In this following article we go over useful tips for using the deny/allow list. For example how you can determine the correct filter to be bypassed or who to target with your entry.
How to determine the correct filter to be bypassed by your deny/allow list entry:
The allow/deny list works with bypassing specific filters that caused mails to be marked as e.g. spam.
Following filters can be targeted with a deny/allow list entry:
Filter | Targets |
Spam and infomail filtering | Mails that got marked for being spam or infomail |
Content control | Mails that contained specific attachments |
Malware filtering | Mails that contained malware |
Phishing protection | Mails with phishing links |
Sender validation | SPF/DKIM/DMARC Fails |
Freezing | Freezing module from ATP |
Secure Links | Rewritten Links from secure links (more about secure links see below) |
Targeted Fraud Forensic Filter | Users that are in the TFFF-group |
If you are unsure what filter to bypass in your entry, you can see the reason inside the email live tracking. To get every needed information you may have to adjust your settings here:
Most importantly you need the tab "Reason". Here you can see what caused the mail to be quarantined.
For example:
If your mail got the reason SPF-Fail you would then need to create a deny/allow list entry that bypasses the filter "Sender validation".
What else is needed for a deny/allow list entry?
Besides the correct filter to be bypassed, you would also need the target for your entry.
Who is the "owner" of my deny/allow list entry?
The "owner" is the user or the domain you want to be affected by this entry. This depends on whether you want only one user to be affected by this entry or an entire domain.
Note: Its always better you create a deny/allow list for specific users rather than an entire domain. This way you create less false negatives.
Do I need the header from or the envelope from?
For deny/allow list entries we use the header from which you can find in the "communication partner"-tab, the info tab or inside the header of your incoming mails.
Explaining the different types and values of deny/allow list entries:
Type | Value (Target) |
Email Address | One specific Address (e.g. the user that's receiving the mail) |
Domain | The name of the sender domain. (Needed if the entry should cover an entire domain) |
IP Adress or Range | Needed if you want to cover specific IP Addresses or ranges. |
Site Domain (only for secure links) | The domain of an URL that gets altered by secure links. This is only needed for the filter "secure links". |
Special case secure links:
Creating a deny/allow list entry for secure links is a bit different. Here your value is not depending on your communication partner but rather the domain (and subdomains) of the link that is getting rewritten.
This can look like this:
The owner would then be either your single user or your entire domain.
Note: You need to select your Type as "site domain" before you are able to select Secure Links as your filter that will be bypassed. Otherwise, this filter is greyed out.