Default Policies

When an organization is initially created in Cloud Email Protection, a set of default, pre-configured policies is created automatically. These policies match the most common conditions that Fortra Cloud Email Protection customers will catch with Cloud Email Protection, and they need to be enabled to start matching messages and to have notify and/or enforce actions defined for the policies. It is recommended that you enable the policies with no actions first. Start by just logging policy matches and monitoring results, then choose your notify and enforce actions.

This topic describes the out-of-the-box configuration of the default policies.

TIP: This information can be useful if you have changed the configuration of any of these policies and need to return them to their default state.

Any settings not specifically defined in the table below have the following values:

  • Direction: Inbound
  • Text fields: empty
  • Check boxes: unchecked
  • Drop-down lists: no value selected
  • Sliders with two handles: left handle at left end, right handle at right end (the When message count exceeds control has just one handle, and its default is 10)
Policy Name Setting Value Description
Brand Display Name Imposters Attack Types Brand Display Name Imposter Attack types include Brand DNI. To catch brand impostors where common brands are spoofed in the display name.
C-Level Imposters From C-Level Executives (address group) Matches a Display Name in the address group C-Level Executives. To catch BEC attacks/ impostors of your CEO, CFO, and other top executives. Note that this policy requires you populate the C-Level Executives address group, which is also created for you as a default address group.
Executive Imposters From Executives (address group) Matches a Display Name in the address group Executives. To catch BEC attacks/ impostors of other executives in your organization. Note that this policy requires you populate the Executives address group, which is also created for you as a default address group.
Look-alike Domains Attack Types Look-alike Domain Attack types include Look-alike Domain. Catch imposter domains with intentionally similar names, things like agarii.com or paypa1.com.
Low Message Trust and Low Server Reputation Trust Score Range 0.0 to 2.5

Message Trust Score is <= 2.5 and IP Reputation score is <= -2.0. To catch general spam and graymail that slips past your SEG.

IP Reputation Range -10.0 to -2.0
Rapid DMARC Domain's Tags Internal

Domain tag is "internal" and attack types include Domain Spoof. To catch spoofs of your own domains being sent to your employees. This policy mimics a DMARC reject policy without the need to go through a long process of authenticating all sources. Fortra Cloud Email Protection's trust models learn the authenticity of inbound sources.

Attack Types Domain Spoof
Spoof of Partner Domains Domain's Tags Partner

Domain tag is “partner” and attack types include Domain Spoof. To catch spoofs of your partners' domains.

Attack Types Domain Spoof
Suspicious Messages to C-Level To C-Level Executives (address group)

Matches an email address in C-Level Executives with a Message Trust Score between 0 and 3.0, inclusive. To catch messages that are either untrusted or very suspicious and sent to one of your C-Level executives.

Trust Score Range 0.0 to 3.0
Untrusted Messages Trust Score Range 0.0 to 1.1 Message Trust Score is between 0 and 1.0, inclusive.

The conditions in these default policies can be edited based on your experience and characteristics of your organization's mail flow. The out-of-the-box conditions are based on what has been effective across the Fortra Cloud Email Protection customer base.