To get up and running with Sensical.net Mail Scanner is very simple; all you need to do is set the inbound and outbound email routes as follows:
First, you need to log in to the Sensical.net Control Panel to manage your domain. Follow these instructions:
from the Control Panel Home Page.
next to the domain.
Follow these high level instructions to setup Inbound Email which is for email from the Internet addressed to your domain which will be delivered to the Sensical.net email servers then onto your email server(s).
Follow these high level instructions to setup Outbound Email which is for email from your email server(s) to the Internet.
When you log in to the Sensical.net Control Panel and select the Mail Scanner icon for your domain you will presented with your domain's Mail Scanner Dashboard. The Dashboard displays an overview of the Mail Scanner settings and a number of graphs allowing you to see performance.
To return to the Dashboard just click Dashboard from the Mail Scanner Menu Bar.
See Also: Reporting for one-off and scheduled reports showing data and graphs for all the key performance metrics over a given period of time.
See Also: Message Storage to view individual emails.
The Mail Scanner Dashboard shows four fixed graphs summarising the last week and last day's email volumes and contents as follows:
Last 7 Days' Mail Volumes
Last 7 Days' Mail Contents
Last 24 Hours' Mail Volumes
Last 24 Hours' Mail Contents
Inbound Email Arrives at Customer's Mail Server
Click on Inbound Settings on the Mail Scanner Menu Bar and you can configure all the settings for inbound email as follows:
| Inbound Email Settings |
|---|
| Enable Inbound Email Processing When set to Yes then inbound email will be accepted, processed and delivered to the Inbound Mail Server. When set to No then inbound email will not be accepted for processing by the Sensical.net Mail Scanner and instead will be rejected. All of the following inbound email settings depend on this being set to Yes. |
| Inbound DNS Mail Exchanges The customer should set the DNS MX records for the domain to be used with the Mail Scanner to the values indicated here. See Quick Start Guide for further information. |
| Inbound Mail Server Connection Range After processing, inbound email will be delivered to the Customer Inbound Mail Server from these IP address ranges. Please ensure your firewall(s) and mail server(s) are open to SMTP (TCP port 25) connections from these IP address ranges. See Quick Start Guide for further information. |
| Customer Inbound Mail Server Email will be delivered via SMTP to this inbound email server name and port once it has been processed by the Sensical.net Mail Scanner. Default port is 25. See Quick Start Guide for further information. |
| Maximum Message Size Email with a size in bytes above this limit will be discarded. Default is 0 (which means no limit). The system email size limit, as controlled by Sensical.net, will still apply, independent of the value of this setting. The system email size limit is currently 20,480,000 bytes (19.53 megabytes). |
| Archive Inbound Email If available, when set to Yes, all inbound email will be archived. Archived email is permanently stored in the Message Store for later inspection or retrieval. Setting this option to Yes overrides some other options below as follows: Quarantine Viruses and Quarantine Spam will both always be Yes and Spam Quarantine Upper Threshold will always be set to infinity. |
Sensical.net Mail Scanner uses an advanced scanning engine which runs 1000s of heuristic tests against each incoming email to identify "spam", also known as unsolicited commercial email.
Each email is given a Spam Score to indicate the probability that it is spam. The higher the score, the more likely the email is to be spam. Traditionally, a score of 5.0 or more indicates that the email is spam.
The scanner typically differentiates successfully between spam and non-spam in between 95% and 100% of cases, depending on what kind of email you get. Specifically, Sensical.net Mail Scanner has been shown to produce around 1.5% false negatives (spam that was missed) and around 0.06% false positives (non-spam incorrectly marked as spam).
Based on the Spam Score, the Sensical.net Mail Scanner will process the email differently. The processing can be customised by altering the thresholds and other options as now described:
Email Destiny is the most important attribute which will determine whether the email is Delivered, Quarantined or Discarded as explained below:
For a full list of settings related to Spam Detection, please see Inbound Email Spam Settings.
| Email Destiny |
|---|
Deliver
|
Quarantine
|
Discard
|
In the following situation, an inbound email will have certain spam headers added prior to delivery to the customer's email server(s) for onward retrieval/delivery to the user:
In the above situation, the following headers will be added to the inbound email:
| X-Spam-Flag | Set to YES if the Spam Score is equal to or above Spam Threshold; otherwise set to NO. |
|---|---|
| X-Spam-Score | Set to the Spam Score, to 3 decimal places. |
| X-Spam-Level | Contains a string containing a s character for each integer value (rounded down) of the Spam Score. For example, if the Spam Score is 2.804, then the value of X-Spam-Level will be ss. |
| X-Spam-Status | Contains a multi-line description of the output of the Spam Scanner, indicating, amongst other things, the spam tests that were positive for this email. |
Example Spam Detection Headers:
X-Spam-Flag: NO X-Spam-Score: 0.646 X-Spam-Level: X-Spam-Status: No, score=0.646 tagged_above=0 required=5 tests=[DRUGS_ERECTILE=1.646, SPF_PASS=-1.000]
Sensical.net Mail Scanner scans each incoming email before it is delivered to the customer's email server(s) for onward retrieval by the email recipient(s).
Sensical.net Mail Scanner is capable of detecting over 530.000 viruses, worms and trojans, including Microsoft™ Office™ macro viruses, mobile malware, and other threats. It has full deep-scanning capabilities and scans within archives and compressed files (also protects against archive bombs), built-in support includes: Zip (including SFX), RAR (including SFX), ARJ (including SFX), Tar, Gzip, Bzip2, MS OLE2, MS Cabinet Files (including SFX), MS CHM (Compiled HTML), MS SZDD compression format, BinHex, SIS (SymbianOS packages) and AutoIt.
For a full list of virus settings, please see Inbound Email Virus Settings.
The white & black list service allows you to override the normal spam detection based on the email address of sender(s) of the inbound email. For instance, if an email from a certain sender is being marked as spam, then you can add the sender's email address to the white list to ensure the email is not marked as spam. Similarly, if an unwanted email from a certain sender is not being marked as spam, then you can add the sender's email address (or domain) to the black list to ensure the email is marked as spam in the future.
To view or edit the white or black list for your domain, click the White/Blacklists on the Mail Scanner Menu Bar.
White List
Black List
Priorities
A priority can be set for each entry in a white list or black list. Entries with a higher-numbered priority take precedence. Normally, setting the priority is not required. However in certain circumstances it can be useful when mixing wildcard and domain-wide entries from the same domain across both the white and black lists. For example, if you want to black-list any email from @aol.com except for emails from friend@aol.com, then you should add @aol.com to the black list and friend@aol.com to the white list and ensure that the priority of @aol.com is lower than the priority of friend@aol.com.
Inbound email may be quarantined, instead of being delivered to the customer's email server(s) for onward retrieval/delivery to the email recipients. Inbound email is quarantined in the following two cases:
When an email is quarantined, the Sensical.net Mail Scanner can be configured to warn the recipients of the email by sending them a notification email. Please see Inbound Recipient Notifications for more information.
Once an email is quarantined, it will be assigned a unique Quarantine ID. This can be used in Inbound Recipient Notification to identify the email for potential release from quarantine.
All Quarantined email can be reviewed, and potentially released, by the Customer Administrator via the Message Store.
Please note the following with regard to multi-recipient email:
Inbound email (i.e. email arriving at the customer's email server from the Internet) is scanned by the Sensical.net Mail Scanner. In the following cases, where the email is not delivered to the recipient(s), it is possible to configure the Sensical.net Mail Scanner to send a warning notification email to the recipient(s).
| Three Types of Recipient Notification | |
|---|---|
Quarantined Virus
|
|
Discarded Virus
|
|
Quarantined Spam
|
|
Here is an example of the default notification email that a recipient will receive if they are sent a virus that is quarantined.
|
From: "Mail Scanner" <null@sensical.net> Subject: Virus (Eikar Virus A/32) from <sender@aol.com>: Latest stock information You have received an email which is likely to contain a VIRUS from: <sender@aol.com> with the following subject: Latest stock information The following virus(es) have been detected: Eikar Virus A/32 The message has been quarantined with the unique ID: mxk14102jj3 If you believe the email was legitimate then you should forward this email to your IT Department and ask for the email to be released from quarantine. If you need to receive future emails from this sender then you should also ask your IT Department for the sender to be 'white-listed' so that future emails are not quarantined in this manner. Technical email details follow. -----Original Message----- From: sender@aol.com Return Path: <fred@aol.co.uk> Sent: Thu, 17 Apr 2008 10:23:43 +0100 (BST) To: undisclosed-recipients:; Subject: Latest stock information Message ID: <30142219.40.1239992623674.JavaMail.www@ln3-srv-04.sensical.net> Internal Reference Code: 02144-08/sJtYup0yUd9j Mail Scanner Host: emailscanner2.sensical.net Viruses: Eikar Virus A/32 First upstream SMTP client: [64.12.50.151] email.aol.com Originating SMTP client: [84.45.112.3] blackberry.com bda131.bb.com [84.45.112.20] |
Here is an example of the default notification email that a recipient will receive if they are sent a virus that is discarded.
|
From: "Mail Scanner" <null@sensical.net> Subject: Virus (Eikar Virus A/32) from <sender@aol.com>: Latest stock information You have received an email which is likely to contain a VIRUS from: <sender@aol.com> with the following subject: Latest stock information The following virus(es) have been detected: Eikar Virus A/32 The email has been discarded. If you believe the email was legitimate and you wish to receive future emails from this sender, then you should forward this email to your administrator and ask for the sender to be white-listed so that future emails are not blocked in this manner. Once the sender is white-listed you may ask the sender to re-send their message. Technical email details follow. -----Original Message----- From: sender@aol.com Return Path: <fred@aol.co.uk> Sent: Thu, 17 Apr 2008 10:23:43 +0100 (BST) To: undisclosed-recipients:; Subject: Latest stock information Message ID: <30142219.40.1239992623674.JavaMail.www@ln3-srv-04.sensical.net> Internal Reference Code: 02144-08/sJtYup0yUd9j Mail Scanner Host: emailscanner2.sensical.net Viruses: Eikar Virus A/32 First upstream SMTP client: [64.12.50.151] email.aol.com Originating SMTP client: [84.45.112.3] blackberry.com bda131.bb.com [84.45.112.20] |
Here is an example of the default notification email that a recipient will receive if they are sent a spam that is quarantined.
|
From: "Mail Scanner" <null@sensical.net> Subject: Spam from <sender@aol.com>: Latest stock information DO NOT REPLY TO THIS EMAIL - THIS IS AN AUTOMATED MESSAGE You have received an email which is likely to be SPAM from: <sender@aol.com> with the following subject: Latest stock information The message has been quarantined with the unique ID: mxk14102jj3. If you believe the email was not spam then you should forward this email to your IT Department and ask for the email to be released from quarantine. If you need to receive future emails from this sender then you should also ask your IT Department for the sender to be 'white-listed' so that future emails are not quarantined in this manner. Technical email details follow. -----Original Message----- From: sender@aol.com Return Path: <fred@aol.co.uk> Sent: Thu, 17 Apr 2008 10:23:43 +0100 (BST) To: undisclosed-recipients:; Subject: Latest stock information Message ID: <30142219.40.1239992623674.JavaMail.www@ln3-srv-04.sensical.net> Internal Reference Code: 02144-08/sJtYup0yUd9j Mail Scanner Host: emailscanner2.sensical.net Spam Score: 1.098 First upstream SMTP client: [64.12.50.151] email.aol.com Originating SMTP client: [84.45.112.3] blackberry.com bda131.bb.com [84.45.112.20] |
It is possible to individually-customise the content of the 3 recipient notification types on a domain-wide basis. It is not possible to customise the content of the recipient notifications on a recipient-by-recipient basis.
In order to customise a default recipient notification template, follow these steps: First go to Inbound Settings, then click Edit Notification Template next to the template you wish to customise. If you have not already customised this template, click Click here to customise. Then edit the template in the top box and click Save when done. You can review what your template will look like - the representation - in the bottom box when you click Save.
It is possible to customise the following parts of the recipient templates:
| From | Who the notification is from. This would normally be an administrator email address for your domain - e.g. postmaster@customer.com. You should enter an email address in either the format postmaster@customer.com or "Postmaster" <postmaster@customer.com>. |
|---|---|
| Subject | The email subject of the notification. Within the subject you can use macros. |
| Body | The email body of the notification. Within the subject you can use macros. |
You cannot customise the To of the notification - the notification is always sent to the original recipients of the quarantined or discarded email.
The following macros can be used in the template subject or template body. When the recipient receives the notification, the macro will be replaced with text specific to the discarded or quarantined email. Each macro begins with a % and is followed by a single letter which is case-sensitive.
| %s | Email Sender |
| From the email envelope (i.e. SMTP MAIL FROM), enclosed in angle-brackets. Example: <sender@aol.com> | |
| %R | Email Recipients |
| From the email envelope (i.e. SMTP RCPT TO), comma-separated. Example: john@customer.com, mike@customer.com | |
| %j | Email Subject |
| From the email header. Example: Free stock quotes! | |
| %c | Spam Score |
| A number, with 3 decimal places, indicating the probability of spam. If no spam score is available, e.g. when the notification is for a virus, a dash, -, is displayed. Example: 4.08 | |
| %V | Virus Name(s) |
| The names of the viruses detected within the email. Or an empty string if no viruses are detected. Example: Eikar Win/32 | |
| %q | Quarantine ID |
| The quarantine identifier, which can be used to reference the email for release from quarantine. If the email is not quarantined then this macro will be empty. Example: mxk14102jj3 | |
| %f | Notification Sender |
| The sender of the notification email, always the same as the from part of the notification template. Example: "Postmaster" <postmaster@customer.com> | |
| %t | Notification Recipient |
| The recipient of the notification email. Example: john@customer.com | |
| %d | Email Date |
| In RFC2822 format. Example: Thu, 17 Apr 2008 10:23:43 +0100 (BST) | |
| %m | Email Message ID |
| Example: <30142219.40.1239992623674.JavaMail.www@ln3-srv-04.sensical.net> | |
| %T | Email To |
| From the email header. Example: "John" <john@customer.com>; "Mike" <mike@customer.com> | |
| %C | Email Cc |
| From the email header. Example: "Peter" <peter@customer.com> | |
| %U | Email UTC Date |
| In yyyymmddThhmmssZ format. Example: 20080417T092343Z | |
| %u | Email Epoch Date |
| In seconds from the Epoch, 1st January 1970. Example: 1240008793 | |
| %z | Email Size (Bytes) |
| Example: 307 | |
| %b | Email MD5 Checksum |
| Example: c9a84b386683698e03ecf580d6d7a37b | |
| %i | Mail Scanner Message ID |
| Example: sJtYup0yUd9j | |
| %h | Mail Scanner Host Name |
| Example: emailscanner2.sensical.net | |
| %p | Mail Scanner Policy |
| %n | Mail Scanner Task ID |
| Example: 02144-08 | |
| %Z | Email Headers Summary |
| Example:
From: sender@aol.com Return Path: <fred@aol.co.uk> Sent: Thu, 17 Apr 2008 10:23:43 +0100 (BST) To: undisclosed-recipients:; Subject: Latest stock information Message ID: <30142219.40.1239992623674.JavaMail.www@ln3-srv-04.sensical.net> Internal Reference Code: 02144-08/sJtYup0yUd9j Mail Scanner Host: emailscanner2.sensical.net Spam Score: 1.098 First upstream SMTP client: [64.12.50.151] email.aol.com Originating SMTP client: [84.45.112.3] blackberry.com bda131.bb.com [84.45.112.20] | |
| %% | |
| Enter %% to use a % sign preceded by a non-space character. | |
If you have customised your recipient notification templates and you want to revert to the default recipient notification template, then follow these steps: First go to Inbound Settings, then click Edit Notification Template next to the template you wish to revert to the default, then click the Revert To Default button and accept the warning.
Outbound Email From Customer's Mail Server
Click on Outbound Settings on the Mail Scanner Menu Bar and you can configure all the settings for outbound email as follows:
| Outbound Email Settings |
|---|
| Enable Outbound Email Processing When set to Yes then Sensical.net Mail Scanner will scan and deliver email received from the Customer Outbound Mail Server(s). When set to No then outbound email will not be accepted for processing by the Sensical.net Mail Scanner and instead will be rejected. |
| Outbound Mail Relays The customer should direct all outbound email to these hostnames for onward delivery. See Quick Start Guide for further information. |
| Customer Outbound Mail Server(s) This list contains the IP addresses of the customer's mail servers which may send email via Sensical.net Mail Scanner. Enter each IP address on a new line. IP address ranges can be entered with a dash - e.g. 185.20.30.0-185.20.30.127. See Quick Start Guide for further information. |
| Archive Outbound Email If available, when set to Yes, all outbound email will be archived. Archived email is permanently stored in the Message Store for later inspection. |
Sensical.net Mail Scanner scans each outgoing email sent by the customer before it is sent to the email recipient(s).
Sensical.net Mail Scanner is capable of detecting over 530.000 viruses, worms and trojans, including Microsoft™ Office™ macro viruses, mobile malware, and other threats. It has full deep-scanning capabilities and scans within archives and compressed files (also protects against archive bombs), built-in support includes: Zip (including SFX), RAR (including SFX), ARJ (including SFX), Tar, Gzip, Bzip2, MS OLE2, MS Cabinet Files (including SFX), MS CHM (Compiled HTML), MS SZDD compression format, BinHex, SIS (SymbianOS packages) and AutoIt.
Outbound Virus Detection is always active, and cannot be disabled. If the Sensical.net Mail Scanner detects a virus or other bad content in an outbound email, then it will not deliver the email the recipient(s). Instead it will send a warning email to the sender, indicating that their email could not be delivered and why.
The maximum size of an outbound email is 20,480,000 bytes (19.53 megabytes). If the customer sends an email greater than this size then it will be returned to the sender undelivered.
See Also: Dashboard Graphs which show a quick summary of the last week and day's mail volumes and contents.
See Also: Message Storage to view individual emails.
Mail Scanner allows the Customer Administrator(s) with the appropriate permissions to execute one-off and scheduled reports showing data and graphs for key performance metrics over a given period of time for a single domain.
Mail Scanner reporting is managed via the Reports section of the Sensical.net Mail Scanner Control Panel: Follow the instructions to log into the Sensical.net Control Panel and navigate to the Mail Scanner management section for the chosen domain, then click Reports on the Mail Scanner Menu Bar. You will be presented with the Reports section which allows you to execute one-off reports and manage your scheduled reports for the chosen domain.
Reporting can be accessed by any person(s) with appropriate access via the Sensical.net Control Panel. By default, the customer is granted a single login ID which has full control over the Sensical.net Mail Scanner and full access to Reporting. However, access to Reporting can be restricted, or alternatively specific sub-accounts that only have access to Reporting can be created. Please contact Sensical.net Support for assistance in setting up such access restrictions.
All reports are shown in a new web browser window or tab, which ensures that the Report Management screen is always shown. Many modern browsers use a "Popup Blocker" which means that the first a Mail Scanner Report is requested to be viewed it will not appear and instead a yellow warning banner will appear at the top of the web browser. If this occurs the following 2-step procedure outlined below should be followed. It should only be necessary to follow this procedure once, after which all reports will show correctly.
1. When the yellow bar appears you need to tell your browser to allow popups from www.sensical.net. In Microsoft™ Internet Explorer™ click on the yellow bar then click Always Allow Pop-ups from This Site... as shown below. You will then need to click Yes to the confirmatory dialogue.
Or in Mozilla™ Firefox™ click Options and click Allow popups from www.sensical.net as shown below:
2. Then the report you executed should appear at the top of the Report Session History list. Click Show next to the report and it will appear in a new browser window or tab.
See Also: Accessing Reporting for how to access the Reports section of the Sensical.net Mail Scanner Control Panel.
See Also: Scheduled Reporting for an alternative to one-off reporting.
A one-off report can be executed at any time from the Sensical.net Control Panel and the report output will be available to view almost instantaneously. One-off reports can be executed for common time periods, for any time period, for any data interval and can include filters. A one-off report will be visible in the session history for the period that you are logged into the Sensical.net Control Panel, but is not available once you log out.
The quickest way to execute a one-off report is to click on the Quick Period links, as shown below, and then click the Execute button. This will generate a report for all metrics for the fixed time period selected.
The following quick periods are available:
| Quick Report Period | Interval | Samples |
|---|---|---|
| 60 minutes | 5 minutes | 12 |
| 12 hours | 1 hour | 12 |
| 7 days | 1 day | 7 |
| 3 months | 1 week | ~13 |
If you want to chose a different time period to those available in the quick reports then you can do so easily by selecting your own start date and stop date, then clicking on the Execute button as shown below.
In order to select the From and To dates, you can type a date/time directly in the appropriate box in the format DD/MM/YY HH:MM (e.g. 22 August 2009 9:06am would be entered as 22/08/09 09:06).
If you leave the To box blank then it will default to the current date/time.
In order to more easily select the date/time, you can also click on the calendar icon to the right of the box which will display a calendar for you to choose a date and time more easily as shown below.
The Reports section will show a list of one-off reports that have been executed during this session (since the last login) as shown below. The most recent report executed is always at the top.
The following commands are available:
See Also: Accessing Reporting for how to access the Reports section of the Sensical.net Mail Scanner Control Panel.
See Also: One-Off Reporting for an alternative to scheduled reporting.
A scheduled report can be created so that reports are automatically executed according to a given criteria and schedule (i.e. daily, weekly, monthly or annually). After a scheduled report is executed, a link to the report is emailed to the specified recipients. The report is then permanently available to view via the Sensical.net Control Panel or via the link in the email. A scheduled report can be created from scratch, or it can be based on a one-off report.
A list of your domain's scheduled reports is available at the bottom of the Reports section of the Sensical.net Mail Scanner Control Panel. Initially this list will be empty as there are no existing scheduled reports.
For each existing scheduled report the following commands are available:
A scheduled report can be created by clicking the Create new scheduled report button at the bottom of the Reports section of the Sensical.net Mail Scanner Control Panel. Clicking this button will take you to a web page where you need to enter the criteria for the new scheduled report and then click on the Create button. Your new scheduled report will now be listed in the scheduled report list.
It is also possible to create a new scheduled report using the same criteria as those used in a recent one-off report. From the one-off report session history list click the Schedule icon 
next to the one-off report that you would like to use as the foundation for a new scheduled report. Clicking this button will take you to a web page where you need to check the criteria for the new scheduled report and then click on the Create button. Your new scheduled report will now be listed in the scheduled report list. Please note that the Scheduled icon is only available when the one-off report has been successfully finished being executed - if the icon does not appear please click on the Reports section of the Mail Scanner Menu Bar to refresh the list.
The scheduled report criteria need to be entered before a new scheduled report can be created or when an existing scheduled report is edited - via the scheduled report list.
The following scheduled report criteria are used:
To delete an existing scheduled report, click Edit next to the existing scheduled report in the scheduled report list. Then click the Delete button at the bottom of the scheduled report criteria page.
Warning: Deleting a scheduled report will delete all the reports that were previously generated by that scheduled report, including invalidating the links in all email notifications that were previously sent by this scheduled report. Consider just setting Active to No in the scheduled report criteria if you want to stop the scheduled report from generating any further reports but still require access to its previously-generated reports.
A scheduled report produces a series of individual reports on a regular basis, according to its schedule. You can view all the individual reports in the series at any time via the Sensical.net Mail Scanner Control Panel. From the scheduled report list click the name of the scheduled report and you will be taken to a list of the series of reports produced by this scheduled report.
The list shows, in descending chronological order, all the reports in the series with the following columns:
The following commands are also available at the bottom of this page:
Each individual report produced by a scheduled report has its own unique Internet link which, when known, can be followed by any party to view the report. The link contains a special authorisation code which permits the holder of the link to view the individual report at any time, without any additional authorisation. The individual report's link can be communicated to any party that you trust so that they can view the report without your further authorisation.
The individual report's link is emailed to the scheduled report recipients (as specified in the scheduled report criteria) when the report is generated. The individual report's link can also be retrieved at any time from the Sensical.net Mail Scanner Control Panel by selecting the scheduled report from the scheduled report list and then clicking Link next to the individual report in the series. The link will then be displayed. This link can then be copied and communicated to other parties as explained in the scheduled report series section.
Once a link has been communicated to a party, they can view the report in their web browser just by clicking the link. The party can pass the link onto a 3rd party who can also view the report, and so on. Therefore the link should only be communicated to parties that are trusted not to communicate the link publically or to an untrusted party.
Links can be reset by following instructions in the scheduled report series page. When a link is reset a new one is generated and the old one will no longer function. Anybody who follows the old link will not be able to see the report. Therefore resetting a link prevents parties from viewing the report. However any party who previously viewed the report before its link was reset could have saved the report on their computer, printed the report or otherwise made a copy of the report. Therefore resetting a report's link does not guarantee that a party that knows the old link cannot see the report.
By default, the report will show all inbound and outbound data for your domain. However, in some circumstances it might be useful to provide a more granular report for a smaller body of emails over the same time period and interval. The reporting engine allows both one-off and scheduled reports to be filtered to include only the data that matches the given filters.
For a one-off report click the Show Filters link, as shown above, in order to show the filter input boxes, as shown below. For a scheduled report, these filter input boxes are visible on the criteria page, which is shown when creating a new scheduled report, or when editing an existing scheduled report.
Complete the filters as required - see below for what each filter does. As you start typing in the filter boxes, possible filter values will automatically be displayed for you to choose from - as shown in the picture below. When you see the filter you want, click on it with the mouse. If you don't see the filter you want then continue typing to narrow down the selection. If no possible filter values are displayed, then the filter you have typed so far is not valid, and you should make a correction. Next to each possible filter value is a number indicating how many records exist for that filter.
The following filters are available: Please note that all filters are case-insensitive.
For instance, if you choose mycompany.com as the value for this filter, then only inbound email sent to users with an @mycompany.com email address and outbound email sent from users with an @mycompany.com email address will be included in the report.
Similarly, if you choose bob@mycompany.com as the value for this filter, then only inbound email sent to bob@mycompany.com and outbound email sent from bob@mycompany.com will be included in the report.
For instance, if you choose external.com as the value for this filter, then only inbound email sent from users with an @external.com email address and outbound email sent to users with an @external.com email address will be included in the report.
Similarly, if you choose eric@external.com as the value for this filter, then only inbound email sent from eric@external.com and outbound email sent to eric@external.com will be included in the report.
The default and recommended value for the report interval is Auto. When set to Auto the most appropriate report interval will be automatically selected based on the period of the report.
The report interval can be selected for both one-off and scheduled reports. The report interval determines the granularity of the records within the report. When combined with the report period, the report interval also determines the number of records in the report. The report interval must be set to one of the following: Auto, 1 year, 1 month, 1 week, 1 day, 1 hour and 5 minutes.
Example: If the report interval is set to 1 day and the report period is one week, then there will be seven records in the report and each record will represent data for one day.
Report Summary
At the top right of the report is a report summary showing the following:
Report Shortcuts
Below the report summary is a row of shortcuts which allow you to jump to see directly to the metric of choice.
Report Body
Below the report summary and the shortcut row is the actual report. The report contains a number of metrics, as described in the following section, in a vertical layout. Each metric has a title, a short textual summary, followed by the table of data on the left and the associated bar chart on the right.
The reports are designed to be printed while being viewed. It is possible to use the Print and Print Preview functions of the browser via the standard browser menu bar. It is also possible to click the Print Report link just below the Sensical.net logo to be taken directly to the print dialogue.
The Mail Scanner report includes the following metrics. For the given period and interval, the performance metrics are shown in tabular and bar chart format.
Total Message Recipients The total number of email recipients processed (both inbound and outbound). An email has one or more recipients. This metric shows the total number of recipients, which will always be higher than the total number of emails.
Total Message Volumes The total number of emails processed (both inbound and outbound). If an email has multiple recipients it is counted as one email only.
Total Message Size The total size (in bytes) of emails processed (both inbound and outbound). If an email has multiple recipients it is counted as one email only. This metric is not available when some Filters are used.
Spam versus Clean Volumes The total number of inbound spam versus clean emails.
Spam Action Volumes The total number of inbound spam emails broken down by action.
Whitelist & Blacklist Volumes The total number of whitelisted and blacklisted recipients of inbound emails.
Total Virus Volumes The total number of emails that are determined to be viruses (both inbound and outbound).
Top 10 Recipients The top 10 recipients of inbound email over the report period. This metric is not available when Filters are used.
Top 10 Senders The top 10 senders of outbound email over the report period. This metric is not available when Filters are used.
Top 10 Destinations The top 10 destinations of outbound email over the report period. This metric is not available when Filters are used.
See Also: Dashboard Graphs which show a quick summary of the last week and day's mail volumes and contents.
See Also: Reporting for one-off and scheduled reports showing data and graphs for all the key performance metrics over a given period of time.
The Message Store allows the Customer Administrator(s) with the appropriate privileges to perform a number of functions:
The Message Index shows a list of emails resulting from any search query.
By default, when connecting to the Message Store, the Message Index will show the most recent 15 inbound emails.
If the email has been quarantined or archived by the Mail Scanner then you can click on the email recipient to view more details about the email - see Message View.
The Message Index can only show 15 emails at a time. When the search query results in more than 15 emails, the user can click the page navigation links at the top right and bottom right of the Message Index to navigate between pages.
The emails within the Message Index are always sorted by the time that the email was processed by the Mail Scanner, with the most recent emails at the top.
The Message Index has 9 columns which show the following data for each email:
| Message Index Columns |
|---|
| (1st column) The 1st column is reserved for a check-box which can be used to release the email from quarantine - see Quarantine Release below. |
| Recipient The email address(es) of the recipient(s) of the email. This is the envelope recipient data and can be relied upon. If the email has been quarantined or archived by the Mail Scanner, then you can click on the recipient to view more email details - see Message View. |
| Sender The "From" field from the header of the email. This is the envelope sender data and is controlled by the sender of the email, and therefore cannot be relied upon for inbound email. The envelope sender can be different to the "From" header. |
| Subject The subject of the email. |
| Date The date that the email was processed by the Mail Scanner. This is not necessarily the same as the "Date" header from the email. |
| Score The spam score of the email as determined by the Mail Scanner. |
| Content There are 3 possible options which indicate the result of the Mail Scanner's analysis of the email. Please note, this does not indicate what action was taken by the Mail Scanner for this email.
|
| Delivered This indicates what action the Mail Scanner took for this email. There can be multiple actions taken as follows:
|
| Mail ID The unique mail identity for this email (case sensitive). The mail ID is indicated in the inbound recipient notifications. |
The Search Form is shown at the top of the Message Store Home Page. It allows the user to search for certain emails by entering search parameters. The results of the query will be shown in the Message Index.
To execute a search query, first select the type of search, by clicking on one of the three search tabs from the following:
| Search Parameters & Buttons |
|---|
| Period In the Period drop-down you can select from one of the following options:
|
| Period From If you want to restrict the results to emails sent during a specific period, then enter the start date and time of the specific period here. You should enter the date in DD/MM/YY HH:MM format, or alternatively click the calendar icon on the right of the box and use the drop-down calendar to select the start date and time. Ensure that the Period drop-down is set to Custom if you want to use a specific period restriction - it will be automatically set to Custom when you enter a value in the From or To text-boxes either manually or via the calendar. |
| Period To If you want to restrict the results to emails sent during a specific period, then enter the end date and time of the specific period here. You should enter the date in DD/MM/YY HH:MM format, or alternatively click the calendar icon on the right of the box and use the drop-down calendar to select the end date and time. Ensure that the Period drop-down is set to Custom if you want to use a specific period restriction - it will be automatically set to Custom when you enter a value in the From or To text-boxes either manually or via the calendar. |
| Sender In the Sender text-box you can optionally enter a domain name (e.g. aol.com) or email address (e.g. john@aol.com) to restrict the search results to emails sent from the given domain or email address. If you do not choose a sender, then the result will show emails from all senders. As you type, a drop-down will list the available sender domains or email addresses for you to select from. Next to each entry in the drop-down list is the estimated number of emails sent by that sender domain or email address. Please note that entries are not case sensitive and that this text-box restricts against the envelope sender, not the "From" header, which could be different. |
| Recipient In the Recipient text-box you can optionally enter a domain name (e.g. aol.com) or email address (e.g. john@aol.com) to restrict the search results to emails sent to the given domain or email address. If you do not choose a recipient, then the result will show emails to all recipients. As you type, a drop-down will list the available recipient domains or email addresses for you to select from. Next to each entry in the drop-down list is the estimated number of emails sent to that recipient domain or email address. Please note that entries are not case sensitive and that this text-box restricts against the envelope recipient, not the "To" header, which could be different. |
Content Type
|
Body
|
| Search Inbound / Outbound Messages Button Once the search parameters have been entered, click this button to execute the search query, and the results will be shown in the Message Index after a short while. |
| Reset Button Click this button to reset the search parameters on the current tab to their default. |
One of the roles of the Message Store is to release inbound emails from Quarantine or Archive. When an email is released, it is typically sent (or re-sent) to one of the original recipients of the email.
The typical reason to use the release function is when an end user receives a genuine email that is incorrectly marked as spam or as containing a virus or other bad content by the Mail Scanner. Such an end user may contact their internal IT function because they were expecting an email that has not arrived, or perhaps they have received a Notification from the Mail Scanner that their email was quarantined. A user representing the internal IT function can then connect to the Message Store, search for the email in question and request that it be released, whereupon it will be sent to the end user as if it had not been classified as spam or containing a virus or other bad content.
Please note that only email that has been quarantined or archived can be released. Emails can be released multiple times.
To release emails from quarantine:
The Message Store product stores data as follows. Data in excess of this period may be available, however it is subject to be deleted by Sensical.net at any time without warning.
Standard Data Retention:
Archive Data Retention: (For customers who purchase the Mail Scanner with the Archive option.)
Sensical.net Mail Scanner Documentation version 3.1.1
© 2012 Sensical.net. E. & O. E.