Highlights of Malicious Email Quarantine at Secure Email Gateway:
- The malicious and unsolicited emails are quarantined at Secure Email Gateway
- You can safely preview the malicious emails in your personal quarantine as the preview is performed at Secure Email Gateway
- You can set up your own safe or blocked senders lists at Secure Email Gateway
- You can have quick information about the quarantined emails from “User Digest” send to you daily
- You can manage the quarantined emails either by directly accessing the links at “User Digest” or by logging in to the Secure Email Gateway Web Portal https://umemppm.umac.mo/
- You can select your own spam policy via Secure Email Gateway Web Portal according to your preference
- The malicious emails are held in quarantine of Secure Email Gateway for a period of time. Those expired emails will be purged from the system and cannot be retrieved again. Therefore, we recommend you to review your quarantined emails periodically
Other Email Security Precautions
In addition to the Malicious Email Quarantine, ICTO also implemented the following email security precautions simultaneously:
1. All product promotions, e-Newsletters and other bulk emails will be quarantined automatically by default.
Based on the survey result, most users classified the commercial promotions, e-Newsletter and large quantities of emails as spam/ unwanted email. All kinds of bulk emails are quarantined automatically by default.
If you want to receive some of the bulk emails, you can select the email and click “Release and Safelist” via Web Portal at https://umemppm.umac.mo/ or “User Digest” email.
In addition, there is an option to let you exclude all bulk emails from spam detection at the Secure Email Gateway Web Portal if you would like to receive bulk emails in your mailbox.
Please login to the Web Portal, click the “Profile” tap on lower left corner and select your spam policy in “My Settings” page.
2. Prohibition of sending/ receiving email with auto-executable attachments (e.g. exe, .vbs, etc.) (Click here for details)
The auto-executable attachments are commonly used to transmit viruses and malware. To prevent the recipient from downloading and running the malicious program, the auto-executable attachments are prohibited to send/ receive via email.
To send out these types of attachment, the sender can rename the file extension to use a file name extension that our system does not treat as a threat. (E.g. renamed the file extension from .exe to .tmp). Once the file is received, the recipient can save the file as .exe and open the executable file manually.
3. Prevention of email spoofing by enabling DKIM (Domain Keys Identified Mail) and SPF (Sender Policy Framework) checking
It is intended to prevent forged sender addresses in emails, which is often used by phishing and spam emails. It works by checking whether an email claimed to come from a specific domain was authorized by the owner of that domain or not.
One of the method used is by DKIM cryptographic authentication technology.
Another method used is SPF which is a simple email-validation system to allow mail receiving servers to check whether an incoming mail from a host is authorized by the domain’s administrator or not.
4. Prevention of email spoofing by enabling bounce back verification
Our Secure Email Gateway check every bounce back email to ensure that the original email was sent by us. Bounce back email that was not originated from our email servers will be rejected.
5. Prevention of outgoing malicious email
From time to time, hackers send spam emails with the compromised UM accounts. Email security vendors will check the Internet traffic and identify spam email sending servers. When they detect spam emails sent from our email servers, it will affect our reputation (a scoring method). If our reputation is low, most of the email service providers will block the emails sent from our users. Therefore, our Secure Email Gateway will check every outgoing email and block all malicious and unsolicited emails.