As the domain I am currently using to test SaaS Email is one which isn't often used, I have configured a forwarding policy on my primary mailbox to forward a copy of all inbound mail to the corresponding mailbox in my test domain handled by SaaS.
Curiously many of these messages when the arrive in the test domain's mailbox are tagged as "[GRAYMAIL]" which may be a consquence of the forwarding process or may just be an indictment of the type of mail I generally receive.
Anyway, it isn't an issue, but I thought I'd adjust the inbound policy to remove this tag and it was while doing so I noticed there were two actions available "Allow" and "Do Nothing" and that raised the question in my mind - what is the difference between the two actions?
Does "Do Nothing" mean litterally that but "Allow" will add an X-header or something to the message before then sending it on?
Great question! First, you're probably seeing a lot of things tagged as graymail because graymail, by broad definition, is virtually any commercial or commercial like email, whether bulk or person-to-person. It's looking for common keywords to both bulk mail, but also person-to-person commercial mail, including wording that is common in disclaimers both on bulk mail or direct commercial mail. It is a very aggressive keyword list and isn't appropriate for everyone. McAfee's recommend approach, since the passage of the US CAN-SPAM Act and similar state and international laws, is to unsubscribe rather than filtering. It gives the sender the chance to do the right thing, and keeps from penalizing those that are legitimately following mailing best practices.
Now, to your questions.
Any place you have the option to do nothing, this is essentially telling the product to stand down for that specific feature. So, in terms of Graymail, it is the off position. Allow, on the other hand, while allows graymail through, turns on the product but sets the domain-level policy to allow. This can be helpful if the option to allow users to specify graymail settings is turned on and a specific user would rather quarantine those messages.
Firstly apologies for the delay. As a support engineer for a multi-vendor, multi-product, reseller I am often required to step away from things in order to deal with other things (especially if they are customer-focussed).
Thanks for your response, but I would like to clarify as I may not have understood it 100%.
So, if the Graymail option (as this is what were are using as an example) is configured to "Do nothing" then users will not be able to to apply any additional control of their own - though as I'm still new to this, I can't see where they would be able to this if they could.
But, "Allow" will allow the message to pass and give the user the means of applying their own decision to the message should they wish to?
What part of the policy configuration allows a user to apply their own decisions/actions?
I'm still getting to grips with this product (not helped by the aforementioned obligation to do other things as well) and may try to attend some of the online courses. The documentation, while plentiful, seems to suffer from the generic issue I have found with many McAfee manuals - it will explain what a function does in isolation, but doesn't always explain the "why" of it. Maybe I haven't found the right one yet. Where I have found a 'best practices' document or an evaluation guide for a McAfee product, this often reveals more than the core product documentation because it is normally a step-by-step walk through of a basic configuration. Once you have this process digested and understood I often find that additional options are far easier to understand and implement.
You can probably ignore my last paragraph. I've just found the Quick Start guide does seem to be presented in the kind of walk-through format I was looking for.
The ability for the users to designate their own actions is part of the Reporting section under spam, specifically the "Allow users to... personalize spam filtering options" check box.
So the allow/do nothing have roughly the same result thorugh different actions, neither of which affect the ability for it to be different with a user. Do nothing allows graymail through by standing down the feature. Allow sends graymail through by expressly allowing graymail. Both achieve the same results, through a slightly different function.
In addition to the quick start guide, you may also try the Administrative guides. Some of the "why" may be missing either because it is a judgment call, especially in the case of configuring policies and setting up the service, or in terms of why a specific service does X that information may be proprietary. With a product like this, what works for one customer will not work for the other, and vice versa.
Now, that being said we do have some best practice guides for very specific scenarios, such as preventing spoofed email and zero-day viruses such as the Ransom Cryptolocker: https://support.mcafeesaas.com/MCAFEE/_cs/AnswerDetail.aspx?sSessionID=&aid=1870 88
Or best practices for Disaster Recovery: https://support.mcafeesaas.com/MCAFEE/_cs/AnswerDetail.aspx?sSessionID=161698920 YMBISNYGSOEEOSXPYTMBRGDPBOVPKYT&inc=75642&caller=~%2fFindAnswers.aspx%3ftxtCrite ria%3dBest+Practices+for+Disaster%26sSessionid%3d161698920YMBISNYGSOEEOSXPYTMBRG DPBOVPKYT
I either wrote, or co-wrote both of these specific articles so if there are specific questions feel free to ask. There are a few other best practices articles for specific scenarios or audiences at support.mcafeesaas.com. Hope these help.