Best Practice for Sorb Security Cloud Email Security Solution
Email Firewall
1. Migrate the existing Whitelist or Blacklist from the existing setup for IP/Domain/Sender
2. Configure known high outbound volume senders at Exception in Outbound Throttling
Mail Routing
1. Set the next hop(s) in Inbound, FQDN or IP or FQDN:<Custom Port> or IP:<Custom Port>
2. Set the trusted source IP or Subnet in Outbound, 1.2.3.4 or 1.2.3.0/24
3. Configure the senders who are known to send massive emails under the volume agreed in T&C and SLA at Outbound Mass Senders tab in Outbound Special Route. Enable flood notification.
4. Optional, if there are recipients on multiple destination servers, configure them in Inbound Delivery Control
5. Optional, Suggest to enable DKIM signature in Outbound DKIM Config to secure the integrity of the outbound emails
Attachment Protection
1. Set Quarantine or Disarm in the mode tab
2. Enable Anti-Virus for both Inbound and Outbound at Config tab in Anti-Virus
3. For Elite or Supreme subscription, enable Sandbox in Advanced Malware Detection for Inbound at Config tab, leave Outbound disabled. Enable the notification and provide the Security Admin email address as the subscriber.
4. For Supreme subscription, enable Attachment Zero-Trust. Optional, configure Expiration for the attachment access via the Zero Trust Model.
Content Security
1. Enable Anti-Spam under Config, set the threshold to 60 for inbound and 80 for outbound. Optional, you can configure the system to tag the suspicious emails by dragging the scoring ball. At here, you have to configure your mail server to action on the matched header and value.
2. Enable Security Banner for both Inbound and Outbound. There are the options to customize the banner information and apply it to the specific mailboxes only. We highly recommend to apply to everyone.
3. Optional, enable Graymail for Inbound. Suggest to configure it based on the different flavors and user requests.
4. Optional, for Elite and Supreme subscription, enable DLP for any potential data leak.
Phishing Protection
1. Set to Quarantine in the Mode
2. For Elite and Supreme subscription, enable Phishing Link Detection at Config tab in URL Detection for the Live URL Detection.
3. For Elite and Supreme subscription, enable URL Zero-Trust Protection and Allow Open URL on Notification Page(Click-Time Detection) in Config under URL Zero-Trust.
4. For Supreme subscription, enable Protected Browsing for the complete Phishing Protection.
Administration
1. Create Report under Report config in Report. Then subscribe the Email/Security Admin to the reports.
2. Configure the Timezone for the tenant/domain
3. Enable Quarantine Notification by clicking the numbers in the Clock and customize it if you want
4. For Elite or Supreme subscription & Zimbra or Gmail servers, highly recommend to configure Threat Remediation. Zimbra | Google Workspace | M365