Mail Security FAQ

Securepoint Mail Security offers (in addition to a UTM) ATP, S/MIME, DDoS protection, Post-Incident Management, Advanced URL-Defence, and comprehensive virus analysis in '.exe' or '.zip' files.

The abbreviation stands for Advanced Persistent Threat (APT) and Advanced Threat Protection (ATP). This refers to a sandbox environment used for additional testing of files that Securepoint initially does not classify as viruses. The files are executed, and their behavior is analyzed by the ATP. Depending on this behavior, the files can then be identified as viruses. This provides additional protection against new, unknown viruses or malware.

Yes, the infrastructure of Securepoint Mail Security is designed to handle a large number of emails and can thus better withstand a DDoS attack.

If a delivered email or its attachment is identified as dangerous within 7 days, the sender will receive a notification.

Links in an email are checked before the email is delivered. If the address is identified as dangerous, access to it . Additionally, links in emails are replaced by a redirect through our Mail Security servers (rewrite). This ensures that even later accesses are checked to see if they are no longer considered safe.

For example, www.anyideas.de becomes https://cloud.mymailwall.com/m/www.anyideas.de
This way, the original address remains recognizable.

etection is based on the structure of the file. MIME type or file extension does not matter.
Zip files are unpacked, and the contained files are checked individually.
For password-protected files, an attempt is made to guess the password using known password lists or words and word combinations from the email. (Phishing emails often contain a password-protected attachment to evade virus detection. However, the password is then usually provided in plain text in the email so the user can still open the attachment with the virus.)

To use Securepoint Mail Security, you need to change the MX record of your email domain to mx.mymailwall.com and provide Securepoint with the server IP (or DNS name) of your email domain to complete the forwarding.

Changes usually take effect within five minute

Domains that send via Securepoint Mail Security are checked to see if they have an SPF record and, if so, whether it includes mymailwall.com.

An SPF record specifies which servers are allowed to send using the domain names. This prevents domain abuse by not accepting emails from senders not included in the DNS record.

If an email is rejected due to SPF, it is initially not accepted. In this case, an SPF allowlist entry must be made for the domain. The sender must then resend the email.

When Securepoint Mail Security greylists a message, it responds to the sending mail server with a temporary rejection message, prompting the sender to try again. If another attempt is made to send an email with the same data combination, the email will be accepted. Whether and when another attempt is made depends solely on the sender.

Yes, you can enter a second target server to be used as a backup.

Outlook requests a DSN directly from the receiving mail server.
However, when using Securepoint Mail Security, we act as an SMTP relay in front of the destination server. The DSN request from Outlook does not reach the final mail server in its original form.
Therefore, the destination server does not generate a delivery confirmation.

Securepoint Mail Security also does not generate such reports because we are not the final recipient.

This means that emails are fully delivered and processed correctly, but the "delivery confirmation" mechanism via a mail security gateway cannot function.

This behavior is normal for upstream relays.

The spam filters determine the parameters within which an email is identified as possible spam or spam. The default settings are our recommended settings. They should be tested first and only changed when you are certain about the required settings.

Our default setting marks emails as spam and/or possible spam. This ensures that new customers can review and adjust their settings without worrying about missing an email.

The virus filter can be configured to determine what happens to an email containing a virus.

With the default setting, the virus is removed from the email, while other attachments and the email itself are still delivered.

Note that in this case, the email is no longer checked for spam, as an email with a virus is always classified as spam.

If this should no longer happen, it can be set in the Mail Security Portal under mail.security Incoming in the Settings → Virus Filter option Action for infected email.

This means that all executable files in email attachments are identified as viruses.

If they are attached directly, not only the file extension is checked, but the file is analyzed so that renamed files are also detected.

If files are contained in a password-protected archive, they are only recognized by their file extension.

Any virus detected by Securepoint Mail Security is sent to this mailbox if the program is configured accordingly. The virus file is sent in a password-protected archive, with the password provided in the email. The virus file is also modified so that it cannot be executed unintentionally.

This can have multiple sources of error. Therefore, it is best to check the log messages.

Using the interface to access the log file, you can search for every email accepted by the Securepoint Mail Security system.

If an email has been received, you can find the status of the email. The following status values are available:

• Delivered: Email was sent to the next server
• Delivery failure: Delivery to the destination server failed
• In queue: Transmission to the next server is still pending
• Rejected: The email was rejected due to spam/virus/attachment.

Emails can be resent directly from the log file.

Additionally, there are still emails that are rejected by the system. This happens if the sender's domain is not authorized by SPF (Sender Policy Framework).

S/MIME serves as an add-on to Securepoint mail.security and therefore cannot be purchased separately.

S/MIME certificates can only be requested for domains whose MX record points to mx.mymailwall.com and which are set up in an incoming route.

Only emails sent via Securepoint Mail Security/mymailwall are provided with an S/MIME certificate.

Under the menu item mail.security > S/MIME, you will find a list of your mailboxes. Here you can activate one, several, or all mailboxes. Signing and encryption are then carried out automatically according to the rules you have set when sending emails via Securepoint Mail Security/mymailwall.

The mailboxes must be set up as known mailboxes in an incoming route. Mailboxes captured in a wildcard route are not displayed.

The license is acquired cross-domain, similar to Securepoint Mail Security, and can therefore be used for any number of domains.

Please contact Securepoint Support.

Downloading S/MIME certificates is not technically provided for security reasons.

Within your existing license, you can upload any number of existing (third-party) certificates, which are then managed and used like Securepoint S/MIME certificates. Please note that these also count as licenses and thus reduce your available quota.

These are mailboxes that have been deactivated. This status remains for up to 14 days until the status changes to "Inactive" (EN) / "Inaktiv" (DE) and the license becomes available again.

No. The S/MIME license can be smaller than or equal to the Securepoint mail.security license.

Securepoint S/MIME licenses automatically receive the same validity period as your existing Securepoint Mail Security license. Technically, these are 1-year certificates, but they are automatically renewed without additional costs (within the existing license).

The S/MIME certificates are issued by the European certification authority Certum. Certum is included in the Adobe Approved Trust List (AATL), an exclusive list of trusted certificate issuers.

Email encryption is part of Securepoint S/MIME and is included in the price of Securepoint S/MIME licenses. Securepoint S/MIME can be obtained by all Securepoint mail.security users.

Encryption can be applied to all mailboxes managed with Securepoint mail.security with an active Securepoint S/MIME certificate. Please note that with enforced encryption for outgoing emails (Outbound), mailboxes without a valid Securepoint S/MIME certificate affected by this rule cannot send emails! Optional decryption is also applied to mailboxes without a Securepoint S/MIME certificate.

A prerequisite for encrypting emails is an active certificate and the recipient's public key. The keys are automatically exchanged and stored via an unencrypted but signed email.

A prerequisite for all rule variants for incoming emails (Inbound) is an existing certificate for the receiving mailbox. Optional decryption is also applied to mailboxes without a Securepoint S/MIME certificate.

Yes, S/MIME certificates not obtained via Securepoint can also be managed in Securepoint Mail Security. They can be uploaded under the S/MIME menu item in the Securepoint portal. They have the same functionality as Securepoint S/MIME certificates and are counted towards your Securepoint license quota.

All users of the Securepoint portal with write permissions can create or change rules.

It can take up to 10 minutes after creating/editing a rule for it to be considered when sending/receiving.

Which emails were encrypted, decrypted, or signed can be viewed in the email overview under the Securepoint Mail Security menu item. It is also possible to filter by status.

S/MIME uses asymmetric encryption. The recipient's public key is used to encrypt content, which can only be decrypted again with the private key.

The public keys required for encryption can be exchanged via an unencrypted, signed email. Securepoint Mail Security automatically extracts and stores the key.

ATP stands for Advanced Threat Protection and refers to an approach in information security that focuses on detecting and defending against advanced threats and attacks designed to bypass traditional security measures such as malware scanners and firewalls.

In addition to the analysis methods of the malware scan engine based on signatures, content, and behavior, Securepoint Mail Security with ATP uses signatureless methods and sandboxes from various leading sandboxing providers.

All types of attachments are specifically examined for hidden attacks and are test-executed in connection with various combinations of operating systems and applications, including different web browsers and plugins such as Adobe Reader or Flash.

This allows even attacks designed to bypass traditional security solutions to be detected.

Only data for which the malware scan engine cannot reach a reliable conclusion is forwarded and analyzed again in parallel—these are in the per mille range of the total data volume. As a result, analyses usually run as quickly as usual and are barely noticeable in terms of time. However, depending on the scope of the ATP analysis, individual elements may take up to ten minutes to process

The data identified as threats during the ATP analysis are displayed. They appear in the email search with the label "Infected (ATP)."

The sandboxes of our technology partners are installed in the German-speaking region. This ensures that all data—only metadata, attachments, or scripts are sent—remains within the EU.

European and German data protection laws (GDPR) apply.

While the sandboxes continuously receive updates from their manufacturers, they are isolated in such a way that they cannot establish any external connections themselves.