Cisco Cisco Email Security Appliance C160 Mode D'Emploi
32-7
User Guide for AsyncOS 9.8 for Cisco Email Security Appliances
Chapter 32 Spam Quarantine
Using Safelists and Blocklists to Control Email Delivery Based on Sender
Using Safelists and Blocklists to Control Email Delivery Based
on Sender
on Sender
Administrators and end users can use safelists and blocklists to help determine which messages are
spam. Safelists specify senders and domains that are never treated as spam. Blocklists specify senders
and domains that are always treated as spam.
spam. Safelists specify senders and domains that are never treated as spam. Blocklists specify senders
and domains that are always treated as spam.
You can allow end users (email users) to manage the safelist and blocklist for their own email accounts.
For example, an end user may receive email from a mailing list that no longer interests him. He may
decide to add this sender to his blocklist to prevent emails from the mailing list from being sent to his
inbox. On the other hand, end users may find that emails from specific senders are sent to their spam
quarantine when they do not want them to be treated as spam. To ensure that messages from these senders
are not quarantined, they may want to add the senders to their safelists.
For example, an end user may receive email from a mailing list that no longer interests him. He may
decide to add this sender to his blocklist to prevent emails from the mailing list from being sent to his
inbox. On the other hand, end users may find that emails from specific senders are sent to their spam
quarantine when they do not want them to be treated as spam. To ensure that messages from these senders
are not quarantined, they may want to add the senders to their safelists.
Changes that end users and administrators make are visible to and can be changed by either.
Related Topics
•
•
•
•
•
•
•
•
Message Processing of Safelists and Blocklists
A sender’s being on a safelist or blocklist does not prevent the appliance from scanning a message for
viruses or determining if the message meets the criteria for a content-related mail policy. Even if the
sender of a message is on the recipient’s safelist, the message may not be delivered to the end user
depending on other scanning settings and results.
viruses or determining if the message meets the criteria for a content-related mail policy. Even if the
sender of a message is on the recipient’s safelist, the message may not be delivered to the end user
depending on other scanning settings and results.
When you enable safelists and blocklists, the appliance scans the messages against the safelist/blocklist
database immediately before anti-spam scanning. If the appliance detects a sender or domain that
matches a safelist or blocklist entry, the message will be splintered if there are multiple recipients (and
the recipients have different safelist/blocklist settings). For example, a message is sent to both recipient
A and recipient B. Recipient A has safelisted the sender, whereas recipient B does not have an entry for
the sender in the safelist or the blocklist. In this case, the message may be split into two messages with
two message IDs. The message sent to recipient A is marked as safelisted with an X-SLBL-Result-Safelist
header and skips anti-spam scanning, whereas the message bound for recipient B is scanned by the
anti-spam scanning engine. Both messages then continue along the pipeline (through anti-virus
scanning, content policies, and so on) and are subject to any configured settings.
database immediately before anti-spam scanning. If the appliance detects a sender or domain that
matches a safelist or blocklist entry, the message will be splintered if there are multiple recipients (and
the recipients have different safelist/blocklist settings). For example, a message is sent to both recipient
A and recipient B. Recipient A has safelisted the sender, whereas recipient B does not have an entry for
the sender in the safelist or the blocklist. In this case, the message may be split into two messages with
two message IDs. The message sent to recipient A is marked as safelisted with an X-SLBL-Result-Safelist
header and skips anti-spam scanning, whereas the message bound for recipient B is scanned by the
anti-spam scanning engine. Both messages then continue along the pipeline (through anti-virus
scanning, content policies, and so on) and are subject to any configured settings.
If a message sender or domain is blocklisted, the delivery behavior depends on the blocklist action that
you specify when you enable the safelist/blocklist feature. Similar to safelist delivery, the message is
splintered if there are different recipients with different safelist/blocklist settings. The blocklisted
message splinter is then quarantined or dropped, depending on the blocklist action settings. If the
you specify when you enable the safelist/blocklist feature. Similar to safelist delivery, the message is
splintered if there are different recipients with different safelist/blocklist settings. The blocklisted
message splinter is then quarantined or dropped, depending on the blocklist action settings. If the