Sensical

Mail Scanner Documentation

1.Quick Start Guide
1.1.Log-in
1.2.Inbound Email
1.3.Outbound Email
2.Dashboard
2.1.Dashboard Graphs
3.Inbound Email Scanner
3.1.Introduction & Overview of Settings
3.2.Spam Detection
3.2.1.Spam Detection Headers
3.3.Virus Detection
3.4.White & Black List Services
3.5.Quarantine Services
3.6.Recipient Notifications
3.6.1.Introduction & Activation/Deactivation of Notifications
3.6.2.Default Templates
3.6.2.1.Quarantined Virus
3.6.2.2.Discarded Virus
3.6.2.3.Quarantined Spam
3.6.3.Customising Templates
3.6.3.1.Macros
3.6.4.Reverting to Default Templates
4.Outbound Email Scanner
4.1.Introduction & Overview of Settings
4.2.Virus Detection
4.3.Maximum Message Size
5.Reporting
5.1.Getting Started
5.1.1.Introduction
5.1.2.Accessing Reporting
5.1.3.Allowing Popups
5.2.One-Off Reporting
5.2.1.Quick One-Off Reports
5.2.2.Custom Period One-Off Reports
5.2.3.One-Off Report Session History
5.3.Scheduled Reporting
5.3.1.Scheduled Report List
5.3.2.Create a Scheduled Report
5.3.3.Scheduled Report Criteria
5.3.4.Delete a Scheduled Report
5.3.5.Scheduled Report Series
5.3.6.Scheduled Report Links
5.4.Other Settings
5.4.1.Report Filters
5.4.2.Report Interval
5.5.Report Output
5.5.1.Layout
5.5.2.Printing
5.5.3.Metrics
6.Message Storage & Quarantine Release
6.1.Introduction to the Message Store
6.2.Accessing the Message Store
6.3.Using the Message Store
6.3.1.The Home Page
6.3.2.The Message Index
6.3.3.The Search Form
6.3.4.The Message View
6.3.5.Quarantine Release
6.4.Message Store Data Retention
7.Miscellaneous
7.1.SPF (Sender Policy Framework)
7.2.DKIM (DomainKeys Identified Mail)
7.3.DMARC (Domain-based Message Authentication, Reporting and Conformance)

To get up and running with Sensical Mail Scanner is very simple; all you need to do is set the inbound and outbound email routes as follows:

1.1. Log-in to Sensical Control Panel contents

First, you need to log in to the Sensical Control Panel to manage your domain. Follow these instructions:

  1. Log in with your given username and password to the Sensical Control Panel at www.sensical.net/login.
  2. If you are taken to the Control Panel Start Page then click the Mail Scanner icon to go the Mail Scanner Manager page.
  3. From the Mail Scanner Manager page locate the relevant domain and click the Manage button next to that domain.
  4. Then you can navigate to the relevant section for your domain via the Mail Scanner Menu on the left hand side:
    Sensical Mail Scanner Menu
    Fig: Mail Scanner Menu
  5. To return to the list of your domains, click the Mail Scanner Domains link at the top right.
  6. To log out of the Sensical Control Panel, click the Logout link at the top right.

1.2. Setup Inbound Email contents

Follow these high level instructions to setup Inbound Email which is for email from the Internet addressed to your domain which will be delivered to the Sensical email servers then onto your email server(s).

  1. Click Inbound Settings from the Mail Scanner Menu.
  2. Configure your email server and/or firewall(s) to accept SMTP email from the address ranges listed next to Inbound Mail Server Connection Ranges.
  3. Setup DNS MX records for your domain name as per Inbound DNS Mail Exchanges.
  4. Enter the hostname or IP address and port number of your Customer Inbound Mail Server and click Save.
  5. Wait for any DNS changes to be effective. Check inbound email is routing correctly.
  6. Recommended: If email is routing correctly then for security reasons we advise you configure your email server and/or firewall(s) to only accept SMTP email from the address ranges listed next to Inbound Mail Server Connection Ranges.

1.3. Setup Outbound Email contents

Follow these high level instructions to setup Outbound Email which is for email from your email server(s) to the Internet.

  1. Click Outbound Settings from the Mail Scanner Menu.
  2. Enter the IP address ranges of your Customer Outbound Mail Server(s) and click Save. Enter each IP address on a new line. IP address ranges can be entered with a dash - e.g. 185.20.30.0-185.20.30.127.
  3. The majority of customers do not already use Sender Policy Framework (SPF) and can safely ignore this step:

    If you already use SPF on your domain's DNS then you should ensure the "all" mechanism is set to PASS (i.e. "+all") or SOFTFAIL (i.e. "~all") to ensure Mail Scanner outbound email is not affected. Alternatively you can implement the full Mail Scanner SPF records as documented below.

  4. Set the smart host on your email server(s) to mso.sensical.net. This will route external email from your users to Sensical. In Microsoft™ Exchange™ 2013, 2010 and 2007 you should use a Send Connector. In Microsoft™ Exchange™ 2003 this is called a SMTP Connector. See step by step instructions.
  5. Check outbound email is routing correctly.
  6. Recommended: If email is routing correctly then to improve email delivery we advise you implement Sender Policy Framework as documented below.

When you log in to the Sensical Control Panel and select the Mail Scanner icon for your domain you will presented with your domain's Mail Scanner Dashboard. The Dashboard displays an overview of the Mail Scanner settings and a number of graphs allowing you to see performance.

To return to the Dashboard just click Dashboard from the Mail Scanner Menu.

2.1. Dashboard Graphs contents

  • See Also: Reporting for one-off and scheduled reports showing data and graphs for all the key performance metrics over a given period of time.
  • See Also: Message Storage to view individual emails.

The Mail Scanner Dashboard shows four fixed graphs summarising the last week and last day's email volumes and contents as follows:

Last 7 Days' Mail Volumes

  • A line chart showing the inbound ("In"), outbound ("Out") and total ("Total") number of messages per day over the last 7 days (excluding the current day).

Last 7 Days' Mail Contents

  • A pie chart showing the breakdown of inbound email contents over the last 7 days (excluding the current day).
  • By hovering the mouse over each of the legend entries, the actual and percentage values will be shown.
  • The following categories of email are shown:
    • Clean - Number and percentage of inbound emails which are white-listed or are determined not to be spam and are delivered to the end user. Such email will be from a white-listed sender or will have a spam score below Spam Threshold.
    • Spam (Delivered) - Number and percentage of inbound emails which are determined to be spam but are still delivered to the end user (with email header and subject changes as appropriate). Such email will have a spam score equal to or above Spam Threshold and below Spam Discard/Quarantine Threshold. This category will always be zero if Enable Spam Detection is set to No.
    • Spam (Quarantined) - Number and percentage of inbound emails which are determined to be spam and are quarantined and are not delivered to the end user. Such email will have a spam score equal to or above Spam Discard/Quarantine Threshold and below Spam Quarantine Upper Threshold. This category will always be zero if either Enable Spam Detection or Quarantine Spam is set to No.
    • Spam (Discarded) - Number and percentage of inbound emails which are black-listed or are determined to be spam and are discarded and are not delivered to the end user. If Enable Spam Detection and Quarantine Spam are both set to Yes then email will be counted in this category if its spam score is above Spam Quarantine Upper Threshold. If Enable Spam Detection is set to Yes and Quarantine Spam is set to No then email will be counted in this category if its spam score is equal to or above Spam Discard/Quarantine Threshold. All email from a sender whose email address matches any of the Black Lists is also included in this category.
    • Viruses - Number and percentage of inbound emails which are determined to be viruses. Enable Virus Detection must be set to Yes for emails to be counted in this category.

Last 24 Hours' Mail Volumes

  • A line chart showing the inbound ("In"), outbound ("Out") and total ("Total") number of messages per day over the last 24 hours.
  • Data is accurate up to the current minute.

Last 24 Hours' Mail Contents

  • A pie chart showing the breakdown of inbound email contents over the last 24 hours.
  • Data is accurate up to the current minute.
  • By hovering the mouse over each of the legend entries, the actual and percentage values will be shown.
  • Please see above for the definition of the categories shown in this pie chart.
3.1.Introduction & Overview of Settings
3.2.Spam Detection
3.2.1.Spam Detection Headers
3.3.Virus Detection
3.4.White & Black List Services
3.5.Quarantine Services
3.6.Recipient Notifications
3.6.1.Introduction & Activation/Deactivation of Notifications
3.6.2.Default Templates
3.6.2.1.Quarantined Virus
3.6.2.2.Discarded Virus
3.6.2.3.Quarantined Spam
3.6.3.Customising Templates
3.6.3.1.Macros
3.6.4.Reverting to Default Templates

3.1. Inbound Introduction & Overview of Settings top of section contents

Inbound Email Arrives at Customer's Mail Server

Inbound Email

Click on Inbound Settings on the Mail Scanner Menu and you can configure all the settings for inbound email as follows:

Inbound Email Settings
Enable Inbound Email Processing
When set to Yes then inbound email will be accepted, processed and delivered to the Inbound Mail Server. When set to No then inbound email will not be accepted for processing by the Sensical Mail Scanner and instead will be rejected. All of the following inbound email settings depend on this being set to Yes.
Inbound DNS Mail Exchanges
The customer should set the DNS MX records for the domain to be used with the Mail Scanner to the values indicated here. See Quick Start Guide for further information.
Inbound Mail Server Connection Range
After processing, inbound email will be delivered to the Customer Inbound Mail Server from these IP address ranges. Please ensure your firewall(s) and mail server(s) are open to SMTP (TCP port 25) connections from these IP address ranges. See Quick Start Guide for further information.
Customer Inbound Mail Server
Email will be delivered via SMTP to this inbound email server name and port once it has been processed by the Sensical Mail Scanner. Default port is 25. See Quick Start Guide for further information.
Maximum Message Size
Email with a size in bytes above this limit will be discarded. Default is 0 (which means no limit). The system email size limit, as controlled by Sensical, will still apply, independent of the value of this setting. The system email size limit is currently 20,480,000 bytes (19.53 megabytes).
Journal Inbound Email
If available, when set to Yes, a copy of all inbound email will be journaled. Journaled email is permanently stored in the Message Store for later inspection or retrieval. Setting this option to Yes overrides some other options below as follows: Quarantine Viruses and Quarantine Spam will both always be Yes.
Inbound Email Virus Settings
Enable Virus Detection
When set to Yes then email will be scanned for viruses. Any email containing a virus will not be sent to the end user. If set to No then no virus detection will take place and any virus-containing emails will be sent to the end user. When set to No the settings below in this section are not taken into account. Default is Yes.
Quarantine Viruses
When set to Yes then any email containing a virus will be quarantined. When set to No any such email will be discarded. If Journal Inbound Email is set to Yes, then Quarantine Viruses will always be set to Yes.
Warn Virus Quarantine Recipient
If Yes, when the user receives a virus that is quarantined (because Quarantine Viruses or Journal Inbound Email is Yes), then the user will receive an email notification warning them that they have received a virus. Default is No.
Warn Virus Discard Recipient
If Yes, when the user receives a virus that is discarded (because Quarantine Viruses and Journal Inbound Email are No), then the user will receive an email notification warning them that they have received a virus. Default is No.
Inbound Email Spam Settings
Enable Spam Detection
When set to Yes then email will be scanned for spam. If set to No then no spam scanning will take place and any spam will be sent to the end user. When set to No the settings below in this section are not taken into account. Default is Yes.
Spam Header Threshold
Email with a spam score equal to or higher than this value will have headers inserted indicating the result of the spam detection (X-Spam-Score, X-Spam-Status etc). This value must not be greater than Spam Threshold. Default is 0.0.
Spam Threshold
Email with a spam score equal to or higher than this value will be marked as spam: The email header X-Spam-Flag: YES will be set. The email subject will be prefixed with Spam Subject Prefix if Modify Spam Subject is Yes. This value must not exceed Spam Discard/Quarantine Threshold. Default is 4.0.
Spam Discard/Quarantine Threshold
Email with a spam score equal to or higher than this value will not be sent to the end user and will instead be discarded. Such email will be quarantined, rather than discarded, if Journal Inbound Email is Yes, or if Quarantine Spam is Yes and the email score is below Spam Quarantine Upper Threshold. Default is 4.0.
Quarantine Spam
If Yes then email with a spam score equal to or higher than Spam Discard/Quarantine Threshold and lower then Spam Quarantine Upper Threshold will be not be sent to the end user and will be quarantined. If Journal Inbound Email is set to Yes, then Quarantine Spam will always be set to Yes.
Spam Quarantine Upper Threshold
When Quarantine Spam is Yes email with a spam score above this threshold will not be quarantined and no spam warning notification will be sent to the recipient. (When Quarantine Spam is No this value has no effect. When Journal Inbound Email is Yes email will still be quarantined even if its score exceeds this threshold however a spam warning notification will not be sent to the recipient.) It is normally set to a high value where you can be sure that the email is not spam and to avoid unecessary email warning notifications. The value must be greater or equal to Spam Discard/Quarantine Threshold. Default is 10.0.
Warn Spam Quarantine Recipient
If Yes, when an email addressed to a user is quarantined and not delivered to the user - because Quarantine Spam or Journal Inbound Email is Yes and the spam score is between Spam Discard/Quarantine Threshold and Spam Quarantine Upper Threshold - then the user will receive an email notification warning them that they have received a spam email that has been quarantined. Default is Yes.
Modify Spam Subject
If set to Yes then email with a spam score equal to or higher than Spam Threshold and lower than Spam Discard/Quarantine Threshold will be delivered to the user with the subject prefixed with the value of Spam Subject Prefix.
Spam Subject Prefix
When Modify Spam Subject is set to Yes and email has a spam score equal to or higher than Spam Threshold and lower than Spam Discard/Quarantine Threshold then the email will be delivered to the user with the subject prefixed with this text.
Defang Spam
When set to Yes and the user receives an email with a spam score between Spam Threshold and Spam Discard/Quarantine Threshold then the email will be defanged when delivered to the user. Defanged email is sent as an attachment to a simple plain email warning the user that the attachment may be spam. This is a safety feature which prevents the user opening spam unnecessarily. Default is No.

3.2. Inbound Spam Detection top of section contents

Sensical Mail Scanner uses an advanced scanning engine which runs 1000s of heuristic tests against each incoming email to identify "spam", also known as unsolicited commercial email.

Each email is given a Spam Score to indicate the probability that it is spam. The higher the score, the more likely the email is to be spam. Traditionally, a score of 5.0 or more indicates that the email is spam.

The scanner typically differentiates successfully between spam and non-spam in between 95% and 100% of cases, depending on what kind of email you get. Specifically, Sensical Mail Scanner has been shown to produce around 1.5% false negatives (spam that was missed) and around 0.06% false positives (non-spam incorrectly marked as spam).

Based on the Spam Score, the Sensical Mail Scanner will process the email differently. The processing can be customised by altering the thresholds and other options as now described:

Sensical Mail Scanner Spam Thresholds

Email Destiny is the most important attribute which will determine whether the email is Delivered, Quarantined or Discarded as explained below:

For a full list of settings related to Spam Detection, please see Inbound Email Spam Settings.

Email Destiny
Deliver
Quarantine
Discard

3.2.1. Inbound Spam Detection Headers top of section contents

In the following situation, an inbound email will have certain spam headers added prior to delivery to the customer's email server(s) for onward retrieval/delivery to the user:

In the above situation, the following headers will be added to the inbound email:

X‑Spam‑Flag Set to YES if the Spam Score is equal to or above Spam Threshold; otherwise set to NO.
X‑Spam‑Score Set to the Spam Score, to 3 decimal places.
X‑Spam‑Level Contains a string containing a s character for each integer value (rounded down) of the Spam Score. For example, if the Spam Score is 2.804, then the value of X-Spam-Level will be ss.
X‑Spam‑Status Contains a multi-line description of the output of the Spam Scanner, indicating, amongst other things, the spam tests that were positive for this email.

Example Spam Detection Headers:

X-Spam-Flag: NO
X-Spam-Score: 0.646
X-Spam-Level: 
X-Spam-Status: No, score=0.646 tagged_above=0 required=5
	tests=[DRUGS_ERECTILE=1.646, SPF_PASS=-1.000]

3.3. Inbound Virus Detection top of section contents

Sensical Mail Scanner scans each incoming email before it is delivered to the customer's email server(s) for onward retrieval by the email recipient(s).

Sensical Mail Scanner is capable of detecting over 530,000 viruses, worms and trojans, including Microsoft™ Office™ macro viruses, mobile malware, and other threats. It has full deep-scanning capabilities and scans within archives and compressed files (also protects against archive bombs), built-in support includes: ZIP, 7Z, RAR, ARJ, TAR, GZIP, BZIP, CAB and many others.

There are some rare situations (which are not documented here for security reasons) where Sensical Mail Scanner is unable to check the incoming email for viruses. In these situations the email is delivered and the subject is prefixed with *** UNCHECKED ***. Such emails should be opened with caution by the recipients.

For a full list of virus settings, please see Inbound Email Virus Settings.

3.4. Inbound White & Black List Services top of section contents

The white & black list service allows you to override the normal spam detection based on the email address of sender(s) of the inbound email. For instance, if an email from a certain sender is being marked as spam, then you can add the sender's email address to the white list to ensure the email is not marked as spam. Similarly, if an unwanted email from a certain sender is not being marked as spam, then you can add the sender's email address (or domain) to the black list to ensure the email is marked as spam in the future.

To view or edit the white or black list for your domain, click the White/Blacklists on the Mail Scanner Menu.

White List

  • When a sender's email matches an entry in the white list then it will be sent to the end user and not marked as spam, whatever its spam score.
  • To ensure email is not marked as spam, enter the sender's email address in the white list.
  • To white-list a specific sender enter their email address - e.g. friend@good-domain.com - in the white list.
  • To white-list an entire domain enter the email address without the prefix - e.g. @good-domain.com - in the white list.
  • If Enable Virus Detection is set, then any viruses will discarded as usual, even if the sender is in the white list.
  • A white-listed email will not have any spam headers set when delivered to the customer's email server(s): An email sender being on the white list is equivalent to the email having a spam score below Spam Header Threshold - please see Inbound Spam Detection for information about spam thresholds.

Black List

  • When a sender's email matches an entry in the black list then it will not be sent to the end user whatever its spam score.
  • If Journal Inbound Email is set, then email from black-listed senders will be journaled, otherwise such email will bypass any quarantine and be discarded.
  • Recipients of email from black-listed senders will not receive a warning email.
  • Summary information about discarded email can still be reviewed by the Customer Administrator(s) via the Message Store.
  • To black-list a specific sender enter their email address - e.g. enemy@bad-domain.com - in the black list.
  • To black-list an entire domain enter the email address without the prefix - e.g. @bad-domain.com - in the black list.

Priorities

A priority can be set for each entry in a white list or black list. Entries with a higher-numbered priority take precedence. Normally, setting the priority is not required. However in certain circumstances it can be useful when mixing wildcard and domain-wide entries from the same domain across both the white and black lists. For example, if you want to black-list any email from @aol.com except for emails from friend@aol.com, then you should add @aol.com to the black list and friend@aol.com to the white list and ensure that the priority of @aol.com is lower than the priority of friend@aol.com.

3.5. Inbound Quarantine Service top of section contents

Inbound email may be quarantined, instead of being delivered to the customer's email server(s) for onward retrieval/delivery to the email recipients. Inbound email is quarantined in the following two cases:

When an email is quarantined, the Sensical Mail Scanner can be configured to warn the recipients of the email by sending them a notification email. Please see Inbound Recipient Notifications for more information.

Once an email is quarantined, it will be assigned a unique Quarantine ID. This can be used in Inbound Recipient Notification to identify the email for potential release from quarantine.

All Quarantined email can be reviewed, and potentially released, by the Customer Administrator via the Message Store.

Please note the following with regard to multi-recipient email:

  • An email with multiple recipients is treated as one email; i.e. it will be quarantined once, with a single Quarantine ID, on behalf of all recipients.
  • An email with multiple recipients will be quarantined on behalf of all recipients even if only one recipient has a configuration which leads to quarantining. Therefore, even if a recipient has a configuration which would normally not lead to quarantining if they were the lone recipient, the email will still be quarantined if they are listed as one of multiple recipients who have a configuration that leads to quarantining.

3.6. Inbound Recipient Notifications top of section contents

3.6.1.Introduction & Activation/Deactivation of Notifications
3.6.2.Default Templates
3.6.2.1.Quarantined Virus
3.6.2.2.Discarded Virus
3.6.2.3.Quarantined Spam
3.6.3.Customising Templates
3.6.3.1.Macros
3.6.4.Reverting to Default Templates

3.6.1. Introduction & Activation/Deactivation of Notifications top of section contents

Inbound email (i.e. email arriving at the customer's email server from the Internet) is scanned by the Sensical Mail Scanner. In the following cases, where the email is not delivered to the recipient(s), it is possible to configure the Sensical Mail Scanner to send a warning notification email to the recipient(s).

Three Types of Recipient Notification
Quarantined Virus
  • Notification for an email containing a virus that is quarantined and not delivered to the recipient(s).
  • Activated/de-activated by setting: Warn Virus Quarantine Recipient.
Discarded Virus
  • Notification for an email containing a virus that is discarded and not delivered to the recipient(s).
  • Activated/de-activated by setting: Warn Virus Discard Recipient.
Quarantined Spam
  • Notification for a spam email that is quarantined and not delivered to the recipient(s).
  • Activated/de-activated by setting: Warn Spam Quarantine Recipient.

3.6.2. Default Templates top of section contents

3.6.2.1. Default Quarantined Virus Recipient Notification Template top of section contents

Here is an example of the default notification email that a recipient will receive if they are sent a virus that is quarantined.

From: "Mail Scanner" <null@sensical.net>
Subject: Virus (Eikar Virus A/32) from <sender@aol.com>: Latest stock information

You have received an email which is likely to contain a VIRUS from:
  <sender@aol.com>
with the following subject:
  Latest stock information

The following virus(es) have been detected:
  Eikar Virus A/32

The message has been quarantined with the unique ID:
  mxk14102jj3

If you believe the email was legitimate then you should forward this email to
your IT Department and ask for the email to be released from quarantine.

If you need to receive future emails from this sender then you should also ask
your IT Department for the sender to be 'white-listed' so that future emails
are not quarantined in this manner.

Technical email details follow.

-----Original Message-----
From: sender@aol.com
Return Path: <fred@aol.co.uk>
Sent: Thu, 17 Apr 2008 10:23:43 +0100 (BST)
To: undisclosed-recipients:;
Subject: Latest stock information
Message ID: <30142219.40.1239992623674.JavaMail.www@ln3-srv-04.sensical.net>
Internal Reference Code: 02144-08/sJtYup0yUd9j
Mail Scanner Host: emailscanner2.sensical.net
Viruses: Eikar Virus A/32
First upstream SMTP client: [64.12.50.151] email.aol.com
Originating SMTP client: [84.45.112.3] blackberry.com bda131.bb.com [84.45.112.20]
3.6.2.2. Default Discarded Virus Recipient Notification Template top of section contents

Here is an example of the default notification email that a recipient will receive if they are sent a virus that is discarded.

From: "Mail Scanner" <null@sensical.net>
Subject: Virus (Eikar Virus A/32) from <sender@aol.com>: Latest stock information

You have received an email which is likely to contain a VIRUS from:
  <sender@aol.com>
with the following subject:
  Latest stock information

The following virus(es) have been detected:
  Eikar Virus A/32

The email has been discarded.

If you believe the email was legitimate and you wish to receive future emails
from this sender, then you should forward this email to your administrator and
ask for the sender to be white-listed so that future emails are not blocked in
this manner. Once the sender is white-listed you may ask the sender to
re-send their message.

Technical email details follow.

-----Original Message-----
From: sender@aol.com
Return Path: <fred@aol.co.uk>
Sent: Thu, 17 Apr 2008 10:23:43 +0100 (BST)
To: undisclosed-recipients:;
Subject: Latest stock information
Message ID: <30142219.40.1239992623674.JavaMail.www@ln3-srv-04.sensical.net>
Internal Reference Code: 02144-08/sJtYup0yUd9j
Mail Scanner Host: emailscanner2.sensical.net
Viruses: Eikar Virus A/32
First upstream SMTP client: [64.12.50.151] email.aol.com
Originating SMTP client: [84.45.112.3] blackberry.com bda131.bb.com [84.45.112.20]
3.6.2.3. Default Quarantined Spam Recipient Notification Template top of section contents

Here is an example of the default notification email that a recipient will receive if they are sent a spam that is quarantined.

From: "Mail Scanner" <null@sensical.net>
Subject: Spam from <sender@aol.com>: Latest stock information

DO NOT REPLY TO THIS EMAIL - THIS IS AN AUTOMATED MESSAGE

You have received an email which is likely to be SPAM from:
  <sender@aol.com>
with the following subject:
  Latest stock information

The message has been quarantined with the unique ID:
  mxk14102jj3.

If you believe the email was not spam then you should forward this email to
your IT Department and ask for the email to be released from quarantine.

If you need to receive future emails from this sender then you should also ask
your IT Department for the sender to be 'white-listed' so that future emails

are not quarantined in this manner.

Technical email details follow.

-----Original Message-----
From: sender@aol.com
Return Path: <fred@aol.co.uk>
Sent: Thu, 17 Apr 2008 10:23:43 +0100 (BST)
To: undisclosed-recipients:;
Subject: Latest stock information
Message ID: <30142219.40.1239992623674.JavaMail.www@ln3-srv-04.sensical.net>
Internal Reference Code: 02144-08/sJtYup0yUd9j
Mail Scanner Host: emailscanner2.sensical.net
Spam Score: 1.098
First upstream SMTP client: [64.12.50.151] email.aol.com
Originating SMTP client: [84.45.112.3] blackberry.com bda131.bb.com [84.45.112.20]

3.6.3. Customisation of Templates top of section contents

It is possible to individually-customise the content of the 3 recipient notification types on a domain-wide basis. It is not possible to customise the content of the recipient notifications on a recipient-by-recipient basis.

In order to customise a default recipient notification template, follow these steps: First go to Inbound Settings, then click Edit Notification Template next to the template you wish to customise. If you have not already customised this template, click Click here to customise. Then edit the template in the top box and click Save when done. You can review what your template will look like - the representation - in the bottom box when you click Save.

It is possible to customise the following parts of the recipient templates:

FromWho the notification is from. This would normally be an administrator email address for your domain - e.g. postmaster@customer.com. You should enter an email address in either the format postmaster@customer.com or "Postmaster" <postmaster@customer.com>.
SubjectThe email subject of the notification. Within the subject you can use macros.
BodyThe email body of the notification. Within the subject you can use macros.

You cannot customise the To of the notification - the notification is always sent to the original recipients of the quarantined or discarded email.

3.6.3.1. Macros top of section contents

The following macros can be used in the template subject or template body. When the recipient receives the notification, the macro will be replaced with text specific to the discarded or quarantined email. Each macro begins with a % and is followed by a single letter which is case-sensitive.

%sEmail Sender
From the email envelope (i.e. SMTP MAIL FROM), enclosed in angle-brackets.
Example: <sender@aol.com>
%REmail Recipients
From the email envelope (i.e. SMTP RCPT TO), comma-separated.
Example: john@customer.com, mike@customer.com
%jEmail Subject
From the email header.
Example: Free stock quotes!
%cSpam Score
A number, with 3 decimal places, indicating the probability of spam. If no spam score is available, e.g. when the notification is for a virus, a dash, -, is displayed.
Example: 4.08
%VVirus Name(s)
The names of the viruses detected within the email. Or an empty string if no viruses are detected.
Example: Eikar Win/32
%qQuarantine ID
The quarantine identifier, which can be used to reference the email for release from quarantine. If the email is not quarantined then this macro will be empty.
Example: mxk14102jj3
%fNotification Sender
The sender of the notification email, always the same as the from part of the notification template.
Example: "Postmaster" <postmaster@customer.com>
%tNotification Recipient
The recipient of the notification email.
Example: john@customer.com
%dEmail Date
In RFC2822 format.
Example: Thu, 17 Apr 2008 10:23:43 +0100 (BST)
%mEmail Message ID
Example: <30142219.40.1239992623674.JavaMail.www@ln3-srv-04.sensical.net>
%TEmail To
From the email header.
Example: "John" <john@customer.com>; "Mike" <mike@customer.com>
%CEmail Cc
From the email header.
Example: "Peter" <peter@customer.com>
%UEmail UTC Date
In yyyymmddThhmmssZ format.
Example: 20080417T092343Z
%uEmail Epoch Date
In seconds from the Epoch, 1st January 1970.
Example: 1240008793
%zEmail Size (Bytes)
Example: 307
%bEmail MD5 Checksum
Example: c9a84b386683698e03ecf580d6d7a37b
%iMail Scanner Message ID
Example: sJtYup0yUd9j
%hMail Scanner Host Name
Example: emailscanner2.sensical.net
%pMail Scanner Policy
%nMail Scanner Task ID
Example: 02144-08
%ZEmail Headers Summary
Example: From: sender@aol.com
Return Path: <fred@aol.co.uk>
Sent: Thu, 17 Apr 2008 10:23:43 +0100 (BST)
To: undisclosed-recipients:;
Subject: Latest stock information
Message ID: <30142219.40.1239992623674.JavaMail.www@ln3-srv-04.sensical.net>
Internal Reference Code: 02144-08/sJtYup0yUd9j
Mail Scanner Host: emailscanner2.sensical.net
Spam Score: 1.098
First upstream SMTP client: [64.12.50.151] email.aol.com
Originating SMTP client: [84.45.112.3] blackberry.com bda131.bb.com [84.45.112.20]
%%
Enter %% to use a % sign preceded by a non-space character.

3.6.4. Reverting to Default Templates top of section contents

If you have customised your recipient notification templates and you want to revert to the default recipient notification template, then follow these steps: First go to Inbound Settings, then click Edit Notification Template next to the template you wish to revert to the default, then click the Revert To Default button and accept the warning.

4.1. Introduction & Overview of Settings contents

Outbound Email From Customer's Mail Server

Outbound Email

Click on Outbound Settings on the Mail Scanner Menu and you can configure all the settings for outbound email as follows:

Outbound Email Settings
Enable Outbound Email Processing
When set to Yes then Sensical Mail Scanner will scan and deliver email received from the Customer Outbound Mail Server(s). When set to No then outbound email will not be accepted for processing by the Sensical Mail Scanner and instead will be rejected.
Outbound Mail Relay
The customer should direct all outbound email to this hostname for onward delivery. See Quick Start Guide for further information.
Customer Outbound Mail Server(s)
This list contains the IP addresses of the customer's mail servers which may send email via Sensical Mail Scanner. Enter each IP address on a new line. IP address ranges can be entered with a dash - e.g. 185.20.30.0-185.20.30.127. See Quick Start Guide for further information.
Journal Outbound Email
If available, when set to Yes, a copy of all outbound email will be journaled. Journaled email is permanently stored in the Message Store for later inspection.

4.2. Outbound Virus Detection top of section contents

Sensical Mail Scanner scans each outgoing email sent by the customer before it is sent to the email recipient(s).

Sensical Mail Scanner is capable of detecting over 530,000 viruses, worms and trojans, including Microsoft™ Office™ macro viruses, mobile malware, and other threats. It has full deep-scanning capabilities and scans within archives and compressed files (also protects against archive bombs), built-in support includes: ZIP, 7Z, RAR, ARJ, TAR, GZIP, BZIP, CAB and many others.

Outbound Virus Detection is always active, and cannot be disabled. If the Sensical Mail Scanner detects a virus or other bad content in an outbound email, then it will not deliver the email the recipient(s). Instead it will send a warning email to the sender, indicating that their email could not be delivered and why.

There are some rare situations (which are not documented here for security reasons) where Sensical Mail Scanner is unable to check the outbound email for viruses. In these situations the email is delivered and the subject is prefixed with *** UNCHECKED ***.

4.3. Outbound Maximum Message Size top of section contents

The maximum size of an outbound email is 20,480,000 bytes (19.53 megabytes). If the customer sends an email greater than this size then it will be returned to the sender undelivered.

  • See Also: Dashboard Graphs which show a quick summary of the last week and day's mail volumes and contents.
  • See Also: Message Storage to view individual emails.
5.1.Getting Started
5.1.1.Introduction
5.1.2.Accessing Reporting
5.1.3.Allowing Popups
5.2.One-Off Reporting
5.2.1.Quick One-Off Reports
5.2.2.Custom Period One-Off Reports
5.2.3.One-Off Report Session History
5.3.Scheduled Reporting
5.3.1.Scheduled Report List
5.3.2.Create a Scheduled Report
5.3.3.Scheduled Report Criteria
5.3.4.Delete a Scheduled Report
5.3.5.Scheduled Report Series
5.3.6.Scheduled Report Links
5.4.Other Settings
5.4.1.Report Filters
5.4.2.Report Interval
5.5.Report Output
5.5.1.Layout
5.5.2.Printing
5.5.3.Metrics

5.1. Getting Started with Reporting top of section contents

5.1.1. Introduction top of section contents

Mail Scanner allows the Customer Administrator(s) with the appropriate permissions to execute one-off and scheduled reports showing data and graphs for key performance metrics over a given period of time for a single domain.

5.1.2. Accessing Reporting top of section contents

Mail Scanner reporting is managed via the Reports section of the Sensical Mail Scanner Control Panel: Follow the instructions to log into the Sensical Control Panel and navigate to the Mail Scanner management section for the chosen domain, then click Reports on the Mail Scanner Menu. You will be presented with the Reports section which allows you to execute one-off reports and manage your scheduled reports for the chosen domain.

Reporting can be accessed by any person(s) with appropriate access via the Sensical Control Panel. By default, the customer is granted a single login ID which has full control over the Sensical Mail Scanner and full access to Reporting. However, access to Reporting can be restricted, or alternatively specific sub-accounts that only have access to Reporting can be created. Please contact Sensical Support for assistance in setting up such access restrictions.

5.1.3. Allowing Report Popups top of section contents

All reports are shown in a new web browser window or tab, which ensures that the Report Management screen is always shown. Many modern browsers use a "Popup Blocker" which means that the first a Mail Scanner Report is requested to be viewed it will not appear and instead a yellow warning banner will appear at the top of the web browser. If this occurs the following 2-step procedure outlined below should be followed. It should only be necessary to follow this procedure once, after which all reports will show correctly.

1. When the yellow bar appears you need to tell your browser to allow popups from www.sensical.net. In Microsoft™ Internet Explorer™ click on the yellow bar then click Always Allow Pop-ups from This Site... as shown below. You will then need to click Yes to the confirmatory dialogue.

Internet Explorer Popup Warning

Or in Mozilla™ Firefox™ click Options and click Allow popups from www.sensical.net as shown below:

Mozilla Firefox Popup Warning

2. Then the report you executed should appear at the top of the Report Session History list. Click Show next to the report and it will appear in a new browser window or tab.

5.2. One-Off Reporting top of section contents

A one-off report can be executed at any time from the Sensical Control Panel and the report output will be available to view almost instantaneously. One-off reports can be executed for common time periods, for any time period, for any data interval and can include filters. A one-off report will be visible in the session history for the period that you are logged into the Sensical Control Panel, but is not available once you log out.

5.2.1. Quick One-Off Reports top of section contents

The quickest way to execute a one-off report is to click on the Quick Period links, as shown below, and then click the Execute button. This will generate a report for all metrics for the fixed time period selected.

Quick Report Links

The following quick periods are available:

Quick Report PeriodIntervalSamples
60 minutes5 minutes12
12 hours1 hour12
7 days1 day7
3 months1 week~13

5.2.2. Custom Period One-Off Reports top of section contents

If you want to chose a different time period to those available in the quick reports then you can do so easily by selecting your own start date and stop date, then clicking on the Execute button as shown below.

Custom Period Report Selection

In order to select the From and To dates, you can type a date/time directly in the appropriate box in the format DD/MM/YY HH:MM (e.g. 22 August 2009 9:06am would be entered as 22/08/09 09:06).

If you leave the To box blank then it will default to the current date/time.

In order to more easily select the date/time, you can also click on the calendar icon to the right of the box which will display a calendar for you to choose a date and time more easily as shown below.

Custom Period Date Input

5.2.3. One-Off Report Session History top of section contents

The Reports section will show a list of one-off reports that have been executed during this session (since the last login) as shown below. The most recent report executed is always at the top.

Report Session History

The following commands are available:

  • Show: Click this link to view the one-off report. A new tab or window will be opened in your web browser to show the report. If the new tab or window does not appear you may need to allow popups.
  • Schedule: Click this link to create a scheduled report based on the settings of this one-off report. See scheduled reporting for more details.

5.3. Scheduled Reporting top of section contents

  • See Also: Accessing Reporting for how to access the Reports section of the Sensical Mail Scanner Control Panel.
  • See Also: One-Off Reporting for an alternative to scheduled reporting.

A scheduled report can be created so that reports are automatically executed according to a given criteria and schedule (i.e. daily, weekly, monthly or annually). After a scheduled report is executed, a link to the report is emailed to the specified recipients. The report is then permanently available to view via the Sensical Control Panel or via the link in the email. A scheduled report can be created from scratch, or it can be based on a one-off report.

5.3.1. Scheduled Report List top of section contents

A list of your domain's scheduled reports is available at the bottom of the Reports section of the Sensical Mail Scanner Control Panel. Initially this list will be empty as there are no existing scheduled reports.

Scheduled Report List

For each existing scheduled report the following commands are available:

  • Name: Click the name to see a list of all the series of individual reports that have been generated by this scheduled report. See scheduled report series.
  • Show: Click the Show link to view the most-recent individual report generated by this scheduled report. The report will be shown a new tab or window of your web browser. If the report does not appear then check your popup settings.
  • Edit: Click the Edit link to change the scheduled report criteria. You should also click this link if you with to delete the scheduled report. See scheduled report criteria.

5.3.2. Create a Scheduled Report top of section contents

A scheduled report can be created by clicking the Create new scheduled report button at the bottom of the Reports section of the Sensical Mail Scanner Control Panel. Clicking this button will take you to a web page where you need to enter the criteria for the new scheduled report and then click on the Create button. Your new scheduled report will now be listed in the scheduled report list.

It is also possible to create a new scheduled report using the same criteria as those used in a recent one-off report. From the one-off report session history list click the Schedule icon next to the one-off report that you would like to use as the foundation for a new scheduled report. Clicking this button will take you to a web page where you need to check the criteria for the new scheduled report and then click on the Create button. Your new scheduled report will now be listed in the scheduled report list. Please note that the Scheduled icon is only available when the one-off report has been successfully finished being executed - if the icon does not appear please click on the Reports section of the Mail Scanner Menu to refresh the list.

5.3.3. Scheduled Report Criteria top of section contents

The scheduled report criteria need to be entered before a new scheduled report can be created or when an existing scheduled report is edited - via the scheduled report list.

The following scheduled report criteria are used:

  • Name: Optionally specify the name for this scheduled report. This is an arbitrary name to allow one scheduled report to be identified from another.
  • Active: If Yes then this scheduled report will be executed according to the specified frequency. If No then the scheduled report will not be executed. Choosing No does not remove the existing reports but it stops any new reports being executed. It is possible to move the Active status between Yes and No as many times as desired.
  • Period: This specifies the period of time that will be covered in the reports. The reports will cover the given period of time ending 00:00 on the day of execution. The maximum period is 1 year.
  • Data Interval: This specifies the length of each record within the reports. It should normally be set to Auto. Please see Report Interval for further information.
  • Internal/External User Filter: Instead of the report covering all inbound and outbound email, it is possible to specify a filter to restrict the report to certain internal and/or external domains and/or email addresses. Please see Report Filters for further information.
  • Frequency: Use this section to specify how often this report should be executed. First select Daily, Weekly, Monthly or Annual on the left-hand side, then choose the relevant options on the right-hand side.
  • Recipient Email Addresses: Specify the email addresses that should receive a notification and a link to the report when it is executed. Enter one email address per line.

5.3.4. Delete a Scheduled Report top of section contents

To delete an existing scheduled report, click Edit next to the existing scheduled report in the scheduled report list. Then click the Delete button at the bottom of the scheduled report criteria page.

Warning: Deleting a scheduled report will delete all the reports that were previously generated by that scheduled report, including invalidating the links in all email notifications that were previously sent by this scheduled report. Consider just setting Active to No in the scheduled report criteria if you want to stop the scheduled report from generating any further reports but still require access to its previously-generated reports.

5.3.5. Scheduled Report Series top of section contents

A scheduled report produces a series of individual reports on a regular basis, according to its schedule. You can view all the individual reports in the series at any time via the Sensical Mail Scanner Control Panel. From the scheduled report list click the name of the scheduled report and you will be taken to a list of the series of reports produced by this scheduled report.

The list shows, in descending chronological order, all the reports in the series with the following columns:

  • Period Start & End: The period of this individual report.
  • Show: Click Show to view the individual report. The report will be shown in a new web browser tab or window. If the report does not appear then check you have allowed popups.
  • Link: Click Link and the link for this individual report will be shown in a box to the right. Each individual report has its own unique link which can be used by any party to view the report. The link contains a special authorisation code which permits the holder of the link to view the individual report at any time, without any additional authorisation. You can send an individual report's link to any party that you trust so that they can view the report without your further authorisation. This link can be copied to computer's clipboard by right-clicking on the selected text and clicking Copy. The link can then be pasted into an email or other communication. Please read about security of scheduled report links.
  • Reset: Click Link and the individual report's link is shown (as described above). At the same time an option to Reset the link also appears. Click on Reset to invalidate the current link for this individual report and generate a new one. This is useful if you want to remove access to the report from a party that has the current link. Please read about security of scheduled report links.

The following commands are also available at the bottom of this page:

  • Reset All: Click to reset the links for the whole series of individual reports produced by this scheduled report. All current links will be invalidated and new ones will be generated in their place so that any person who holds any current link will not be able to view the report. Please read about security of scheduled report links.
  • Edit: Click to edit the scheduled report's criteria.
  • Cancel: Click to return to the list of scheduled reports.

5.3.6. Scheduled Report Links top of section contents

Each individual report produced by a scheduled report has its own unique Internet link which, when known, can be followed by any party to view the report. The link contains a special authorisation code which permits the holder of the link to view the individual report at any time, without any additional authorisation. The individual report's link can be communicated to any party that you trust so that they can view the report without your further authorisation.

The individual report's link is emailed to the scheduled report recipients (as specified in the scheduled report criteria) when the report is generated. The individual report's link can also be retrieved at any time from the Sensical Mail Scanner Control Panel by selecting the scheduled report from the scheduled report list and then clicking Link next to the individual report in the series. The link will then be displayed. This link can then be copied and communicated to other parties as explained in the scheduled report series section.

Once a link has been communicated to a party, they can view the report in their web browser just by clicking the link. The party can pass the link onto a 3rd party who can also view the report, and so on. Therefore the link should only be communicated to parties that are trusted not to communicate the link publically or to an untrusted party.

Links can be reset by following instructions in the scheduled report series page. When a link is reset a new one is generated and the old one will no longer function. Anybody who follows the old link will not be able to see the report. Therefore resetting a link prevents parties from viewing the report. However any party who previously viewed the report before its link was reset could have saved the report on their computer, printed the report or otherwise made a copy of the report. Therefore resetting a report's link does not guarantee that a party that knows the old link cannot see the report.

5.4. Other Report Settings top of section contents

5.4.1. Report Filters top of section contents

By default, the report will show all inbound and outbound data for your domain. However, in some circumstances it might be useful to provide a more granular report for a smaller body of emails over the same time period and interval. The reporting engine allows both one-off and scheduled reports to be filtered to include only the data that matches the given filters.

Show Filters Link

For a one-off report click the Show Filters link, as shown above, in order to show the filter input boxes, as shown below. For a scheduled report, these filter input boxes are visible on the criteria page, which is shown when creating a new scheduled report, or when editing an existing scheduled report.

Filters

Complete the filters as required - see below for what each filter does. As you start typing in the filter boxes, possible filter values will automatically be displayed for you to choose from - as shown in the picture below. When you see the filter you want, click on it with the mouse. If you don't see the filter you want then continue typing to narrow down the selection. If no possible filter values are displayed, then the filter you have typed so far is not valid, and you should make a correction. Next to each possible filter value is a number indicating how many records exist for that filter.

Filter Example

The following filters are available: Please note that all filters are case-insensitive.

  • Internal User: To restrict the report to email sent to and from an internal email address or internal email domain.

    For instance, if you choose mycompany.com as the value for this filter, then only inbound email sent to users with an @mycompany.com email address and outbound email sent from users with an @mycompany.com email address will be included in the report.

    Similarly, if you choose bob@mycompany.com as the value for this filter, then only inbound email sent to bob@mycompany.com and outbound email sent from bob@mycompany.com will be included in the report.

  • External User: To restrict the report to email sent to and from an external email address or external email domain.

    For instance, if you choose external.com as the value for this filter, then only inbound email sent from users with an @external.com email address and outbound email sent to users with an @external.com email address will be included in the report.

    Similarly, if you choose eric@external.com as the value for this filter, then only inbound email sent from eric@external.com and outbound email sent to eric@external.com will be included in the report.

5.4.2. Report Interval top of section contents

The default and recommended value for the report interval is Auto. When set to Auto the most appropriate report interval will be automatically selected based on the period of the report.

The report interval can be selected for both one-off and scheduled reports. The report interval determines the granularity of the records within the report. When combined with the report period, the report interval also determines the number of records in the report. The report interval must be set to one of the following: Auto, 1 year, 1 month, 1 week, 1 day, 1 hour and 5 minutes.

Example: If the report interval is set to 1 day and the report period is one week, then there will be seven records in the report and each record will represent data for one day.

5.5. Report Output top of section contents

5.5.1. Report Layout top of section contents

Report Output Example

Report Summary

At the top right of the report is a report summary showing the following:

  • Report Run Time: The time that the report execution started.
  • Report Period: As specified on the report management screen.
  • Report Interval: As specified on the report management screen, or as calculated if automatic was specified.
  • Report Filters: The list of report filters (if applicable) that were applied to this report.

Report Shortcuts

Below the report summary is a row of shortcuts which allow you to jump to see directly to the metric of choice.

Report Body

Below the report summary and the shortcut row is the actual report. The report contains a number of metrics, as described in the following section, in a vertical layout. Each metric has a title, a short textual summary, followed by the table of data on the left and the associated bar chart on the right.

5.5.2. Report Printing top of section contents

The reports are designed to be printed while being viewed. It is possible to use the Print and Print Preview functions of the browser via the standard browser menu bar. It is also possible to click the Print Report link at the top right of the page to be taken directly to the print dialogue.

5.5.3. Report Metrics top of section contents

The Mail Scanner report includes the following metrics. For the given period and interval, the performance metrics are shown in tabular and bar chart format.

Total Message Recipients The total number of email recipients processed (both inbound and outbound). An email has one or more recipients. This metric shows the total number of recipients, which will always be higher than the total number of emails.

  • In: The total number of inbound recipients.
  • Out: The total number of outbound recipients.
  • Total: The total number of inbound recipients plus the total number of outbound recipients.

Total Message Volumes The total number of emails processed (both inbound and outbound). If an email has multiple recipients it is counted as one email only.

  • In: The total number of inbound emails.
  • Out: The total number of outbound emails.
  • Total: The total number of inbound emails plus the total number of outbound emails.

Total Message Size The total size (in bytes) of emails processed (both inbound and outbound). An email with multiple recipients is only counted once.

  • In: The total size of inbound emails.
  • Out: The total size of outbound emails.
  • Total: The total size of inbound emails plus the total size of outbound emails.

Spam versus Clean Volumes The total number of inbound spam versus clean emails.

  • Spam: The total number of inbound emails that are detected as spam, either because they are from senders who are black-listed, or they have a spam score equal to or above the Spam Threshold.
  • Clean: The total number of inbound emails that are detected as clean, either because they are from senders who are white-listed or if they have a spam score below the Spam Threshold or because Enable Spam Detection is set to No.

Spam Action Volumes The total number of inbound spam emails broken down by action.

Whitelist & Blacklist Volumes The total number of whitelisted and blacklisted senders of inbound emails.

  • Blacklisted: The total number of inbound emails whose senders match one of the black lists.
  • Whitelisted: The total number of inbound emails whose senders match one of the white lists.

Total Virus Volumes The total number of emails that are determined to be viruses (both inbound and outbound).

  • In: The total number of inbound emails that have been detected to be viruses.
  • Out: The total number of outbound emails that have been detected to be viruses.
  • Total: The total number of inbound and outbound emails that have been detected to be viruses.

Top 10 Recipients The top 10 recipients of inbound email over the report period. This metric is not available when an internal filter is used.

  • Recipient: The email address of the recipient of inbound email.
  • Emails: The number of external emails that this recipient has received over the report period.

Top 10 Senders The top 10 senders of outbound email over the report period. This metric is not available when an internal filter is used.

  • Sender: The email address of the sender of outbound email.
  • Emails: The number of external recipients that this sender has emailed over the report period.

Top 10 Destinations The top 10 destinations of outbound email over the report period. This metric is not available when an external filter is used.

  • Destination: The email address of the destination of outbound email.
  • Emails: The number of emails that this destination has received over the report period.

Top 10 Sources The top 10 senders of inbound email over the report period. This metric is not available when an external filter is used.

  • Source: The email address of the sender of inbound email.
  • Emails: The number of internal recipients that this source has emailed over the report period.
  • See Also: Dashboard Graphs which show a quick summary of the last week and day's mail volumes and contents.
  • See Also: Reporting for one-off and scheduled reports showing data and graphs for all the key performance metrics over a given period of time.
6.1.Introduction to the Message Store
6.2.Accessing the Message Store
6.3.Using the Message Store
6.3.1.The Home Page
6.3.2.The Message Index
6.3.3.The Search Form
6.3.4.The Message View
6.3.5.Quarantine Release
6.4.Message Store Data Retention

6.1. Introduction top of section contents

The Message Store allows the Customer Administrator(s) with the appropriate privileges to perform a number of functions:

  • Safely view summary information of any email that has passed through the Sensical Mail Scanner, either inbound or outbound, including clean emails, spam, viruses and other bad content.
  • Search for emails by ID, date, sender and/or recipient.
  • View full content of any email that was quarantined or journaled.
  • Release any inbound or outbound email that was quarantined or journaled to a recipient or other party.

6.2. Accessing the Message Store top of section contents

  • To access the Message Store, log into the Sensical Control Panel at www.sensical.net/login, click on the Mail Scanner icon, click the Manage button next to the relevant domain, then click Message Store on the Mail Scanner Menu. Please note, the Message Store opens in a new browser window or tab.
  • The Message Store can be accessed by any person with appropriate access. Normally, the customer is granted a single login ID which has full control over the Sensical Mail Scanner and full access to the Message Store. However, it can be desirable to create sub-accounts that only have access to the Message Store, to protect the Mail Scanner Configuration but still allow some Customer Administrators to release emails from quarantine. Please contact Sensical Support for assistance in setting up sub-accounts with restricted access.
  • When you have finished with the Message Store, just click Log Out at the top right and close the web browser window.

6.3. Using the Message Store top of section contents

6.3.1. The Home Page top of section contents

  • The Message Store Home Page is the default page shown when connecting to the Message Store.
  • You can return to the Message Store Home Page at any time by clicking the "Message Store Home" link at the top left of the page.
  • The Message Store Home Page shows the Search Form and the Message Index which allow the user to search for emails and view the results of the query and are explained in further detail below.

6.3.2. The Message Index top of section contents

The Message Index shows a list of emails resulting from any search query.

By default, when connecting to the Message Store, the Message Index will show the most recent 15 inbound emails.

If the email has been quarantined or journaled by the Mail Scanner then you can click on the email recipient to view more details about the email - see Message View.

The Message Index can only show 15 emails at a time. When the search query results in more than 15 emails, the user can click the page navigation links at the top right and bottom right of the Message Index to navigate between pages.

The emails within the Message Index are always sorted by the time that the email was processed by the Mail Scanner, with the most recent emails at the top.

The Message Index has 9 columns which show the following data for each email:

Message Index Columns
(1st column)
The 1st column is reserved for a check-box which can be used to release the email from quarantine - see Quarantine Release below.
Recipient
The email address(es) of the recipient(s) of the email. This is the envelope recipient data and can be relied upon. If the email has been quarantined or journaled by the Mail Scanner, then you can click on the recipient to view more email details - see Message View.
Sender
The "From" field from the header of the email. This is the envelope sender data and is controlled by the sender of the email, and therefore cannot be relied upon for inbound email. The envelope sender can be different to the "From" header.
Subject
The subject of the email.
Date
The date that the email was processed by the Mail Scanner. This is not necessarily the same as the "Date" header from the email.
Score
The spam score of the email as determined by the Mail Scanner.
Content
There are 3 possible options which indicate the result of the Mail Scanner's analysis of the email. Please note, this does not indicate what action was taken by the Mail Scanner for this email.
  • Clean indicates that the Mail Scanner did not consider the email to be spam, a virus or contain bad content.
  • Spam indicates that the Mail Scanner considered the email to be spam. Not applicable to outbound email.
  • Virus indicates that the Mail Scanner considered the email to contain a virus or other bad content.
Delivered
This indicates what action the Mail Scanner took for this email. There can be multiple actions taken as follows:
  • Yes indicates that the Mail Scanner attempted to deliver the email to the Customer's mail server in the case of inbound email, or to the email recipient's mail server in the case of outbound email.
  • No indicates that the Mail Scanner did not attempt delivery of the email to the recipient (the email was instead discarded, quarantined or journaled).
Mail ID
The unique mail identity for this email (case sensitive). The mail ID is indicated in the inbound recipient notifications.

6.3.3. The Search Form top of section contents

The Search Form is shown at the top of the Message Store Home Page. It allows the user to search for certain emails by entering search parameters. The results of the query will be shown in the Message Index.

To execute a search query, first select the type of search, by clicking on one of the three search tabs from the following:

  1. Inbound Search: This is the default tab that will be selected when you arrive at the Message Store. This tab allows you to search and display inbound emails (sent to your organisation) based on date, sender, recipient and content and/or body type. Choose the search parameters as listed below and then click the "Search Inbound Messages" button. The results will be displayed in the Message Index.
  2. Outbound Search: If you want to search for outbound emails (sent by your organisation) based on date, sender, recipient and content, then choose the "Outbound Search" tab. Choose the search parameters as listed below - which are the same as the "Inbound Search" tab - and then click the "Search Outbound Messages" button. The results will be displayed in the Message Index.
  3. ID Search: If you want to search for a specific in- or out-bound email, based on its Mail ID, then choose the "ID Search" tab. Each email has a unique Mail ID which is a case-sensitive string of 12 characters. If you know the Mail ID then using the ID Search is the easiest way to find the email. The Mail ID is included in the Recipient Notification Email that can be sent to the recipients of inbound quarantined email. Once you have selected the "ID Search" tab, then either enter the Mail ID of an inbound email in the "Inbound Mail ID" box and click the "Search Inbound Button" button, or enter the Mail ID of an outbound email in the "Outbound Mail ID" box and click the "Search Outbound Messages" button. The single email, if found, will be displayed in the Message Index.
Search Parameters & Buttons
Period
In the Period drop-down you can select from one of the following options:
  • Choose Last week, which is the default, to restrict results to emails sent or received in the previous seven days.
  • Choose Last 2 weeks to restrict results to emails sent or received in the previous 14 days.
  • Choose Last month to restrict results to emails sent or received in the preceding one month (maximum 31 days).
  • Choose Last quarter to restrict results to emails sent or received in the preceding three months (maximum 92 days).
  • Choose Custom to restrict results to emails sent during a specific period. Use the From and To text-boxes to specify the specific period.
Period From
If you want to restrict the results to emails sent during a specific period, then enter the start date and time of the specific period here. You should enter the date in DD/MM/YY HH:MM format, or alternatively click the calendar icon on the right of the box and use the drop-down calendar to select the start date and time. Ensure that the Period drop-down is set to Custom if you want to use a specific period restriction - it will be automatically set to Custom when you enter a value in the From or To text-boxes either manually or via the calendar.
Period To
If you want to restrict the results to emails sent during a specific period, then enter the end date and time of the specific period here. You should enter the date in DD/MM/YY HH:MM format, or alternatively click the calendar icon on the right of the box and use the drop-down calendar to select the end date and time. Ensure that the Period drop-down is set to Custom if you want to use a specific period restriction - it will be automatically set to Custom when you enter a value in the From or To text-boxes either manually or via the calendar.
Sender
In the Sender text-box you can optionally enter a domain name (e.g. aol.com) or email address (e.g. john@aol.com) to restrict the search results to emails sent from the given domain or email address. If you do not choose a sender, then the result will show emails from all senders. As you type, a drop-down will list the available sender domains or email addresses for you to select from. Next to each entry in the drop-down list is the estimated number of emails sent by that sender domain or email address. Please note that entries are not case sensitive and that this text-box restricts against the envelope sender, not the "From" header, which could be different.
Recipient
In the Recipient text-box you can optionally enter a domain name (e.g. aol.com) or email address (e.g. john@aol.com) to restrict the search results to emails sent to the given domain or email address. If you do not choose a recipient, then the result will show emails to all recipients. As you type, a drop-down will list the available recipient domains or email addresses for you to select from. Next to each entry in the drop-down list is the estimated number of emails sent to that recipient domain or email address. Please note that entries are not case sensitive and that this text-box restricts against the envelope recipient, not the "To" header, which could be different.
Content Type
  • Choose Any type, which is the default, to not restrict the results.
  • Choose Clean to restrict the results to emails which the Mail Scanner considered to be free from spam, viruses or other bad content.
  • Choose Spam (delivered) to restrict the results to emails which the Mail Scanner considered to be spam and which the Mail Scanner attempted to deliver to the recipient.
  • Choose Spam (not delivered) to restrict the results to emails which the Mail Scanner considered to be spam and which the Mail Scanner did not attempt to deliver to the recipient and instead discarded.
  • Choose Virus to restrict the results to emails which the Mail Scanner considered to contain viruses or other bad content.
Body
  • Choose Any body, which is the default, to not restrict the results.
  • Choose Body present to restrict the results to emails that have been quarantined or journaled by the Mail Scanner (i.e. emails whose bodies are available to view via the Message View).
  • Choose Body not present to restrict the results to emails that have not been quarantined or journaled by the Mail Scanner (i.e. emails whose bodies are not available to view via the Message View).
Search Inbound / Outbound Messages Button
Once the search parameters have been entered, click this button to execute the search query, and the results will be shown in the Message Index after a short while.
Reset Button
Click this button to reset the search parameters on the current tab to their default.

6.3.4. The Message View top of section contents

  • The Message View shows the full details of a single email. Only emails that have been quarantined or journaled can be viewed via the Message View.
  • To access the Message View, click the Recipient of the email you want to view from the Message Index.
  • By default, the Message View shows the email body along with the basic email headers (From, To, Date and Subject).
  • To view more headers, click the Toggle Headers link at the top right of the page. Received, Message-ID and X-Spam-Status header will be shown.
  • To view the raw email information including all email headers and body attachments, click the View Original link at the top right of the page, and the raw email information will open in a new window. You can print the raw email information by clicking the Print link at the top right of the new page. You can close the raw email information page by clicking the Close link at the top right of the new page.
  • You can release the email from quarantine from the Message View by clicking the Release To button. You can override the email address that will receive the email by entering an alternative email address to the original recipient in the text-box next to the Release To button, prior to pressing the Release To button. See Quarantine Release section below for more information.
  • To return to the Message Index from the Message View, click the Back to Messages link at the top left of the page.

6.3.5. Quarantine Release top of section contents

One of the roles of the Message Store is to release inbound emails from Quarantine or from the Journal. When an email is released, it is typically sent (or re-sent) to one of the original recipients of the email.

The typical reason to use the release function is when an end user receives a genuine email that is incorrectly marked as spam or as containing a virus or other bad content by the Mail Scanner. Such an end user may contact their internal IT function because they were expecting an email that has not arrived, or perhaps they have received a Notification from the Mail Scanner that their email was quarantined. A user representing the internal IT function can then connect to the Message Store, search for the email in question and request that it be released, whereupon it will be sent to the end user as if it had not been classified as spam or containing a virus or other bad content.

Please note that only email that has been quarantined or journaled can be released. Emails can be released multiple times.

To release emails from quarantine:

  1. First, use the Search Form to find the email you want to release. Often using the Mail ID, if you know it, is the quickest way to find an email.
  2. Once you have found the emails you want to release, select them using one of two ways:
    1. From the Message Index, select the check boxes next to any emails that you want to release, then click the Release Selected Messages button. If you choose this way, then the selected emails will be released to the selected original recipients.
    2. From the Message View, click the Release To button. If you choose this way, then you can override the email address that will receive the email by entering an alternative email address to the original recipient in the text-box next to the Release To button, prior to pressing the Release To button.
  3. After you have clicked the button, then the Message Store will attempt to release the selected emails.
  4. You will then be presented with a table of the release results, indicating which emails were successfully released, and which could not be released due to error. If release errors persist then please contact Sensical Support.
  5. Click the Back to Messages link to return to the Message Index.

6.4. Message Store Data Retention top of section contents

The Message Store product stores data as follows. Data in excess of this period may be available, however it is subject to be deleted by Sensical at any time without warning.

Standard Data Retention:

  • Summary Data: 12 months.
  • Quarantine Data: 1 month.
  • Journaled Data: Not applicable.

Journal Data Retention: (For customers who purchase the Mail Scanner with the Journaling option.)

  • Summary Data: For ever.
  • Quarantine Data: For ever.
  • Journaled Data: For ever.

7.1. SPF (Sender Policy Framework) top of section contents

This is an advanced topic. If you require assistance with SPF or any part of Mail Scanner then please contact Sensical Support.

Sensical recommends SPF is used with Mail Scanner in order to publish information about which computers are responsible for sending your email. SPF means that parties who receive your email can have more trust that your email is not spam and this leads to improved delivery.

If you are interested, more information about SPF can be found on Wikipedia.

Important: If you were already using SPF prior to using Sensical Mail Scanner then you MUST review your SPF DNS entries to avoid your email not being accepted. Please contact Sensical Support for assistance or follow the instructions below.

Activating SPF requires changes to be made to your domain's DNS entries. If Sensical manages your domain's DNS then please contact Sensical Support and we will make the changes for you. You will be asked whether you send email exclusively via Sensical.

If Sensical does not manage your DNS then you should make the following changes to your DNS:

  1. If you send email exclusively via Sensical (which is the default), then add the following DNS entries to your domain(s):

    TXT "v=spf1 include:spf.sensical.net -all"

  2. Alternatively, if you send email via Sensical and also via other outbound relays, then add the following DNS entries to your domain(s):

    TXT "v=spf1 include:spf.sensical.net ~all"

7.2. DKIM (DomainKeys Identified Mail) top of section contents

This is an advanced topic. If you require assistance with DKIM or any part of Mail Scanner then please contact Sensical Support.

Sensical offers a DKIM Signing Service for outbound email where email you send is signed to prove that it originated from the legitimate owner of the email domain. This means that parties who receive your email can have more trust that your email is not spam. This service increases the likelihood of your email being delivered to its intended recipients and not being blocked by the recipients' email filters. If you send legitimate high volume marketing emails, or are otherwise experiencing problems with your emails being blocked, then using DKIM is strongly recommended.

If you are interested, more information about DKIM can be found on Wikipedia.

In order to activate DKIM with Mail Scanner please contact Sensical Support. You will be asked whether you excluively send email via Sensical Mail Scanner.

Activating DKIM also requires changes to the DNS entries for your domain. If Sensical manages your DNS then we will make these changes on your behalf when you request the service to be activated. If Sensical does not manage your DNS then you will need to make the following changes to your DNS before the service can operate. (Please note that making these changes alone is not sufficient to activate DKIM with Mail Scanner and that you must contact Sensical Support to activate the service.)

  1. Add the following entries:

    ln5-rel-01.sensical.net._domainkey CNAME ln5-rel-01.domainkey.sensical.net.
    ln6-rel-01.sensical.net._domainkey CNAME ln6-rel-01.domainkey.sensical.net.
    ln5-mso-02.sensical.net._domainkey CNAME ln5-mso-02.domainkey.sensical.net.
    ln6-mso-02.sensical.net._domainkey CNAME ln6-mso-02.domainkey.sensical.net.

  2. If you send email exclusively via Sensical Mail Scanner (which is the default), then add the following DNS entries to your domain(s):

    _adsp._domainkey TXT "dkim=discardable"

  3. Alternatively, if you send email via Sensical Mail Scanner and also via other outbound relays, then add the following DNS entries to your domain(s):

    _adsp._domainkey TXT "dkim=unknown"

7.3. DMARC (Domain-based Message Authentication, Reporting and Conformance) top of section contents

This is an advanced topic. If you require assistance with DMARC or any part of Mail Scanner then please contact Sensical Support.

DMARC is an email validation scheme designed to prevent email spoofing. Use of DMARC (along with SPF and DKIM) can improve the likelihood of successful email delivery, especially if you send significant volumes of email. More information about DMARC can be found on Wikipedia.

In order to use DMARC you should use SPF and DKIM (see above) on all your outbound email, including any email that is not sent via Sensical.

Please note that bounces, Out Of Office responses and other autoreplies will not meet the DMARC criteria and therefore these types of outbound email have a reduced likelihood of being delivered if you enable DMARC. Technically this is because bounces are not signed by DKIM and that autoreplies have a return path of <> as per standard which cannot meet any DKIM domain match policy.

To use DMARC please add the following to your domain's DNS. If Sensical manages your DNS please just contact Sensical Support to request activation of DMARC.

_dmarc TXT "v=DMARC1;p=reject;aspf=s;adkim=s"


Sensical Mail Scanner Documentation version 4.2
© 2017 Sensical. E. & O. E.