Email scanning order in Email Security.cloud

book

Article ID: 161438

calendar_today

Updated On:

Products

Email Security.cloud

Issue/Introduction

This article explains the order in which Symantec Email Security.cloud scans inbound email.

Resolution

Email traffic entering the Symantec.cloud infrastructure is checked and scanned in the following order:

Connection Management 01. SMTP Heuristics
02. Address Validation/Registration
03. AntiSpam Approved Senders
04. AntiSpam Blocked Senders
Connection Management /
Anti-spam
05. SPF
06. DMARC
Anti-spam 07. AntiSpam Public DNS block lists (PBL)
08. AntiSpam Signaturing System
Anti-malware 09. AntiVirus Skeptic
10. AntiVirus Signaturing
11. Cynic Sandbox *
12. IOC Blacklist *
Anti-Spam 13. Skeptic Heuristics
14. Newsletters Scanning
Image Control 15. Image Control
EIC 16. Email Impersonation Control
Data Protection 17. Data Protection
Click-time 18. URL Rewriting *
Isolation 19. URL Isolation *
20. Attachment Isolation *

 

Note: The AntiSpam scanning order will only apply when enabled according to the AntiSpam best practice settings. When not following best practices, weaker actions such as 'Tag Subject' will mean that any scanner further down the order will potentially be triggered and their action taken. This is to ensure your protection from harmful or malicious phishing emails.

ETDR stands for Email Threat Detection and Response, previously known as ATP Advanced Threat Protection.

* requires ETDR