Email Management Overview
With Email Management, Juniper Secure Edge transparently submit potentially malicious email attachments to the cloud for inspection. Once an attachment is evaluated, Juniper ATP Cloud assigns the file a threat score between 0-10 with 10 being the most malicious.
If an email contains no attachments, it is allowed to pass without any analysis.
Benefits of Email Management
-
Allows attachments to be checked against allowlists and blocklists.
-
Prevents users from opening potential malware received as an email attachment.
Configure Juniper ATP Cloud to take one of the following actions when an email attachment is determined to be malicious:
For SMTP
-
Quarantine Malicious Messages—If you select to quarantine emails with attachments found to be malicious, those emails are stored in the cloud in an encrypted form and a replacement email is sent to the intended recipient. That replacement email informs the recipient of the quarantined message and provides a link to the quarantine portal where the email can be previewed. The recipient can then choose to release the email by clicking a Release button (or request that the administrator release it) or Delete the email.
-
Deliver malicious messages with warning headers added—When you select this option, headers are added to emails that most mail servers recognize and filter into Spam or Junk folders.
-
Permit—You can select to permit the email and the recipient receives it intact. Optionally, you can choose to send a notification to the end user about the permitted message.
For IMAP
-
Block Malicious Messages—Block emails with attachments that are found to be malicious.
-
Permit—You can select to permit the email and the recipient receives it intact.
Quarantine Release
If the recipient selects to release a quarantined email, it is allowed to pass through Juniper Secure Edge with a header message that prevents it from being quarantined again, but the attachments are placed in a password-protected ZIP file. The password required to open the ZIP file is also included as a separate attachment. The administrator is notified when the recipient takes an action on the email (either to release or delete it).
If you configure Juniper ATP Cloud to have the recipient send a request to the administrator to release the email, the recipient previews the email in the quarantine portal and can select to Delete the email or Request to Release. The recipient receives a message when the administrator takes action (either to release or delete the email.)
Blocklist and Allowlist
Emails are checked against administrator-configured blocklists and allowlists using information such as Envelope From (MAIL FROM), Envelope To (RCPT TO), Body Sender, Body Receiver. If an email matches the allowlist, that email is allowed through without any scanning. If an email matches the blocklist, it is considered to be malicious and is handled the same way as an email with a malicious attachment.