we have recently moved over to McAfee SAAS email protection from iCritical. We (IT) manage the quarantined emails centrally via the console, we don't send out spam reports to users to self administer. We have had a few emails delivered to users which is spam/phishing emails. How to we report this to McAfee? and put a block in place for those types of emails. From the iCritical console we could simply select the email in the message log and then click a deny button. I cannot see anything similar with McAfee email protection. In fact there seems very limited functionality to do anything with the message audit screen.
Additionally on the Quarantine screen, if we opt to delete a message does this feed back to McAfee as spam junk, in other words will it learn from our deletions typical spam email?
Any help and advice is appreciated.
sorry for posting in the wrong group, I saw business and as this is business software assumed this was the correct place. To answer your question this is email related SaaS email protection would be the way to go
No problem I will move it to SaaS Email Security, if needed to be moved to Saas Web Protection, please inform me. My expertize is more so with the 'Consumer Product Line'
All the Best,
yes I see those options. The question I have is if I select 'Delete' or 'Delete All' does this in any way report this back to McAfee as an unwanted spam email. The scenario being that if we start seeing a number of emails that are quarantined that we would simply delete because they are spam how do we educate the system that these are spam.
Following on from this, if we see particular emails that we need to block either for an individual user or for any user in the domain, is the only way to block this go in and edit the actual policy(ies). Or is there a way from the SaaS console to simply so 'Always Block for user' or 'Always Block for Domain'.
Not wanting to add additional questions to the original but something just occurred to me. If SaaS email protection simply rejects an email and this was rejected in error, and can be seen in the message audit, how do we actually get this message back?
If the message has gone to quarantine that indicates that it was scored as spam by the system and there is no further action needed.
If you believe an item was quarantined as spam that should have been delivered, you can submit a service request via your support team, or simply forward the message details to firstname.lastname@example.org for review by our messaging security team. Likewise, if a message has been delivered to the inbox of one of your users that your believe to be spam, the message, along with full internet headers and all original content can be sent to email@example.com.
There is currently no option to "Always block for user" or "Always block for domain" so you would have to manually add the entries to the user level or policy level deny list.
If you have any further questions, do not hesitate to contact your support team for additional assistance.
SaaS Email and Web Security