This article explains the order in which Symantec Email Security.cloud scans inbound email.
Email traffic entering the Symantec.cloud infrastructure is checked and scanned in the following order:
|Connection Management||01. SMTP Heuristics|
|02. Address Validation/Registration|
|03. AntiSpam Approved Senders|
|04. AntiSpam Blocked Senders|
|Connection Management /
|Anti-spam||07. AntiSpam Public DNS block lists (PBL)|
|08. AntiSpam Signaturing System|
|Anti-malware||09. AntiVirus Skeptic|
|10. AntiVirus Signaturing|
|11. Cynic Sandbox *|
|12. IOC Blacklist *|
|Anti-Spam||13. Skeptic Heuristics|
|14. Newsletters Scanning|
|Image Control||15. Image Control|
|EIC||16. Email Impersonation Control|
|Data Protection||17. Data Protection|
|Click-time||18. URL Rewriting *|
|Isolation||19. URL Isolation *|
|20. Attachment Isolation *|
Note: The AntiSpam scanning order will only apply when enabled according to the AntiSpam best practice settings. When not following best practices, weaker actions such as 'Tag Subject' will mean that any scanner further down the order will potentially be triggered and their action taken. This is to ensure your protection from harmful or malicious phishing emails.
ETDR stands for Email Threat Detection and Response, previously known as ATP Advanced Threat Protection.
* requires ETDR