McAfee SMEFCE-AI-DA - Email Security Service Inbound Administration Manual page 15

Email Protection Administrator Guide
Multi-Level Allow and Deny Lists
Email Protection allows you to define lists of emails that will always be denied (blacklists)
or will always be accepted (whitelists) at multiple levels. In addition, you can enable third-
party Real-time Blackhole List to be used to filter unwanted emails.
The administrator-level lists override the user-level lists in a top-down manner: global lists
first, policy set lists next, and lastly user-level lists. For example, if the same address is
added to a user-level Allow list and the policy set Deny list, the address is always denied.
At the same level, the Allow list overrides the Deny list. For example, if you designate a
range of email addresses (for example, by designating an entire domain) in the Deny list,
but then designate a single email address from that domain in the Allow list, the email
from that single address will be always accepted while the email from any other address in
the domain in the Deny list will be always denied.
The same address string cannot be added multiple times in the same list or added to both
the Allow and Deny lists.
Be aware that emails that have been quarantined by Email Protection may not need to be
added to Deny lists because they are already being blocked from entering your email
network.
Following are the types of Allow and Deny lists that are available in Email Protection:
Allow/Deny List
Global Deny List
Policy set-level
Sender Deny Lists
and Sender Allow
Lists
November 2012 Proprietary: Not for use or disclosure outside McAfee without written permission
Type
If your Email Protection provider determines that a Sending
SMTP has sent too many invalid incoming emails within a
specified time period, it will add the IP address for that Sending
SMTP to a Global Deny List for a designated time period (default
is 2 hours). During the denial period, all emails received from that
Sending SMTP will be automatically denied. This process helps to
protect against dictionary harvest and Denial of Service attacks.
This process can be disabled at the system level.
Sender Deny lists indicate sender addresses from which email is
denied automatically. Sender Allow lists indicate sender addresses
from which email is allowed without spam, content, or attachment
filtering (virus filtering is always enabled unless specifically
disabled).
You can designate a single email address, entire domains or IPs, or
use wildcards to designate ranges of addresses. Optionally, you
can save these lists to a spreadsheet file.
Each policy set affects the email filtering for all user accounts in
the groups that are subscribed to that policy set.
Email Filtering Policies
Description
7