Email Monitoring Policies

An Email Monitoring Policy is a set of configuration options for email monitoring that is applied to monitored endpoints simultaneously.

The Default Email Policy is configured so that all emails are monitored. You can create your own policies and configure which email events you want to monitor.

You can configure multiple email monitoring policies. Email policies are assigned in Email Monitoring Settings.

Setting up an Email Monitoring Policy

1. Select Configuration > Endpoint Management > Recording Policies and select the Email Monitoring Policies tab.

   The list of existing Email Monitoring policies displays.

2. Click to Create or select the policy you want.

   The Email Monitoring Policies page displays.

   

3. Enter a Policy Name.

4. To define which emails you want to monitor, select options from the following:

   • Monitor by email event
   • Monitor by recipient domain
   • Filter by sender

Monitor by email event

Email monitoring events are sending emails, attaching files to your email client and saving attachments from emails.

To configure email events you want to monitor, in the Email event types to monitor section, select one or more of the options.

• File attachments to an email client: Monitor files that are attached to an email client. For example, a user attaches secret.doc to an Outlook email. The attachment is detected even if the email is not sent.

• Attachments saved from an email client: Monitor attachment files that are saved from an email client. For example, a user receives an email with an attachment, such as secret.doc and saves the attachment locally.

• Email sending using an email client: Monitor emails sent from your company's email client.

  When Email sending using an email client is turned on, it is recommended that you turn on File attachments to an email client. If you do not turn on File attachments to an email client, you may only receive partial information for the email sent.

Monitor by recipient domain

You can configure which emails to monitor according to the domain of the email recipients.

You can create lists of trusted domains. Typically, this would include domains like your internal domain. For example, you might want to add your company's domain to a list of trusted domains.

You use this list and define which emails to monitor based on who they are sent to. For example, you might want to monitor only emails sent to recipients outside your organization. You might decide to monitor internal emails but only if they have an attachment and if they do not have an attachment you do not monitor them at all.

To configure emails to monitor according to the recipients, create a list of trusted domain names and recipient.

In the Trusted domain list section, create a list or use Bulk Lists to create a list of trusted domains. Click Bulk Edit.

In the Email monitoring settings for trusted / untrusted recipients section, configure emails to monitor according to the recipients.

The table below describes the configuration options. In the examples given, the trusted domain list includes only your organization's domain.

Trusted Domain	Action	Example
When all email recipients are in trusted domains	Do not monitor emails	Emails sent to only to recipients within your organization are not monitored.
	Monitor emails with attachments only	Emails sent to recipients only within your organization are only monitored it there is an attachment.
	Monitor all emails sent	Monitor all emails sent when the recipients are in your organization only.
When email includes recipients not in trusted domains	Do not monitor emails	Emails that have at least one external recipient are not monitored.
	Monitor emails with attachments only	Emails that have at least one external recipient are monitored only if they include an attachment. .
	Monitor all emails sent	Monitor all email sent that have at least one external recipient.

Filter by sender

You can filter emails by sender.

To configure emails to filter by sender, in the Filter email monitoring by sender section, select one of the options.

• Monitor all: No filtering by sender.

• Monitor only emails sent by users in the list: Monitor emails sent by specific users. For example, you might want to monitor only emails sent by employees in a high risk list, such as those who gave notice and are planning to leave the company. Emails sent by any other employee, not in the list, would not be monitored.

• Do not monitor any emails sent by users in the list: Monitor emails sent by specific users. For example, you might want to monitor emails sent by all employees in the organization except users with sensitive information, such as lawyers in the legal department.

From the drop-down list, select the list of users you want to filter by. See Creating Lists and Editing Lists.

Optionally, you can create lists specifically for filtering by sender. You can use Users excluded from email monitoring and Users included for email monitoring lists or any other list you want.

Related Topics:

Email Clients Monitoring and Visibility

Email - Did What

Email Activity Report Configuration