How to Use Safelists and Blocklists in IronPort Anti-Spam

Using Safelists and Blocklists

You can create safelists to ensure that messages from certain senders are not scanned with anti-spam scanning engines, and you can use blocklists to ensure that messages from certain senders are not delivered to your inbox. For example, you may receive email from a mailing list that no longer interests you. You may decide to add this sender to the blocklist to prevent these emails from getting delivered to your inbox. On the other hand, you may find that emails from specific senders get sent to your Spam Quarantine when you don't want them to be quarantined. To ensure messages from these senders are not scanned with anti-spam scanning engines, you may want to add the senders to your safelists.

NOTE: Safelist/Blocklist settings are contingent on other settings configured by the system administrator. A safelisted message may not be delivered to your inbox if it is determined to be virus-positive, or if the administrator determines that the content does not conform to company email policies.

Also, your administrator may modify safelists and blocklists for all users including you.

Accessing Safelists and Blocklists

To modify safelists and blocklists, you need to log into your account if your account is authenticated using LDAP or Mailbox (IMAP/POP) authentication. If you do not know your login, check with your system administrator. You must log into your account even if you are accustomed to accessing your messages via a link in a spam notification (which usually doesn't require authentication). However, you can still view the messages in your Spam Quarantine without logging into your account.

Adding Entries to Safelists and Blocklists

Entries can be added to safelists and blocklists using the following formats:

  • user@domain.com, user@[10.1.1.0], or user@[ipv6:2001:420:80:1::5]
  • server.domain.com
  • domain.com, [10.1.1.0], or [ipv6:2001:420:80:1::5]

You cannot add a sender or domain to both safe and block lists at the same time. However, if you add a domain to a safelist and a user for that domain to the blocklist (or vice versa), the Cisco appliance applies both rules to incoming mail. For example, if you add example.com to the safelist, and add george@example.com to the blocklist, the Cisco appliance delivers all mail from example.com without scanning for spam, but will treat mail from george@example.com as spam. You cannot allow or block a range of sub-domains using the following syntax: .domain.com. However, you can explicitly block a specific domain using the following syntax: server.domain.com.

Working with Safelists

You can add senders to safelists in two ways. From the Spam Quarantine, you can manually add a sender to the safelist by selecting Options > Safelist. Then, add an email address or domain to the list, and click Add to List.

You can also add senders to the safelist if a message from the sender has been sent to the end-user quarantine. If the message from a given sender is sent to end user quarantine, you can select the checkbox next to message, and choose "Release and Add to Safelist" from the drop-down menu.

Working with Blocklists

You can use blocklists to ensure that you never receive mail from specified senders. To add senders to a blocklist, you select Options > Blocklist from the end-user quarantine. From the end-user quarantine, you can enter an email address or domain in the field, and click Add to List. When the Cisco appliance receives mail from the specified email address or domain that matches an entry in the blocklist, it quarantines or rejects the email. The mail is rejected or quarantined depending on the safelist/blockist action settings configured by your administrator.