In the SafeSend Cloud admin console, you gain centralized control over your entire organization's email security. This is where you configure your desired policies, rules, and user assignments. Each SafeSend policy provides comprehensive, per-policy control over critical settings, such as Global and Advanced settings, Data Loss Prevention (DLP), Encryption, and Override Text Strings.
Create a Policy
Before you create any custom policies, there is a Default Policy that you can use as-is, or as a starting point to customizing your own policy, by clicking Clone. You might want to do this if you need a functional template quickly. Cloning saves you from manual data entry by pre-populating the standard rules, so you only have to focus on the unique changes your team requires.
If you prefer to configure your policy options from scratch, the following instructions will walk you through the process step-by-step. These steps assume you are already logged in to the SafeSend Cloud web console.
To create a new policy:
Navigate to Manage >Policies > + Add Policy
Name your policy in a way that appropriately describes it and click Save
Once your policy is created, find it in the list and click the name of the newly created policy to open and configure it
Review the table below to learn about policy options
Policy Option
Description
Global
Under Global, you'll see where you can edit the policy name and optional description.
Other options include:
Enable SafeSend in Outlook for Mac, Outlook for Windows, or Outlook Web Access; these are all disabled by default
Safe Domains allows you tospecify the domains that SafeSend should trust
Listing a domain (e.g., mycompany.com) makes all its sub-domains safe (e.g., it covers name@mycompany.com and name@research.mycompany.com)
Bypass SafeSend when email is from allows you to specify what email addresses are considered safe for your organization
Include Email-X-Header adds the ‘x-header: SafeSend' to all emails to verify that all computers have SafeSend installed; this setting is disabled by default
Add customized footer to all email messages; this setting is disabled by default
Unencrypted Attachments determines the action SafeSend should take when these are detected; this is set to Ignore by default
Block Sending adds forbidden email addresses to prevent deliveryto specific email addresses
Block sending to distribution lists; this is disabled by default
Confirm attachments to all external email addresses; this is disabled by default
Confirm all emails sent to external email addresses; this is enabled by default
Confirm internal emails on multiple domains; this is disabled by default
Confirm external emails to multiple domains; this is disabled by default
Add internal email addresses that you want SafeSend to treat as though they are external email addresses
Advanced
Under Advanced, you'll find the following options:
Warn user if recipient CC or BCC count exceeds a specific number set by your admin; this is set to 0/disabled by default
Enable recipient attachment removal, allowing the end user to remove individual recipients or attachments; this is enabled by default
Confirm attachments that are being sent to internal recipients; this is disabled by default
Popup for BCC warning displays the SafeSend popup when there are email addresses in the BCC field; this is enabled by default
Popup for matching recipients regular expression string displays the SafeSend popup for matching recipients regardless of other configurations
Treat matching Exchange distribution list names as external ignores that the added distribution lists have internal/safe domains and SafeSend scans those emails
Enable safe domains list as block list instead of allow list; this is disabled by default
DLP
DLP (Data Loss Prevention) scans emails and attachments for specific client keywords or regular expressions, then requires user confirmation before the email is sent.
Policy-based DLP settings include:
Client keyword disable confirm is used if you don't want to require your users to type CONFIRM when there are Client Keyword matches; this is disabled by default
Content scanning maximum file size allows you to limit the size of attachments that will be scanned by SafeSend's DLP feature; this is set up 10MB by default and is written in bytes
Content scanning timeout allows you to edit the default timeout value for SafeSend's content scanning feature; this is set to 30 seconds by default and is written in milliseconds
DLP scan password protected attachments prompts users to provide the password for attached zip files so that SafeSend can scan the contents of the protected attachment; this is enabled by default
Enable including matched text in reports shows DLP match results from all reports to avoid exposing sensitive information; this is enabled by default
SafeSend provides the trigger mechanism to initiate encryption based on your business rules. Your organization must still provide and maintain its own encryption service to secure the actual message.
Encryption options include:
Ask to encrypt when email has determines if SafeSend prompts for encryption based on specific message content
User’s default encryption choice sets the pre-selected action presented to the user during the send process
Trigger: Subject Prefix defines a specific word or tag in the subject line that automatically enables encryption
Trigger: X-Header identifies a specific metadata header used to signal that the email requires encryption
Strings
Under Strings, you can override any text string that applies specifically to the assigned users in your policy.
Policy link provides a URL to the organization's official email or privacy policy for user reference
Enable localized language allows the SafeSend interface to automatically adjust based on the user's regional settings
Force language ensures the interface remains in one specific language regardless of the user's system locale
String Overrides permits the customization of specific text elements or labels within the SafeSend prompt
When you are done configuring your policy, click Save at the top
