This document describes how to tag external email with a keyword using Symantec Email Security.cloud.

Email Security.cloud

Instructions on creating a Data Protection policy for tagging external emails.

You need to tag external email with a keyword using Symantec Email Security.cloud, to identify that the email originated from an source outside your organization. The suggested policy below is designed to tag incoming emails, where your organization's users are the recipients.

Create a new policy to tag emails

1. Log in to the Symantec.cloud console.
2. Navigate to Services > Data Protection.
   If you have not used the service before, you may need to click Settings and configure your default settings.
3. Click New Policy.
4. Define the policy as follows:
   • Name: External Mail Tagging
   • Description: This field is optional.
   • Apply to: Inbound email only
   • Execute If: ALL rules are met
   • Action: Tag Subject
   • Administrator email: Leave as default or customize as necessary.
     
     Note: Administrator addresses are exempt from all Data Protection policies, so emails to this address,will not be tagged.
      
   • Subject line text: [External]
   • Display text at the: Choose either "start of the subject line" or "end of the subject line"
   • Notification: Click Edit, select Use custom notification and make sure all notifications are unchecked, resulting in None.
     
     

Create a rule to exclude tagged emails

Exclude already tagged emails (e.g. emails in a thread) so that they do not get tagged again.

1. Click Add Rule.
2. Give the rule a name.
3. Add the condition Content - Keyword List.
4. Click Create a new Keyword List.
5. In the Add list items box, enter the same text you are using to tag subjects (for example, "[External]"), and click Add.
6. Save List.
7. Under "Look in", uncheck: Body
8. Under Email contains, select: none of the keywords in the selected lists
   
9. Click Save to save the policy.

Final steps

1. On the list of policies, find the newly created policy.
   
   Note: The new policy will be at the end of the list. If you have many policies already, the new policy may be on a different page.
    
2. Check the box to the left of the policy name, click Move, and move the policy to the first position. This will make the policy the first one checked, before all others.
3. Click Activate to enforce the new policy. Once the policy has propagated (approximately one hour), all inbound mail from external sources is tagged.