diff --git a/src/content/docs/cloudflare-one/email-security/detection-settings/allow-policies.mdx b/src/content/docs/cloudflare-one/email-security/detection-settings/allow-policies.mdx index 1fa60e7f27d3a5b..9d80804caa57fa9 100644 --- a/src/content/docs/cloudflare-one/email-security/detection-settings/allow-policies.mdx +++ b/src/content/docs/cloudflare-one/email-security/detection-settings/allow-policies.mdx @@ -5,6 +5,8 @@ sidebar: order: 1 --- +import { Example, Details } from "~/components" + Email Security allows you to configure allow policies. An allow policy exempts messages that match certain patterns from normal detection scanning. To configure allow policies: @@ -19,7 +21,7 @@ To configure allow policies: - **Action**: Select one of the following to choose how Email Security will handle messages that match your criteria: - **Trust sender**: Messages will bypass all detections and link following. - **Exempt recipient**: Message to this recipient will bypass all detections. - - **Accept sender**: Messages from this sender will be exempted from Spam, Spoof, and Bulk dispositions. + - **Accept sender**: Messages from this sender will be exempted from Spam, Spoof, and Bulk dispositions. Refer to [Allow policy configuration use cases](#use-case-1) for use case examples on how to configure allow policies for accept sender. - **Rule type**: Specify the scope of your policy. Choose one of the following: - **Email addresses**: Must be a valid email. - **IP addresses**: Can only be IPv4. IPv6 and CIDR are invalid entries. @@ -30,6 +32,56 @@ To configure allow policies: - **Uploading an allow policy**: Upload a file no larger than 150 KB. The file can only contain `Pattern`, `Pattern Type`, `Verify Email`, `Trusted Sender`, `Exempt Recipient`, `Acceptable Sender`, `Notes` fields. The first row must be a header row. Refer to [CSV uploads](/cloudflare-one/email-security/detection-settings/allow-policies/#csv-uploads) for an example file. 6. Select **Save**. +
+ +The following use cases show how you could configure allow policies for accept sender. + +### Use case 1 + + + This use case can affect companies such as Shopify, PayPal, and Docusign. + + To solve this: + + 1. Create a [team submission](/cloudflare-one/email-security/email-monitoring/search-email/#team-submissions). + 2. Inform your Cloudflare contact about the escalation. + 3. Do not set up allow policies or blocked senders. In this use case, configuring allow policies will create a security gap. Setting up blocked senders will block legitimate emails from providers such as Shopify, PayPal, and Docusign. + + +### Use case 2 + + + + + This use case can cause the emails you want to receive to follow the auto-moves rules you set up. This use case affects emails from internal tools (such as Salesforce, Atlassian, and Figma) that are given an incorrect disposition. + + To solve this, when you add an allow policy in the Zero Trust dashboard: + + 1. Choose **Accept sender**. + 2. Verify that **Sender verification (recommended)** is turned on. + + + + +### Use case 3 + + + + This use case impacts the emails from internal tools (such as Salesforce, Atlassian, and Figma) that are given an incorrect disposition. + + To solve this, when you add an allow policy in the Zero Trust dashboard: + + 1. Choose **Accept sender** based on the static IP you own. + 2. Ensure that **Sender verification (recommended)** is turned off. + + :::caution + Do not use email addresses or email domains for this policy as they can be easily spoofed without **Sender Verification (Recommended)** enabled. + ::: + + + +
+ ### CSV uploads You can upload a file no larger than 150 KB. The file can only contain `Pattern`, `Pattern Type`, `Verify Email`, `Trusted Sender`, `Exempt Recipient`, `Acceptable Sender`, `Notes`. The first row must be a header row.