With the Allow/Deny options, you can create lists of email senders that the policy always allows or always denies regardless of the circumstances. These sender lists can include individual email addresses, IP addresses, and domains.
• Sender Allow — add senders that you trust and always want to receive email from.
• Sender Deny — add senders that you do not trust and do not want to receive email from.
(Domain lists versus User lists)
Email Protection allows for allowed and denied senders lists at both the Domain (Policy Set) level and the user level. When there is a conflict between lists, the higher ranked Domain list takes precedence.
For example, a user who adds an address to their personal allow list can expect to receive email from that sender. However, if that address is also on the policy deny list, the sender is denied.
(Allow lists versus Deny lists)
The allow list always takes precedence over the deny list within the same policy set when there is a conflict.
For example, when a domain is on the deny list, but a sender from that domain is also on the allow list, the sender is allowed.
You can add email addresses, domains, IP addresses, and IP address ranges. You can also use wild cards.
• 10.20.0.4 • *.20.*.16
• 10.20.*.4 • 10.0.62.0/24 • 10.*.*.*
Note: Do not use a wildcard and a number within the same octet. For example, 10.2*.0.4 is not valid.
The Sender Allow tab allows you to maintain a list of trusted senders.
(Bypass attachment policy)
Email senders that are added to the allow list are still subject to other parts of the policy. For example, inbound email from senders on the allow list is filtered for viruses and malicious attachments.
However, you can use the Bypass attachment policy feature to receive mail from senders without filtering for attachments. This option is not selected by default, but you can select it for new and existing senders when you update the list.
(Add senders to the allowed list)
Use the Sender Allow tab to manage the list of allowed senders.
For option definitions, click Help in the interface.
1 In the Policy Set window, select Allow/Deny | Sender Allow
2 Enter the domain, email address, or IP address.
3 If necessary, select to require SPF validation or to bypass the attachment policy.
• Require SPF Validation
• Bypass attachment policy
4 Click Add >>.
The sender now appears in the list.
5 Click Save.
The Sender Deny allows you to define a list of sender email addresses whose email will not be accepted for delivery. If an email address is entered here, users will not be able to override this setting even if the email address is entered in their user-level allow list. To enter values into the Sender Deny List complete the following information.
1 In the Policy Set window, select Allow/Deny | Sender Deny
2 Enter an address into the Domain, Email Address, or IP Address: field.
Use one of the above Adding senders formats.
3 Click Add.
4 Click Save.