Overview
SkyConnect has multiple features to prevent data leakages. This topic describes the following:
a. Mail policies to control mail flow which can be used for inbound, internal and outbound mail.
b. Data leak prevention for the Inbound mail flow.
c. Data leak prevention for Outbound mail.
Mail polices
What are mail policies and how do they work?
Mail policies is an advance security feature of SkyConnect which allows you to control mail flow from and to users and groups on your domain.
For example, using mail policies you can allow only a certain set of users to communicate with users on Gmail. Similarly, another set can only communicate with users of your domain. Or you can control who can send out attachments of a certain type and who is allowed to receive attachments.
Types of policies
When defining mail policies, you have to define sender and recipient policies. Sender policies are applied when the user is sending mail and Recipient policies are applied when the user or group is receiving mail.
So if you want to stop all communications between a user john@yourdomain.com and a Gmail user jane@gmail.com, then you will have to define a sender and a recipient policy for john@yourdomain.com.
Similarly, if you have a distribution list called all@yourdomain.com which is to be used only for internal purposes and you want to block all external communications to this group id, you will have to define a sender and recipient policy for this id.
If a certain id can only receive mail such as info@yourdomain.com but cannot be used to send out mail, then a sender policy has to be defined for this user and no recipient policy.
Defining a policy
Sender and recipient policies are defined by a Default action and zero or more exceptions to the default action. The Default action can be either Allow or Block.
Exceptions have an associated action which is opposite to the default action. For example, if the Default action is Block, then the exceptions will define all the conditions under which the default action of Block is not applied and the mail flow is allowed. Similarly, if the Default action is Allow, then the exceptions will define all the conditions under which the mail flow is to be blocked.
The conditions for the exceptions are defined using the following parameters:
-
Sender for recipient policies and Recipient for sender policies
-
Mail size
-
Attachment size
Note: After encoding in the MIME format, the size of mail body or attachment increases by 33%. The encoding is required to convert 8 bit data to 7 bit data (suitable for transmission over the network). Hence to block the a mail of size 1 MB or 1024 KB, add a policy for mail size 1024 * 1.33 ~ 1366 KB. In some cases where the mail/attachments may not be encoded, the mail/attachment size limit will be 1.33 MB.
-
Attachment count
-
Subject text
-
Body text
-
Attachment type
For each user or group you want to control, define the sender and recipient policies in a table as follows
|
User ID |
Default Sender Policy |
Exceptions To The Default Sender Policy |
Default Recipient Policy |
Exceptions To The Default Recipient Policy |
|---|---|---|---|---|
Sample Mail Policies
Allow users to receive mail but not to send
|
User ID |
Default Sender Policy |
Exceptions to the Default Sender Policy |
Default Recipient Policy |
Exceptions to the Default Recipient Policy |
|---|---|---|---|---|
|
all users of domain |
block |
none |
allow |
none |
Allow domain users to receive mail but restrict them from sending mail to any external domain
|
User ID |
Default Sender Policy |
Exceptions To The Default Sender Policy |
Default Recipient Policy |
Exceptions To The Default Recipient Policy |
|---|---|---|---|---|
|
all users of domain |
block |
allow when recipient is in domain yourdomain.com |
allow |
none |
Restrict domain users to send and receive mail mail from yahoo.com and gmail.com
|
User ID |
Default Sender Policy |
Exceptions To The Default Sender Policy |
Default Recipient Policy |
Exceptions To The Default Recipient Policy |
|---|---|---|---|---|
|
all users of domain |
allow |
1. block when recipient is in domain yahoo.com 2. block when recipient is in domain gmail.com |
allow |
1. block when sender is in domain yahoo.com 2. block when sender is in domain gmail.com |
Disable all users from sending emails to a particular email id like md@domain.com
|
User ID |
Default Sender Policy |
Exceptions To The Default Sender Policy |
Default Recipient Policy |
Exceptions To The Default Recipient Policy |
|---|---|---|---|---|
|
all users of domain |
allow |
block sending to md@domain.com |
allow |
none |
Allow only domain users to send emails to the group all@yourdomain.com
|
User ID |
Default Sender Policy |
Exceptions To The Default Sender Policy |
Default Recipient Policy |
Exceptions To The Default Recipient Policy |
|---|---|---|---|---|
|
all@yourdomain.com |
allow |
none |
block |
allow when sender is in domain yourdomain.com |
Allow only users in group mgmnt to send emails to the group all@yourdomain.com
|
User ID |
Default Sender Policy |
Exceptions To The Default Sender Policy |
Default Recipient Policy |
Exceptions To The Default Recipient Policy |
|---|---|---|---|---|
|
all@yourdomain.com |
allow |
none |
block |
allow when sender is in group mgmnt@yourdomain.com |
Allow only user md@yourdomain.com to send emails to the group all@yourdomain.com
|
User ID |
Default Sender Policy |
Exceptions To The Default Sender Policy |
Default Recipient Policy |
Exceptions To The Default Recipient Policy |
|---|---|---|---|---|
|
all@yourdomain.com |
allow |
none |
block |
allow when sender is md@yourdomain.com |
Block only users of the group tempstaff@yourdomain.com to send emails to the group all@yourdomain.com
|
User ID |
Default Sender Policy |
Exceptions To The Default Sender Policy |
Default Recipient Policy |
Exceptions To The Default Recipient Policy |
|---|---|---|---|---|
|
all@yourdomain.com |
allow |
none |
allow |
block when sender is in tempstaff@yourdomain.com |
Block users from sending attachments to Gmail
|
User ID |
Default Sender Policy |
Exceptions To The Default Sender Policy |
Default Recipient Policy |
Exceptions To The Default Recipient Policy |
|---|---|---|---|---|
|
all@yourdomain.com |
allow |
block when attachment count is greater than or equal to 1 and recipient is in domain gmail.com |
allow |
none |
Block users from sending more than 5 attachments
|
User ID |
Default Sender Policy |
Exceptions To The Default Sender Policy |
Default Recipient Policy |
Exceptions To The Default Recipient Policy |
|---|---|---|---|---|
|
all@yourdomain.com |
allow |
block when attachment count is greater than 5 |
allow |
none |
Block users from sending more than 2 MB of attachments
|
User ID |
Default Sender Policy |
Exceptions To The Default Sender Policy |
Default Recipient Policy |
Exceptions To The Default Recipient Policy |
|---|---|---|---|---|
|
all@yourdomain.com |
allow |
block when attachment size is greater than 2048 |
allow |
none |
Block users from sending more mail with Happy Diwali in subject
|
User ID |
Default Sender Policy |
Exceptions To The Default Sender Policy |
Default Recipient Policy |
Exceptions To The Default Recipient Policy |
|---|---|---|---|---|
|
all@yourdomain.com |
allow |
block when subject has Happy Diwali |
allow |
none |
Block users from sending gifs attachments
|
User ID |
Default Sender Policy |
Exceptions To The Default Sender Policy |
Default Recipient Policy |
Exceptions To The Default Recipient Policy |
|---|---|---|---|---|
|
all@yourdomain.com |
allow |
block when attachment type is gif |
allow |
none |
Configure mail policies for your domain
Mail policies are configurable via the back-end and we request you fill this spreadsheet with the details and raise a ticket to the Mithi Support team. We will configure the same for you.