Welcome to the Heimdal Enterprise Email Protection, or AntiSpam for short. It is a cloud based email protection system. that filters before it is sent to your inbox. This means that your computer has less work to do, that viruses are detected in an email before the email is received by you and you are safer.
You can use the daily report to release any emails that were falsely quarantined, and also use the End User Console to look at email history, block and allow emails.
How does it work
Inbound emails are directed at the cloud filtering service so that it can perform a variety of checks before you receive the email.:
- Check that the sender is not a known Spammer.
- Ensure the email has actually been sent from the server responsible for the domain it claims to be (SPF).
- Check that the email has not been altered and really comes from the stated sender (DKIM).
- Verify that the sender’s domain has security rules in place to block fake or spoofed emails (DMARC).
- Scan the email for viruses, ransomware, and other harmful software.
- Look for suspicious links or attachments that could steal passwords or infect your computer (phishing).
- Analyse the content of the email to detect scam or fraud attempts.
- Block unwanted marketing emails and junk mail before they reach your inbox.
- Quarantine suspicious emails so they can be reviewed safely if needed.
It does this for every email that arrives before sending it onwards to your 365 Outlook.
This means that it is checking the content of the email, the sender and also the configuration of the senders email all within one batch of checks.
If a check fails then it will quarantine the email so you can still access it, but only after you review it in the quarantine list and check that it is safe.
You stay in control but the system keeps you safe.
Daily Quarantine list
Once a day the system sends a daily report, normally at 8am. (the report is only sent if there are blocked items).
You can see in the example that there was one email that was quarantined.
- Click on preview to review the email in a safe web browser
The preview is “sandboxed” meaning that you can see the email but it couldn’t infect your PC.
As an example, we sometimes use this for email MFA codes. They might get blocked, but you can see the code in the preview without needing to release. - Click on Release if you are absolutely sure the email is safe.
This will deliver the email into your inbox. - Click on Action if you need more options.
- Add Sender to Global Allow List
This will add the sender to the company allow list affecting everyone. - Add Sender to Persona Allow List
This is safer, because it would only affect your own inbox filter.
End User Console
Right at the bottom of the Daily Quarantine List email, you will find a link called “Dedicated End User Console – Click Here“.
The link is unique on each email and is only active for 24 hours. Use the latest Quarantine list email each time.
If you try using an out of date link , the system will warn and offer to send an updated link across. Click to get a new link!
Once you click on teh link, you will see teh screen below. You can filer by most of the fields in an email to focus teh list contents
You will see that the report has far more details. It includes up to a year of emails so you can use this to search for emails as well as block unwanted ones.
If you click details against one of the items you will see the whole email.
You also have options to Allow and Block the email in the future.
Note that you can block or allow by the sender, or the ENVELOPE sender.
The envelope sender is shown on mailing lists. These often show that it has come from of****@*****ny.com although the actual email comes from a mailing system such as mailchimp. In this case if you want the offer, allow based on the Envelope Sender.
