How can we help?
< All Topics
Print

Email Security Complete Guide

CTS Email Security protects you with a two layer filtration system backed by our partners Barracuda and Avanan. Understanding the basics on how to use these filters will not only help you improve their effectiveness overtime, but will also insure important communications are not missed.

 

Barracuda

 

Introduction and Basics

CTS Cloud security partner, Barracuda, provides the first line of defense against malicious emails. They are an industry leader when it comes to the speed and frequency of updates to their threat-detection algorithms.

 

Essentials Overview

What does Barracuda do?

Barracuda quickly filters and sanitizes every email before it is delivered to your inbox to protect you from email-borne threats, such as viruses and malware. Barracuda will allow safe emails into your inbox and block anything it deems unsafe. If Barracuda is unsure about the safety of an email, it lists it as “quarantined” and sets it aside for you to review.

Note: Barracuda’s AI is very intelligent, but it could still flag legitimate emails as unsafe. This is why taking a look at your daily quarantine digests is highly recommended. By releasing emails, you will train and improve Barracuda’s function.

 

What does Quarantine mean?

Most of your interaction with Barracuda regards emails with “quarantined” status.  Simply put, a quarantined email is an email that is suspicious and requires your review.  Quarantined emails are not allowed into the inbox until manually released by a user, which can be done a few different ways. Quarantined emails are automatically deleted after 30 days unless released.

You can access the complete list of quarantined emails at any time through the Quarantine Portal or view newly quarantined emails in the Quarantine Summary email notifications.  A user must set up their Barracuda account in order to release any emails. If you’re expecting an email but it doesn’t arrive in your inbox, it’s likely stuck in quarantine.

There are other categories Barracuda uses to sort emails: Blocked, Deferred, Allowed, and UI Delivered. Emails sorted under these other categories have specific implications and can only be accessed through the Quarantine Portal. More information on that here.

Learn More!

Barracuda is a powerful tool and has many features! We’ve listed the key features in this guide and included a troubleshooting guide for your convenience. As always, if you have any questions that are not covered in this document, please do not hesitate to reach out to support@ctsitcare.com.

 

Sign in to your Barracuda Portal

Your Barracuda Account is integrated with your Microsoft 365 Email account credentials. This makes the sign in process easier.

  1. Go to ess.barracudanetworks.com and enter your email address in the field.
  2. The next page will redirect you to a Microsoft login page. Enter the password you use for your email address.
  3. If this is your first time, it may ask you to accept permissions. Please agree to all permission requests to proceed.

 

Message Log Overview

Portal Link: ess.barracudanetworks.com

The Message Log is for viewing all emails (allowed, blocked, or otherwise) in one space. It is the easiest place to adjust permissions for emails and see the large picture of your email security.

To Access, go to ess.barracudanetworks.com and login with your credentials.

By default, Barracuda will show you the last 2 days of quarantined emails. To filter emails, use the filter options provided. See filter definitions here:

All All emails, delivered and undelivered.
Allowed All delivered emails.
Not Allowed All undelivered messages. Includes blocked, deferred and quarantine.
Quarantined Email is possibly spam/suspicious. Requires review.
Blocked Emails blocked due to CTS Security Policies.
Deferred Email was marked Spam/Suspicious for multiple reasons. High risk.
UI Delivered Emails delivered due to Admin Whitelist status.

 

Shown above: How to toggle between message filters

 

Quarantine Summary Emails

Barracuda sends notifications twice a day (except weekends) to let users know that they have quarantined messages (see image below). These notifications list all emails that were newly quarantined from your inbox. Emails listed in the summary are automatically deleted after 30 days unless released. If no emails were quarantined, you will not receive this email. See image below for an example of how the emails look like.

It is important to note that only “quarantined” messages are listed on the email summaries. Emails sorted under other categories can only be accessed through the Quarantine Portal.

 

Shown above: Example Quarantine Summary Email

 

Release and Deliver Emails

There are two methods of releasing quarantined emails: through the portal or via quarantine summary emails. Email that have been categorized as “Blocked” or “Deferred” can only be released through the Portal.

Via Quarantine Portal (All Emails)
  1. Go to barracudanetworks.com
  2. Select the email in question and select [Load Remote Content] to view. Always verify the content of the email you want to receive.
  3. Select [Deliver] from available options
  4. If selecting more than one email, select each checkbox and then click [Deliver]. That’s it!

Note: Released emails may take a few minutes to appear in your inbox.

Via Quarantine Summary Email Notifications (Only Quarantined Emails)
  1. Click on [Deliver] next to the email information. This process may take a while before you see the email on your inbox.

 

Allow List Emails/Domains

Warning: Please use with caution as Allow List bypasses our security system for the specified sender/domain. This means that if an Allow Listed sender is hacked and is sending malicious emails, our system will skip any/all security checks and their emails will be allowed into your inbox.

Via Quarantine Portal (All Emails)
Method 1

When reviewing an email in the Quarantine Summary, you can select [Allow List] to add the email address to the allow list and deliver the quarantined email.

 

Method 2

While in the Quarantine Summary, select [Settings] then [Sender Policy]. Enter the sender’s domain or email address and select [Exempt] to Allow List the sender.


Via Quarantine Summary Email Notifications (Only Quarantined Emails)

When viewing the email digest, there is an option to whitelist the email. Please select [Allow List] and this will automatically add the email address to the allow list policy.

 

Block Emails / Domains

There are multiple ways to block emails or domains using the portal. See steps below.

Method 1

When reviewing an email in the portal, you can select [Block] to add the email address or domain to the block list.


Method 2

While in the Quarantine Summary, select [Settings] then [Sender Policy]. Enter the sender’s domain or email address and select [Block] to block the sender.

 

Troubleshooting

Please use the following troubleshooting guides if you are having issues.

Expected email hasn’t arrived in your inbox
Check your Quarantine Portal! The email has likely been quarantined.

Emails are blocked, and redelivery keeps failing.
Please contact us at support@ctsitcare.com so we can investigate the email. In most cases, this is due to the domain being found on a global blacklist or content inside the email containing a virus.

Emails from a trusted sender keeps getting blocked, even after whitelist
Please contact us at support@ctsitcare.com. Most cases, this is due to email addresses being on global blacklist.

A sender notified me that their email is getting blocked, but I don’t see the email in my Quarantine Summary.
Barracuda by default won’t show you Blocked emails in the email digest. Instead, please log in to the Quarantine Portal and filter by blocked emails. This way, you should be able to locate the email in question and submit for delivery.

Additional Resources

Onboarding Video
Are you a visual learner? Then check out this short video we put together summarizing the content of this document!

Email Encryption
Barracuda can also encrypt your emails, therefore allowing you an extra secure way to send sensitive information. Check out this video to learn more!

 

 

Avanan

 

Introduction and Basics

Avanan scans emails after they have passed through Barracuda, but before they land in the inbox. Its threat detection AI is among the best in the industry, and we have been training it for two weeks to learn about your unique email flow. Much like Barracuda, suspicious emails are marked with various flags to indicate their suspected threat. Please familiarize yourself with the following flagged statuses:

Flag Types

Phishing Attack

These emails pretend to be from a legitimate source with the intention of stealing your information. You can read more about phishing attacks here. When an email is flagged as a phishing attack, it will be quarantined. You will receive an email with an option to restore it. It is very rare for a legitimate email to be flagged as a phishing attack. When in doubt, we suggest following the steps below before restoring such email from the quarantine:

  1. Contact the sender directly and ask if they sent you this email.
  2. If you are still in doubt after checking with the sender, you can forward the quarantine notification to our support team at support@ctsitcare.com for further review. 
Suspected Phishing Attack

An email that is not positively identified as a phishing attack may be flagged as a suspect based on various factors. These emails will get delivered to your inbox with a warning header. If and when you receive such emails, please be extra cautious when interacting with their content. When in doubt, you can always follow the steps below:

  1. Contact the sender directly and ask if they sent you this email.
  2. If you are still in doubt after checking with the sender, you can forward the quarantine notification to our support team at support@ctsitcare.com for further review. 
Malware Attack

These are emails with malicious file attachments. You can read more about malware here. Such attacks are extremely dangerous and can cause irreversible damage very quickly. When an email is flagged as a malware attack, it will be quarantined. You will receive an email with an option to request restore from an admin. If you receive a such notification, we suggest following the steps below:

  1. Contact the sender directly and ask if they sent you this email
  2. If email seems to be legitimate, you can request a restore of this email and one of our team members will inspect then release it to your inbox
Suspected Malware Attack

An email that is not positively identified as a malware attack may be flagged as suspect based on various factors. When an email is flagged as a suspected malware attack, it will be quarantined. You will receive an email with an option to restore it. When in doubt, we suggest following the steps below before restoring such email from quarantine:

  1. Contact the sender directly and ask if they sent you this email.
  2. If you are still in doubt after checking with the sender, you can forward the quarantine notification to our support team at support@ctsitcare.com for further review.
Spam

As a bonus, CTS advance protection will insert [SPAM] in the subject header of any email flagged as spam when delivering it to your inbox.

 

User Experience

 

Quarantined Emails with Self Restore

Email flagged as phishing attacks or suspected malware attacks will be quarantined from your inbox. A notice of this quarantine will be sent to your inbox. In these notices (see image below) the subject is replaced with a quarantined notice and the original subject is provided in brackets. The body of the message is stripped and replaced with a warning to the user. The attachment (if any) is also stripped and noted in the replaced body.  If a false positive is suspected, the user can release the quarantined email using the link. If released, the original email and attachment will be immediately delivered back to the inbox.

 

Quarantined Emails with Admin Restore Request

Email flagged as malware attacks will be quarantined from your inbox. A notice of this quarantine will be sent to your inbox. In these notices (see image below) the subject is replaced with a quarantined notice and the original subject is provided in brackets. The body of the message is replaced with a warning message to the user along with a link to request release of the email. The attachment (if any) is also stripped and noted in the replaced body. If a false positive is suspected, the user can request the release the quarantined email using the link. If released, the original email and attachment will be delivered back to the inbox once approved by a CTS admin.

 

Emails Flagged with a Warning Header

Email flagged as suspected phishing attacks will be delivered to your inbox with a warning header. The contents of the warning header will change based on the detected threat. In these notices, users are warned of the potential risks detected in the email by an embedded banner that explains the nature of the risk. Clicking “Yes” will whitelist the sender. Clicking “No” will alert the system that the email should continue to be flagged as a security event.

 

Emails Flagged as Spam

Email flagged as spam will be delivered with [SPAM] in the subject header.

Table of Contents

Let us help you!






    MicrosoftGoogle

    This site is protected by reCAPTCHA and the Google
    Privacy Policy and
    Terms of Service apply.