You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/content/docs/cloudflare-one/email-security/detection-settings/allow-policies.mdx
+15-14Lines changed: 15 additions & 14 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -21,7 +21,7 @@ To configure allow policies:
21
21
- **Action**: Select one of the following to choose how Email Security will handle messages that match your criteria:
22
22
- **Trust sender**: Messages will bypass all detections and link following.
23
23
- **Exempt recipient**: Message to this recipient will bypass all detections.
24
-
- **Accept sender**: Messages from this sender will be exempted from Spam, Spoof, and Bulk dispositions.
24
+
- **Accept sender**: Messages from this sender will be exempted from Spam, Spoof, and Bulk dispositions. Refer to [Allow policy configuration use cases](/cloudflare-one/email-security/detection-settings/allow-policies/#use-case-1) for use case examples on how to configure allow policies for accept sender.
25
25
-**Rule type**: Specify the scope of your policy. Choose one of the following:
26
26
-**Email addresses**: Must be a valid email.
27
27
-**IP addresses**: Can only be IPv4. IPv6 and CIDR are invalid entries.
@@ -34,47 +34,48 @@ To configure allow policies:
34
34
35
35
<Detailsheader="Allow policy configuration use cases">
36
36
37
-
The following use cases present some use cases that will show you how to properly configure allow policies.
37
+
The following use cases present some scenarios that will show you how to properly configure allow policies for accept sender.
38
38
39
39
### Use case 1
40
40
41
-
<Exampletitle="Company receives emails from third party providers not used internally. These emails are sent from the service provider, but Email Security gives these emails an incorrect disposition.">
41
+
<Exampletitle="Company receives emails from third party providers not used internally. These emails are sent from the service provider, and Email Security gives these emails an incorrect disposition.">
42
42
This use case can affect companies such as Shopify, PayPal, and Docusign.
43
43
44
44
To solve this:
45
45
46
46
1. Submit a [team submission](/cloudflare-one/email-security/email-monitoring/search-email/#team-submissions).
47
-
2. Inform your Cloudflare account about the escalation.
48
-
3.Avoid setting up allow policies, or blocked senders. In this use case, configuring allow policies will create a security gap. Setting up blocked senders will block legitimate emails from providers such as Shopify, PayPal, and Docusign.
47
+
2. Inform your Cloudflare contact about the escalation.
48
+
3.Do not set up allow policies, or blocked senders. In this use case, configuring allow policies will create a security gap. Setting up blocked senders will block legitimate emails from providers such as Shopify, PayPal, and Docusign.
49
49
</Example>
50
50
51
51
### Use case 2
52
52
53
-
<Exampletitle="Company receives emails via third party providers that are used internally. These emails are sent from the custom domain company, but Email Security marks these emails as bulk, spam, or spoof.">
54
53
55
-
This use case can cause your inbox to receive too many unwanted emails. This use case can affect companies such as Salesforce, Atlassian, and Figma.
54
+
<Exampletitle="Company receives emails via third party providers that are used internally. These emails are sent from the company's custom domain, but Email Security marks these emails as bulk, spam, or spoof.">
56
55
57
-
To solve this, when you add an allow policy in the Zero Trust dashboard, ensure that:
56
+
This use case can cause the emails you want to receive to follow the auto-moves rules you set up. This use case affects emails from internal tools (such as Salesforce, Atlassian, Figma, and more) that are given an incorrect disposition.
57
+
58
+
To solve this, when you add an allow policy in the Zero Trust dashboard:
58
59
59
-
1.You choose**Accept sender**.
60
+
1.Choose**Accept sender**.
60
61
2. Verify that **Sender verification (recommended)** is turned on.
61
62
62
63
</Example>
63
64
64
65
65
66
### Use case 3
66
67
67
-
<Exampletitle="Company receives emails via third party providers that are used internally. These emails are sent from the custom company domain, but Email Security marks these emails as bulk, spam, or spoof. The custom email domain does not support DMARC, SPF, DKIM, and would fail Sender Verification">
68
+
<Exampletitle="Company receives emails via third party providers that are used internally. These emails are sent from the company's custom domain, but Email Security marks these emails as bulk, spam, or spoof. The custom email domain does not support DMARC, SPF, DKIM, and would fail Sender Verification">
68
69
69
-
This use case can affect companies such as Salesforce, Atlassian, and Figma.
70
+
This use case impacts the emails from internal tools (such as Salesforce, Atlassian, Figma, and more) that are given an incorrect disposition.
70
71
71
-
To solve this, when you add an allow policy in the Zero Trust dashboard, ensure that:
72
+
To solve this, when you add an allow policy in the Zero Trust dashboard:
72
73
73
-
1.You choose**Accept sender** based on the static IP you own.
74
+
1.Choose**Accept sender** based on the static IP you own.
74
75
2. Ensure that **Sender verification (recommended)** is turned off.
75
76
76
77
:::caution
77
-
Do not use email addresses or email domains for this case as they can be easily spoofed without **Sender Verification (Recommended)** enabled.
78
+
Do not use email addresses or email domains for this policy as they can be easily spoofed without **Sender Verification (Recommended)** enabled.
0 commit comments