select attachments, add the attachment types and click Add. |
Content Validation
| Parameter | Description | Value |
| Content | The content of the email | Click Add values, enter the content to be validated and click Add. |
| Email language | The language in which the email was composed | Click Select languages, add the desired languages and click Add. |
| Originating country | The country from which the email was sent | Click Select countries, add the desired countries and click Add. |
| URL domain | The domain names of the URLs available in email content | Click Add domains, enter one or more domain names and click Add. |
| URL | The existence of specified URLs in the email content | Click Add values, provide the URLs to be validated and click Add. |
| Has embed tags | The existence of embed tags in the email content | Select Yes or No from the drop-down. |
| Has form tags | The existence of form tags in the email content | Select Yes or No from the drop-down. |
| Has frame tags | The existence of iframe tags in the email content | Select Yes or No from the drop-down. |
| Has JavaScript content | The existence of javascript content in the email content | Select Yes or No from the drop-down. |
| Has macros | The existence of macros in the email content | Select Yes or No from the drop-down. |
| Has object tags | The existence of object tags in the email content | Select Yes or No from the drop-down. |
| Has shortened URL | The existence of shortened URLs in the email content | Select Yes or No from the drop-down. |
| Has suspicious macros | The existence of suspicious macros in the email content | Select Yes or No from the drop-down. |
| Has web bugs | The existence of web bugs in incoming email content | Select Yes or No from the drop-down. |
| Is bulk email | If the email is a part of bulk email campaign | Select True or False from the drop-down |
Domain Validation
| Parameter | Description | Value |
| SPF verification | The result of SPF verification | Select the desired authentication result from the available list:
|
| DKIM verification | The result of DKIM verification | Select the desired authentication result from the available list:
|
| DMARC verification | The result of DMARC verification | Select the desired authentication result from the available list:
|
Header Validation
| Parameter | Description | Value |
| Add header criteria | The email header that needs to be verified for the provided values | Enter the Header Name and Header Value. |
| X Mailer* | The desktop client from which the email was sent | Click Add values, enter the X-Mailer you wish to validate and click Add. |
Note:
*X-Mailer - Specifies which desktop client (For example, Apple client, Thunderbird, etc) was used to draft or send the email. Can be found in the email header.
Malware Validation
| Parameter | Description | Value |
| Is bulk email | Validates if the email received is a bulk email | Select Yes or No from the drop-down. |
| Is authenticated sender | Validates whether the sender's identity is authenticated | Select Yes or No from the drop-down. |
Recipient Validation
| Parameter | Description | Value |
| Recipient domain | Validates the domain address of the recipient | Click Add domains, enter one or more domain names and click Add. |
| Recipient's group | The groups that the user is part of | Select the preferred group from the drop-down. |
| To/CC email address | The email address in the To/CC field | Click Add email addresses, enter the desired email address and click Add. |
Sender Validation
| Parameter | Description | Value |
| Is external sender | Checks if the sender is not part of the organization | Select Yes or No from the drop-down. |
| Is authenticated sender | Checks if the sender is authenticated using SPF, DKIM and DMARC | Select Yes or No from the drop-down. |
| Sender not previously contacted | Checks if the sender is new and has not previously contacted the user | Select Yes or No from the drop-down. |
| Return path domain | The reverse-path/ bounce address's domain | Click Add domains, enter one or more domain names and click Add. |
| Return path email address | The reverse-path/ bounce address of an incoming email | Click Add email addresses, enter the desired email address and click Add. |
| Sender display name | The display name of the sender | Click Add values, enter the user's display name and click Add. |
| Sender DNS | The DNS address of the sender | Click Add values, provide the sender DNS and click Add. |
| Sender domain | The domain address of the email sender | Click Add domains, enter the sender domain name and click Add. |
| Sender email address | The 'from' address of the email sender | Click Add email addresses, enter the desired email address and click Add. |
| Sender IP address | The IP address of the email sender | Enter the sender's IP address that you wish to validate. |
Operating parameters
| Operators | Description |
| is | The respective parameter in the incoming email should exactly match the given criteria value. |
| is not | The respective parameter in the incoming email should not match the given criteria value. |
| is any of | The respective parameter in the incoming emails should match any one of the given criteria |
| is not any of | The respective parameter in the incoming emails should not match any one of the given criteria |
| contains any of | The respective parameter in the incoming email doesn't have to be an exact match but will pass even if it contains the given criteria value. |
| does not contain any of | The respective parameter in the incoming email doesn't have to be an exact match but will pass if it does not contain the given criteria value. |
| begins with any of | The respective parameter in the incoming email should begin with the given criteria value. |
| ends with any of | The respective parameter in the incoming email should end with the given criteria value. |
| is empty | The respective parameter in the incoming email should be empty. |
| is not empty | The respective parameter in the incoming email should not be empty. |
| is group member in | The recipient is a part of the selected group. |
| is not group member in | The recipient is not a part of the selected group. |
| matches | The respective parameter in the incoming email should match the regular expression pattern. |
| does not match | The respective parameter in the incoming email should not match the regular expression pattern. |
| true | The given condition should be true. |
| false | The given condition should be false. |
| is greater than | The respective parameter in the incoming email should only be greater than the given criteria value. |
| is lesser than | The respective parameter in the incoming email should only be lesser than the given criteria value. |
| is greater than or equal to | The respective parameter in the incoming email can be greater than or equal to the given criteria value. |
| is lesser than or equal to | The respective parameter in the incoming email can be lesser than or equal to the given criteria value. |
| is in range | The incoming email's IP address falls within the range entered. |
| is not in range | The incoming email's IP address does not fall in the range entered. |
After selecting the Conditions and the Operating parameters, provide the values with respect to the chosen conditions that need to be verified against. Upon providing these proceed to select the Actions that need to be performed for the emails with the chosen conditions.
Available actions
The emails that match the specified conditions will be processed as per the actions defined in the alert. Select the necessary action and, if required, provide a value as given in the table that follows:
| Action | Description | Value |
| Append text to subject | Appends a text in the subject | Click Add subject, enter the text which you want to be appended to the subject and click Add. |
| Add custom header | Adds a custom value in the header | Click Add header details, provide the header name and value and click Add. |
| Show warning message | Displays a warning message | Click Add warning message, enter the text which you want to be displayed as warning and click Add. |
Alert processing and priority
You can add any number of Incoming alerts to different types of incoming emails. In the case of multiple alerts, the sequence of processing is determined by the sequence in which they are listed. The alert with the highest priority(1), i.e., the one listed first, will take precedence over alerts with lower priorities listed subsequently. Once an email matches the conditions of a particular alert, the actions specified in the alert will be applied to the email. The same email will not be scrutinized against the subsequent alerts in the list.
Modify Incoming Alert
Follow the below steps to edit an alert:
- Log in to Zoho eProtect and navigate to Email protection on the left pane.
- Go to Smart alerts and select Incoming alerts.
- Select the alert that requires modification.
- Make the necessary changes and click Update.
Additionally, you can search and edit the incoming email alerts based on the associated users. Navigate to the search bar and select the applicable to or not applicable to parameters from the listing as per your requirements. Choose a specific user from the list and press enter. All the incoming alerts associated with or not associated with that particular user will be displayed. You can then select the rules from the list and make the required changes.
Enable or Disable an Alert
Follow the below steps to enable or disable an Alert:
- Log in to Zoho eProtect and navigate to Email protection on the left pane.
- Go to Smart alerts and select Incoming alerts.
- Toggle the status button to ON or OFF in order to enable or disable an alert.
Remove Alerts from the list
In situations where an alert is no longer required or has expired, they can be removed by using the Delete option. Follow these steps to delete an alert:
- Log in to Zoho eProtect and navigate to Email protection on the left pane.
- Go to Smart alerts and select Incoming alerts.
- To remove an Alert, hover over an existing or expired alert and click the delete icon.
- To clear all the expired alerts, click the clear icon at the top.
This will remove the incoming alerts from your list. Please note that once removed, the alerts cannot be retrieved and will be permanently removed from the list.
Outgoing alerts
With Outgoing email alerts, administrators can configure disclaimers or custom headers that will added for emails being sent from within the organization. Outgoing alerts can be associated with a user, multiple users, or the entire organization, providing an added layer of security and awareness. These alerts can be configured to trigger alerts for various conditions, such as emails containing sensitive information, adherence to company policies, or the inclusion of specific keywords to the email. All the enabled alerts will be processed in sequence and trigger specified actions for emails with the matching conditions. You can simply opt to add a new alert or add a disclaimer to all the outgoing emails if they pass a certain condition.
Create a new alert
To create an outgoing alert, follow the steps given below :
- Log in to Zoho eProtect.
- Navigate to Email Protection on the left pane and click Smart alerts.
- Enter a suitable name for the outgoing alert and an optional description. Click Proceed.
- Select the condition type :
- AND - Only if the outgoing emails satisfy all the conditions you provided, the preferred action will be performed.
- OR - Even if the outgoing emails satisfy one of the conditions you provided, the preferred action will be performed.
- Advanced - You can combine both AND & OR condition types, within a single condition, for the preferred action.
- No Condition - When chosen, all the emails you receive will go through the preferred action.
- Select one or more conditions, operating parameters and the corresponding action.
- Add the users to whom you wish to apply the conditions to :
- All Users - The alert will be applied to all the users in your organization.
- All users except selected users - The alert will be applied to all the users except the ones added to the list.
- Selected Users - The alert will be applied to the specific set of users you add.
- Select the respective option and click the Select users button to include or exclude users.
- Select the users you want to add to the list and click Proceed. You can also remove a user from the list by clicking the Delete icon available in the toolbar.
- Click Proceed.
- You will be taken to the preview page where you can add an expiry date if necessary. Review your alert and do one of the following :
- Create and enable Rule- Your alert will not only be created but also be activated automatically to start processing emails with respect to its conditions and actions.
- Create new Rule - Your alert will only be created and not activated. That means if you want the alert to be applied to the emails you receive, you will have to manually activate it.
Available Conditions
eProtect provides multiple conditions based on which you can add alerts to the outgoing emails. You can set up more than one condition in a single alert depending on your requirement. The various conditions are listed in the tables that follow:
General Validation
| Parameter | Description | Value |
| MIME Message ID* | The ID that can be gathered from a MIME email's header | Click Add values, enter the desired MIME value and click Add. |
| MIME size (in MB) | The size of the non-text attachment specified in MB | Enter a value between 1 to 40. |
| Subject | The subject of the email | Click Add values, enter the desired subject and click Add. |
Note:
*MIME message - Multipurpose Internet Mail Extensions supports non-text email attachments. A MIME header is added to the original email header from where you can gather the unique content ID/message ID used to identify the message.
Attachment Validation
| Parameter | Description | Value |
| Has attachment | Checks if any file is attached | Select Yes or No from the drop-down. |
| Attachment size (in MB) | The size of the attached file in MB | Enter a value between 1 to 40. |
| Attachment type | The type of attached file | Click Select attachments, add the attachment types and click Add. |
Content Validation
| Parameter | Description | Value |
| Email language | The language in which the email was composed | Click Select languages, add the desired languages and click Add. |
| Originating country | The country from which the email was sent | Click Select countries, add the desired countries and click Add. |
| URL domain | The domain names of the URLs available in email content | Click Add domains, enter one or more domain names and click Add. |
| Has macros | The existence of macros in the email content | Select Yes or No from the drop-down. |
| Has suspicious macros | The existence of suspicious macros in the email content | Select Yes or No from the drop-down. |
Header Validation
| Parameter | Description | Value |
| X Mailer* | The desktop client from which the email was sent | Click Add values, enter the X-Mailer you wish to validate and click Add. |
Note:
*X-Mailer - Specifies which desktop client (For example, Apple client, Thunderbird, etc) was used to draft or send the email. Can be found in the email header.
Recipient Validation
| Parameter | Description | Value |
| Recipient domain | Validates the domain of the recipient | Click Add domains, enter one or more domain names and click Add. |
| Recipient count in email | The number of recipients in the outgoing email | Provide a value between 1 to 100. |
| To/CC email address | The email address in the To/CC field | Click Add email addresses, enter the desired email address and click Add. |
Note:
*Recipient- The outgoing alert will be processed only for those emails that "does not match" the email address or domain added to this alert.
Sender Validation
| Parameter | Description | Value |
| Display name | The display name of the sender | Click Add values, enter the user's display name and click Add. |
| From email address | The sender email address of the outgoing mail | Click Add email addresses, enter the desired email address and click Add. |
| Original sender's email address | Email address of the actual sender of the outgoing mail | Click Add email addresses, enter the preferred email address and click Add. |
| Reply-to email address | The reverse-path/ bounce address of an outgoing email | Click Add email addresses, enter the preferred email address and click Add. |
Operating parameters
| Operators | Description |
| is any of | The respective parameter in the outgoing email should match any of the given criteria value. |
| is not any of | The respective parameter in the outgoing email should not match any of the given criteria value. |
| contains any of | The respective parameter in the outgoing email doesn't have to be an exact match but will pass even if it contains the given criteria value. |
| does not contain any of | The respective parameter in the outgoing email doesn't have to be an exact match but will pass if it does not contain the given criteria value. |
| begins with any of | The respective parameter in the outgoing email should begin with the given criteria value. |
| ends with any of | The respective parameter in the outgoing email should end with the given criteria value. |
| is empty | The respective parameter in the outgoing email should be empty. |
| is not empty | The respective parameter in the outgoing email should not be empty. |
| matches | The respective parameter in the outgoing email should match the regular expression pattern. |
| does not match | The respective parameter in the outgoing email should not match the regular expression pattern. |
| true | The given condition should be true. |
| false | The given condition should be false. |
| is greater than | The respective parameter in the outgoing email should only be greater than the given criteria value. |
| is lesser than | The respective parameter in the outgoing email should only be lesser than the given criteria value. |
| is greater than or equal to | The respective parameter in the outgoing email can be greater than or equal to the given criteria value. |
| is lesser than or equal to | The respective parameter in the outgoing email can be lesser than or equal to the given criteria value. |
After selecting the Conditions and the Operating parameters, provide the values with respect to the chosen conditions that need to be verified against. Upon providing these proceed to select the Actions that need to be performed for the emails with the chosen conditions.
Available actions
The emails that match the specified conditions will be processed as per the actions defined in the alert. Select the necessary action and, if required, provide a value as given in the table that follows:
| Action | Description | Value |
| Append custom X-Header | A custom header with a name and value will be added to the emails. | Click Add header details, provide the header name and value and click Add. |
| Append text to subject | The prefix text that you configure will be included in the email subject. | Click Add subject, enter the text which you want to be appended to the subject and click Add. |
| Add domain disclaimer in the footer for outbound emails | A disclaimer text will be added at the footer of all the emails that satisfy the alert conditions. | Click Add disclaimer content, enter the text which you want to be added as disclaimer and click Add. |
| Add domain disclaimer at the top for outbound emails | A disclaimer text will be added at the top of the email content that satisfies the alert conditions. | Click Add disclaimer content, enter the text which you want to be added as disclaimer and click Add. |
Alert processing and priority
You can add any number of outgoing alerts to process different types of outgoing emails. In the case of multiple alerts, the sequence of processing is determined by the sequence in which they are listed. The alert with the highest priority(1), i.e., the one listed first, will take precedence over alerts with lower priorities listed subsequently. Once an email matches the conditions of a particular alert, the actions specified in the alert will be applied to the email. The same email will not be scrutinized against the subsequent alerts in the list.
Modify outgoing alerts
Follow the below steps to edit an alert:
- Log in to Zoho eProtect and navigate to Email protection on the left pane.
- Go to Smart alerts and select Outgoing alerts.
- Select the alert that requires modification from the list.
- Make the necessary changes and click Update.
Additionally, you can search and edit the outgoing email alerts based on the associated users. Navigate to the search bar and select the applicable to or not applicable to parameters from the listing as per your requirements. Choose a specific user from the list and press enter. All the outgoing alerts associated with or not associated with that particular user will be displayed. You can then select the rules from the list and make the required changes.
Enable or Disable an Alert
Follow the below steps to enable or disable an Alert:
- Log in to Zoho eProtect and navigate to Email protection on the left pane.
- Go to Smart alerts and select Outgoing alerts.
- Toggle the status button to ON or OFF in order to enable or disable an alert.
Remove Alerts from the list
In situations where an alert is no longer required or has expired, they can be removed by using the Delete option. Follow these steps to delete an alert.
- Log in to Zoho eProtect and navigate to Email protection on the left pane.
- Go to Smart alerts and select Outgoing alerts.
- To remove an Alert:
- Hover over an existing or expired alert and click the delete icon.
- Alternatively, you can select the desired alert, click Delete on the top menu and choose the required option:
- Delete selected rules
- Delete all expired rules
- Delete all rules
- Click Delete in the confirmation dialog that appears.
This will remove the outgoing alerts from your list. Please note that once removed, the alerts cannot be retrieved and will be permanently removed from the list.
Email banner alert
Email banners warn users about possible threats to their account based on set criteria. These banners will be available within the email body with information about the alert/threat. There are three banner alerts you can set for your emails :
- Unauthenticated sender banner alert.
- External sender banner alert.
- Web pixel banner alert.
Unauthenticated sender banner alert
This warns the user if the sender has not authenticated their email sending domain using SPF and DKIM. SPF and DKIM mechanisms are a means for recipient servers to verify if the sender is legitimate and do not intend of spoofing or spamming the receiver. Enabling this banner keeps you informed of the authorized domain and prevent falling prey to any sort of malicious activity.
To enable the unauthenticated sender banner :
- Log in to Zoho eProtect and navigate to Email protection on the left pane.
- Under Smart alerts, go to Email banner alerts.
- Click Create and select Unauthenticated email banner alert.
- Turn on the Status toggle button to enable this banner.
- Once enabled, all emails sent using unauthorized domains will contain an email banner with the following warning message.
- Further you can opt to display email banner based on certain criteria related to the sender along with the case of unauthenticated domains.
- Once you set the desired conditions, click Save.
External sender banner alert
This banner warns the user if the sender is not part of the user's organization. This option is especially useful for users belonging to high security organizations wherein they can monitor where the email is coming from. To use the external sender banner alert, follow the steps given below :
- Log in to Zoho eProtect and navigate to Email protection on the left pane.
- Under Smart alerts, go to Email banner alerts.
- Click Create and select External sender banner alert.
- Turn on the Status toggle button to enable this banner.
- Once enabled, all emails sent from senders outside the organization will contain an email banner with the following warning message.
- Further you can opt to display email banner based on certain criteria related to the sender along with the case of unauthenticated domains. The conditions will be mentioned here.
- Once you set the desired conditions, click Save.
Web pixel banner alert
Web pixels are graphics embedded in websites to track user activities. Businesses and applications sending out marketing campaigns contain web pixels to track how users have interacted with them. This includes counting the number of opens or click in the email sent. eProtect gives you the option to know if your emails contain any pixel tracking. To do so :
- Log in to Zoho eProtect and navigate to Email protection on the left pane.
- Under Smart alerts, go to Email banner alerts.
- Click Create and select Web pixel banner alert.
- Turn on the Status toggle button to enable this banner.
- Once enabled, emails containing pixel tracking will contain the following message.
- Further you can opt to display email banner based on certain criteria related to the sender along with the case of unauthenticated domains. The conditions will be mentioned here.
- Once you set the desired conditions, click Save.
Conditions
The criteria and the operating parameters that you can choose from are as follows.
General Validation
| Parameter | Description | Value |
| MIME Message ID* | The ID that can be gathered from a MIME email's header | Click Add values, enter the desired MIME value and click Add. |
| MIME size (in MB) | The size of the non-text attachment specified in MB | Enter a value between 1 to 40. |
| Subject | The subject of the email | Click Add values, enter the desired subject and click Add. |
Note:
*MIME message - Multipurpose Internet Mail Extensions supports non-text email attachments. A MIME header is added to the original email header from where you can gather the unique content ID/message ID used to identify the message.
Content Validation
| Parameter | Description | Value |
| Content | The content of the email | Click Add values, enter the content to be validated and click Add. |
| Email language | The language in which the email was composed | Click Select languages, add the desired languages and click Add. |
| Originating country | The country from which the email was sent | Click Select countries, add the desired countries and click Add. |
| URL domain | The domain names of the URLs available in email content | Click Add domains, enter one or more domain names and click Add. |
| URL | The existence of specified URLs in the email content | Click Add values, provide the URLs to be validated and click Add. |
| Has embed tags | The existence of embed tags in the email content | Select Yes or No from the drop-down. |
| Has form tags | The existence of form tags in the email content | Select Yes or No from the drop-down. |
| Has frame tags | The existence of iframe tags in the email content | Select Yes or No from the drop-down. |
| Has JavaScript content | The existence of javascript content in the email content | Select Yes or No from the drop-down. |
| Has macros | The existence of macros in the email content | Select Yes or No from the drop-down. |
| Has object tags | The existence of object tags in the email content | Select Yes or No from the drop-down. |
| Has shortened URL | The existence of shortened URLs in the email content | Select Yes or No from the drop-down. |
| Has suspicious macros | The existence of suspicious macros in the email content | Select Yes or No from the drop-down. |
| Has web bugs | The existence of web bugs in incoming email content | Select Yes or No from the drop-down. |
| Is bulk email | If the email is a part of bulk email campaign | Select True or False from the drop-down |
Header Validation
| Parameter | Description | Value |
| Add header criteria | The email header that needs to be verified for the provided values | Enter the Header Name and Header Value. |
| X Mailer* | The desktop client from which the email was sent | Click Add values, enter the X-Mailer you wish to validate and click Add. |
Note:
*X-Mailer - Specifies which desktop client (For example, Apple client, Thunderbird, etc) was used to draft or send the email. Can be found in the email header.
Recipient Validation
| Parameter | Description | Value |
| Recipient domain | Validates the domain address of the recipient | Click Add domains, enter one or more domain names and click Add. |
| Recipient's group | The groups that the user is part of | Select the preferred group from the drop-down. |
| To/CC email address | The email address in the To/CC field | Click Add email addresses, enter the desired email address and click Add. |
Sender Validation
| Parameter | Description | Value |
| Is external sender | Checks if the sender is not part of the organization | Select Yes or No from the drop-down. |
| Is authenticated sender | Checks if the sender is authenticated using SPF, DKIM and DMARC | Select Yes or No from the drop-down. |
| Sender not previously contacted | Checks if the sender is new and has not previously contacted the user | Select Yes or No from the drop-down. |
| Return path domain | The reverse-path/ bounce address's domain | Click Add domains, enter one or more domain names and click Add. |
| Return path email address | The reverse-path/ bounce address of an incoming email | Click Add email addresses, enter the desired email address and click Add. |
| Sender display name | The display name of the sender | Click Add values, enter the user's display name and click Add. |
| Sender DNS | The DNS address of the sender | Click Add values, provide the sender DNS and click Add. |
| Sender domain | The domain address of the email sender | Click Add domains, enter the sender domain name and click Add. |
| Sender email address | The 'from' address of the email sender | Click Add email addresses, enter the desired email address and click Add. |
| Sender IP address | The IP address of the email sender | Enter the sender's IP address that you wish to validate. |
Operating parameters
| Operators | Description |
| is any of | The respective parameter in the incoming emails should match any one of the given criteria |
| is not any of | The respective parameter in the incoming emails should not match any one of the given criteria |
| contains any of | The respective parameter in the incoming email doesn't have to be an exact match but will pass even if it contains the given criteria value. |
| does not contain any of | The respective parameter in the incoming email doesn't have to be an exact match but will pass if it does not contain the given criteria value. |
| begins with any of | The respective parameter in the incoming email should begin with the given criteria value. |
| ends with any of | The respective parameter in the incoming email should end with the given criteria value. |
| is empty | The respective parameter in the incoming email should be empty. |
| is not empty | The respective parameter in the incoming email should not be empty. |
| matches | The respective parameter in the incoming email should match the regular expression pattern. |
| does not match | The respective parameter in the incoming email should not match the regular expression pattern. |
| true | The given condition should be true. |
| false | The given condition should be false. |
| is greater than | The respective parameter in the incoming email should only be greater than the given criteria value. |
| is lesser than | The respective parameter in the incoming email should only be lesser than the given criteria value. |
| is greater than or equal to | The respective parameter in the incoming email can be greater than or equal to the given criteria value. |
| is lesser than or equal to | The respective parameter in the incoming email can be lesser than or equal to the given criteria value. |
| is in range | The incoming email's IP address falls within the range entered. |
| is not in range | The incoming email's IP address does not fall in the range entered. |
After selecting the Conditions and the Operating parameters, provide the values with respect to the chosen conditions that need to be verified against. Upon providing these proceed to select the Actions that need to be performed for the emails with the chosen conditions.