Kaspersky Secure Mail Gateway protects incoming and outgoing mail traffic of the organization. You can configure the following general protection settings:
General protection settings are applied when scanning all messages. You can configure actions taken on messages after the scan and additional settings using message processing rules.
Kaspersky Secure Mail Gateway performs anti-virus protection of messages: scans email messages for viruses and other threats and disinfects infected objects using the current (latest) version of Anti-Virus databases.
Messages are scanned for viruses and other threats by the Anti-Virus module. The Anti-Virus module scans the body of the message and all attached files in any format (attachments) using the Anti-Virus databases. The Anti-Virus module detects and blocks email attachments that are intended for a limited number of recipients and are components of targeted attacks designed to exploit software vulnerabilities.
Based on the results of the scan, the Anti-Virus module assigns a status to the message:
The Anti-Virus module is enabled by default. If required, you can disable the Anti-Virus module or disable Anti-Virus scanning for any rule.
You can disable the detection of advertising links and links relevant to certain legitimate programs.
Based on the results of link scanning, the application assigns one of the following statuses to the message:
Kaspersky Secure Mail Gateway filters messages passing through the mail server to remove unsolicited mail (spam).
Messages are scanned for spam by the Anti-Spam module. The Anti-Spam module scans each message for signs of spam. First, the Anti-Spam module scans the attributes of the message, such as sender and recipient addresses, size, and headers (including the From and To fields). Second, the Anti-Spam module analyzes the message content (including the Subject header) and attached files.
If spam or probable spam is detected in a message, a certain status is assigned to it depending on the spam rating. The spam rating of a message is an integer number from 0 to 100, which is a sum of points awarded to the message for each time the Anti-Spam module was triggered while processing the message. The spam rating takes into account the results of the SPF scan and reputation filtering of messages.
When the Anti-Spam module is enabled, protection against BEC attacks is automatically enabled. This protection helps recognize spoofed messages from hackers attempting to compromise business correspondence.
The Moebius service compares the current Anti-Spam database used by the application with the database on the Moebius server and determines the difference. Missing entries are then sent to the Control node over HTTPS. To keep the size of transmitted data reasonable and ensure normal functioning of the Moebius server, Anti-Spam databases must be updated on a regular basis.
The Anti-Spam module helps prevent spoofing attacks in which hackers use a fake name (Display Name) in the From message header, and the domain from which the message was sent does not match the domain of the specific organization. You can indicate one Active Directory group containing at most 10 000 users which will be protected against spoofing.
This option lets you check SMTP session data based on records of blocked IP addresses and domains in Anti-Spam module databases.
Anti-Spam Quarantine is available only if KSN participation is enabled.
After a message is placed in Anti-Spam Quarantine, the application contacts KSN servers for further scanning of the message. The KSN cloud service improves the accuracy of spam detection because KSN databases contain more up-to-date information than Anti-Spam databases used by the application.
Based on the Anti-Spam scan results, the Anti-Spam module assigns one of the following statuses to the message:
Based on the scan results, the
X-MS-Exchange-Organization-SCL X-header is added to the message. This header contains the SCL rating.
By default, the Anti-Spam module is enabled. If required, you can disable the Anti-Spam module or disable Anti-Spam scanning for any rule.
Kaspersky Secure Mail Gateway filters messages passing through the mail server to remove phishing.
Messages are scanned for phishing by the Anti-Phishing module. The Anti-Phishing module analyzes the message content (including the Subject header) and attached files.
You can configure the maximum duration of an Anti-Phishing scan.
Based on the results of the scan, the Anti-Phishing module assigns a status to the message:
The Anti-Phishing module is enabled by default. If required, you can disable the Anti-Phishing module or disable Anti-Phishing scanning of messages for any rule.
Kaspersky Secure Mail Gateway can perform content filtering of messages that pass through the mail server. You can restrict transmission of messages with specific parameters by the mail server.
As a result of content filtering, the Scan Logic message scanning control module assigns one of the following content filtering statuses to messages:
By default, Content filtering of messages is enabled. If necessary, you can disable Content Filtering in general protection settings or per rule.
Mail Sender Authentication is designed to provide additional protection for your corporate mail infrastructure against spam and phishing.
Kaspersky Secure Mail Gateway uses the following Mail Sender Authentication technologies:
SPF Mail Sender Authentication – comparing IP addresses of mail senders with the list of possible message sources that has been created by the mail server administrator.
Kaspersky Secure Mail Gateway receives lists of possible message sources from the DNS server.
Enable SPF message authentication if Kaspersky Secure Mail Gateway receives messages directly from the Internet. Disable SPF message authentication if Kaspersky Secure Mail Gateway receives messages from an intermediate internal server.
DKIM Mail Sender Authentication – verification of the digital signature added to messages.
A digital signature associated with the name of the organization's domain is added to messages. Kaspersky Secure Mail Gateway verifies this digital signature.
DMARC Mail Sender Authentication – Verification that determines the policy and actions taken on messages based on the results of SPF and DKIM Mail Sender Authentication.
SPF- and DKIM authentication must be enabled to perform DMARC authentication. If SPF- or DKIM authentication is disabled, DMARC authentication will also be disabled.
After the message has passed SPF and DKIM authentication, the program verifies that the domain containing the sender address in the From field of the message header matches the SPF and DKIM IDs.
To enable SPF, DKIM, and DMARC Mail Sender Authentication, you must allow Kaspersky Secure Mail Gateway to connect to the DNS server. If the connection to the DNS server is prohibited, SPF, DKIM, and DMARC Mail Sender Authentication is disabled.
Based on the results of Mail Sender Authentication, one of the following statuses is assigned to the message:
By default, all Mail Sender Authentication checks are enabled. If necessary, you can disable any Mail Sender Authentication in general protection settings or per rule.
To let the remote mail server perform Message Sender Authentication of outgoing messages (when the message sender is Kaspersky Secure Mail Gateway), you must take steps to add SPF and DMARC records to the settings of your DNS server.