The Cisco Email Perimeter is the mechanism DoIT uses to route and scan all email messages entering the State Enterprise email system. It is used to provide delivery of email correspondence from / to external sources; as well as, protect the security of the mail system for all our customers. The perimeter solution reviews all email for potential security threats such as Phishing, Spam, viruses, Denial of Service attacks. As it finds these threats it takes action according to the type and severity of the threat. For those with a lower threat it will place the message into the Quarantine Manager, which is fully explained below. Cisco Email Perimeter also allows users to send secure messages using its integrated CRES (Cisco Registered Envelope Service); more information on this is found at this Secure Web Delivery FAQ Link.
What is Cisco Quarantine Manager?
Cisco Email Perimeter uses an email quarantine manager to provide a central point for users to analyze and act upon emails that have been identified as potential Spam. This gives the user the ability to Release/Delete messages and Whitelist/Blacklist senders or sending domains. With Cisco Quarantine Manager, the user will be able to act upon the messages within the Spam Digest email or access a user Interface to perform these functions. User
created blacklist/whitelists from our old system will
not be brought over to the new email perimeter. Cisco uses a different
reputation dictionary, so these may need
to be set up again when the user receives their first quarantine
notification. Instructions on how to set these
blacklists/whitelists are explained in more detail below.
How do I access Cisco Quarantine Manager?
access Cisco Quarantine Manager and perform actions such as whitelisting &
blacklisting specific senders or to see all the messages in your personal
quarantine queue, click on the link contained in the spam email digest that is
sent to you when you have a quarantined email. You can save this link to your favorites for
**The links in the spam digest
are unique to each user and should not be shared with any other person**
How long are emails kept in the Cisco Quarantine Manager?
message(s) will be automatically purged from the system in 17 days if you take
no action on the items.
How do I Blacklist or Whitelist senders?
senders, you will need to access your personal quarantine account using the
link contained in the spam digest. Once you
are in the quarantine interface, you can check the message you want to perform
an action on. In some cases, you may
want to release the message or release and add the sender to your safelist for
future messages. You can also choose to
delete the message.
Another way to whitelist an email address or domain is to select Options in the right corner and click Safelist.
Then add the address or domain in the window that appears.
To blacklist senders, you can click on Options in the upper right corner and select "Blocklist".
can then enter the email address or domain and click Add to list.
remove a user in your block list
How often do I get a Spam Quarantine Notification?
approximately 8:00am, 12:00pm and 3:00pm each day, if there are any new items
in your Cisco Quarantine Manager, you will receive a Spam Digest Report. The
email will have a summary of the email(s) that have been quarantined since your
last Spam Digest Report.
What is Secure Message Delivery?
delivery is a service that guarantees secure delivery of email by either
delivering Transport Layer Security (TLS) or by storing the email within the Cisco
Registered Envelope Services (CRES) and providing a secure link to the
recipient to retrieve the email. For
information about Secure Message Delivery you can click on the following
link. Link to Secure Message Delivery FAQ.
What is Cisco Outbreak Filter?
Cisco Outbreak Filters protects our
network from large-scale virus outbreaks and smaller, non-viral attacks, such
as phishing scams and malware distribution, as they occur. Cisco gathers data
on outbreaks as they spread and sends updated information to our Email Security
appliance in real-time to prevent these messages from reaching our users. Cisco
uses global traffic patterns to develop rules that determine if an incoming
message is safe or part of an outbreak.
Messages that may be part of an outbreak
are quarantined until they’re determined to be safe based on updated outbreak
information from Cisco. Outbreak Filters analyze a message’s content and
searches for URL links to detect this type of non-viral attack. Outbreak
Filters can rewrite URLs to redirect traffic from potentially harmful websites
through a web security proxy, which either warns users that the website they
are attempting to access may be malicious or blocks the website
completely. Messages which are
identified using the Cisco Outbreak Filter and are determined to be clean are
marked with “Suspicious Message” in the subject
line when delivered to the user. Users
should be aware of this and proceed with caution when opening these messages.
What is Graymail? Coming Soon!!!!
Graymail messages are messages that do
not fit the definition of spam. Examples
of graymail would be, newsletters, mailing list, subscriptions, social media
notifications, and so on. These messages were of use at some point in time but
have subsequently diminished in value to the point where the end user no longer
wants to receive them. The difference
between graymail and spam is that the end user intentionally provided an email
address at some point (for example, the end user subscribed to a newsletter on
an e-commerce website or provided contact details to an organization during a
conference) as opposed to spam, messages that the end user did not sign up for.
The graymail engine classifies each
graymail message into one of the following categories:
Social Network Email. Notification messages from social networks, dating websites, forums, and so on. Examples include alerts from:
LinkedIn, for jobs that you may be interested in
CNET forums, when a user responds to your post.
Bulk Email. Advertising messages sent by unrecognized marketing groups, for example, newsletters from TechTarget, a technology media company.
How do I unsubscribe from a message marked Graymail? Coming Soon!!!!
End user receives an email with graymail banner and they no longer want to receive messages from this sender.
End user clicks on the unsubscribe button which is contained in the graymail banner across the top of the email.
Cisco Graymail Unsubscribe then extracts and checks the reputation of the unsubscribe link If the link is malicious, it will block the page to the end user.
If the link is legitimate, Cisco will execute the unsubscribe process on the user’s behalf.
The unsubscribe status will then be displayed to the end user – it may take up to four hours for the unsubscribe to take effect.
What is Cisco URL Filtering and URL Re-Write? Coming Soon!!!!
Cisco URL Filtering allows control and protection against malicious or undesirable links that are introduced into our system within emails. Cisco URL Filtering will scan all URL's contained in an email and determine if the URL is safe to access. Filtering will re-write the URL if needed so the link takes the user to a Cisco Security Proxy first. This allows URLs to be scanned/checked by Cisco to determine the safety of the web-sites. If the site is determined to be unsafe, Cisco will block access.
If you are having issues, please contact the DoIT Help Desk at 217-524-3648 (Springfield) or 312-814-3648 (Chicago).