Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
358 Views 4 Replies Latest reply: Oct 30, 2013 12:18 PM by Brad McGarr RSS
PhilM Champion 528 posts since
Jan 7, 2010
Currently Being Moderated

Oct 22, 2013 3:30 AM

"Do Nothing" & "Allow" - what's the difference?

As the domain I am currently using to test SaaS Email is one which isn't often used, I have configured a forwarding policy on my primary mailbox to forward a copy of all inbound mail to the corresponding mailbox in my test domain handled by SaaS.

 

Curiously many of these messages when the arrive in the test domain's mailbox are tagged as "[GRAYMAIL]" which may be a consquence of the forwarding process or may just be an indictment of the type of mail I generally receive.

 

Anyway, it isn't an issue, but I thought I'd adjust the inbound policy to remove this tag and it was while doing so I noticed there were two actions available "Allow" and "Do Nothing" and that raised the question in my mind - what is the difference between the two actions?

 

Does "Do Nothing" mean litterally that but "Allow" will add an X-header or something to the message before then sending it on?

 

-Phil.

  • Brad McGarr McAfee Employee 154 posts since
    Dec 4, 2012
    Currently Being Moderated
    1. Oct 22, 2013 10:39 AM (in response to PhilM)
    Re: "Do Nothing" & "Allow" - what's the difference?

    Phil,

     

    Great question! First, you're probably seeing a lot of things tagged as graymail because graymail, by broad definition, is virtually any commercial or commercial like email, whether bulk or person-to-person. It's looking for common keywords to both bulk mail, but also person-to-person commercial mail, including wording that is common in disclaimers both on bulk mail or direct commercial mail. It is a very aggressive keyword list and isn't appropriate for everyone. McAfee's recommend approach, since the passage of the US CAN-SPAM Act and similar state and international laws, is to unsubscribe rather than filtering. It gives the sender the chance to do the right thing, and keeps from penalizing those that are legitimately following mailing best practices.

     

    Now, to your questions.

     

    Any place you have the option to do nothing, this is essentially telling the product to stand down for that specific feature. So, in terms of Graymail, it is the off position. Allow, on the other hand, while allows graymail through, turns on the product but sets the domain-level policy to allow. This can be helpful if the option to allow users to specify graymail settings is turned on and a specific user would rather quarantine those messages.


    Brad McGarr
    McAfee SaaS Email & Web Protection
    Technical Support Technician I (Legacy & Partner Support)
    Microsoft Certified Professional
    Microsoft Technology Associate - Windows OS | CompTIA A+ Certified Technician | CIW Web Foundations Associate
    Visit my blog: Brad's Corner - Insights from SaaS Email & Web Security Support https://community.mcafee.com/blogs/brad-denver

    Frequently Requested Information
  • Brad McGarr McAfee Employee 154 posts since
    Dec 4, 2012
    Currently Being Moderated
    4. Oct 30, 2013 12:18 PM (in response to PhilM)
    Re: "Do Nothing" & "Allow" - what's the difference?

    Hi Phil,

     

    The ability for the users to designate their own actions is part of the Reporting section under spam, specifically the "Allow users to... personalize spam filtering options" check box.

     

    So the allow/do nothing have roughly the same result thorugh different actions, neither of which affect the ability for it to be different with a user. Do nothing allows graymail through by standing down the feature. Allow sends graymail through by expressly allowing graymail. Both achieve the same results, through a slightly different function.

     

    In addition to the quick start guide, you may also try the Administrative guides. Some of the "why" may be missing either because it is a judgment call, especially in the case of configuring policies and setting up the service, or in terms of why a specific service does X that information may be proprietary. With a product like this, what works for one customer will not work for the other, and vice versa.

     

    Now, that being said we do have some best practice guides for very specific scenarios, such as preventing spoofed email and zero-day viruses such as the Ransom Cryptolocker: https://support.mcafeesaas.com/MCAFEE/_cs/AnswerDetail.aspx?sSessionID=&aid=1870 88

     

    Or best practices for Disaster Recovery: https://support.mcafeesaas.com/MCAFEE/_cs/AnswerDetail.aspx?sSessionID=161698920 YMBISNYGSOEEOSXPYTMBRGDPBOVPKYT&inc=75642&caller=~%2fFindAnswers.aspx%3ftxtCrite ria%3dBest+Practices+for+Disaster%26sSessionid%3d161698920YMBISNYGSOEEOSXPYTMBRG DPBOVPKYT

     

    I either wrote, or co-wrote both of these specific articles so if there are specific questions feel free to ask. There are a few other best practices articles for specific scenarios or audiences at support.mcafeesaas.com. Hope these help.


    Brad McGarr
    McAfee SaaS Email & Web Protection
    Technical Support Technician I (Legacy & Partner Support)
    Microsoft Certified Professional
    Microsoft Technology Associate - Windows OS | CompTIA A+ Certified Technician | CIW Web Foundations Associate
    Visit my blog: Brad's Corner - Insights from SaaS Email & Web Security Support https://community.mcafee.com/blogs/brad-denver

    Frequently Requested Information

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points