Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Emails Overview

With Emails, enrolled SRX Series Firewalls transparently submit potentially malicious email attachments to the cloud for inspection. Once an attachment is evaluated, Juniper ATP Cloud assigns the file a threat score between 0-10 with 10 being the most malicious.

Note:

If an email contains no attachments, it is allowed to pass without any analysis.

Benefits of Emails

  • Allows attachments to be checked against allowlists and blocklists.

  • Prevents users from opening potential malware received as an email attachment.

Configure Juniper ATP Cloud to take one of the following actions when an email attachment is determined to be malicious:

For SMTP

  • Quarantine Malicious Messages—If you select to quarantine emails with attachments found to be malicious, those emails are stored in the cloud in an encrypted form and a replacement email is sent to the intended recipient. That replacement email informs the recipient of the quarantined message and provides a link to the Juniper ATP Cloud quarantine portal where the email can be previewed. The recipient can then choose to release the email by clicking a Release button (or request that the administrator release it) or Delete the email.

  • Deliver malicious messages with warning headers added—When you select this option, headers are added to emails that most mail servers recognize and filter into Spam or Junk folders.

  • Permit—You can select to permit the email and the recipient receives it intact. Optionally, you can choose to send a notification to the end user about the permitted message.

For IMAP

  • Block Malicious Messages—Block emails with attachments that are found to be malicious.

  • Permit—You can select to permit the email and the recipient receives it intact.

Figure 1: Emails OverviewEmails Overview

Quarantine Release

If the recipient selects to release a quarantined email, it is allowed to pass through the SRX Series Firewall with a header message that prevents it from being quarantined again, but the attachments are placed in a password-protected ZIP file. The password required to open the ZIP file is also included as a separate attachment. The administrator is notified when the recipient takes an action on the email (either to release or delete it).

If you configure Juniper ATP Cloud to have the recipient send a request to the administrator to release the email, the recipient previews the email in the Juniper ATP Cloud quarantine portal and can select to Delete the email or Request to Release. The recipient receives a message when the administrator takes action (either to release or delete the email.)

Blocklist and Allowlist

Emails are checked against administrator-configured blocklists and allowlists using information such as Envelope From (MAIL FROM), Envelope To (RCPT TO), Body Sender, Body Receiver. If an email matches the allowlist, that email is allowed through without any scanning. If an email matches the blocklist, it is considered to be malicious and is handled the same way as an email with a malicious attachment.