Email Policy Customization


Posted by Nishi on 22 January 2025


Email Policies help the administrators control the organization's email sending and receiving parameters. In Zoho Mail, you can define multiple email policies and apply them to various sets of users and groups. You can define email policies to restrict email access from other devices, other networks and also add account restrictions in the email policies.

It also helps the administrator to define and apply different privilege levels and restrictions to users and groups based on their role, requirement, and permissions in the organization. The different types of policies that can be set using Zoho Mail's secure email policy can be classified based on email and domain, access, account and email forwarding restrictions. 

Zoho Mail applies the default Zoho Mail Business Policy to users and groups on creation. You can create new policies based on your organization's requirement and apply them to specific users and groups.

Steps to define new email policy:

  1. Create a new email policy.
  2. Configure the General Restrictions for the policy.
  3. Add an Email and domain Restriction.
  4. Add an Account Restriction.
  5. Add an Access Restriction.
  6. Add an Email Forwarding Restriction. 
  7. Apply the relevant restrictions to the policy.
  8. Apply the configured policy to users and groups.

Creating a new email policy:

  1. Login to the Zoho Mail Admin Console.
  2. Go to the Mail Settings menu from the left pane and select Email Policy.
  3. You will see the default Zoho Mail Business Policy listed.
  4. Click Create to create a new policy.
  5. Enter a name for the policy that you are going to create, and click Create.
  6. You will now have to define the restrictions that you would like to apply in this policy.

General Restrictions:

  1. In the General tab of a policy that you have created, you can change the name of the policy if required.
  2. Enter the maximum incoming and outgoing email size that you want to allocate for this policy. A maximum of 40MB is permitted. 
  3. Then, enter the number of incoming emails permitted per minute in this policy. A maximum of 100 emails per minute is permitted. 

Email Restrictions

In this section, you can define the allowed or blocked domains, email addresses, attachment types and the subject text for incoming and outgoing emails.

Steps to define new email restrictions:

  1. In the Admin Console, go to the Mail Settings menu. 
  2. Go to the Email Restrictions section.
  3. Click Create and enter a new name for the restriction.
  4. You can define restrictions for domains, email addresses, attachments and email subjects in this section.

Domains

The options available under domain restrictions are:

  • No restrictions
  • Org Domains only - To allow emails only within the organization
  • Blocked domains
  • Allowed domains

You can define the restrictions for incoming emails, outgoing emails or for both. You can allow or block certain domains for incoming and/or outgoing emails.

Allow: When you specify a domain as allowed domain for outgoing, the users and groups for whom the policy is applied will be able to send emails only to those domains. When they send emails to other domains, the outgoing server will reject them and bounce the email back to the sender.Block: When you specify a domain as a blocked domain, emails can be sent to all the domains, other than the ones specified in the blocked domain.Org Domains only: You can also allow email sending or receiving within the organization domains alone. When this restriction is applied, emails cannot be sent outside the organization domains or received from external accounts.

You can choose no restrictions to allow sending and receiving of emails without any domain restrictions.

Email Address

The options available under email address restrictions are:

  • No restrictions
  • Blocked email addresses
  • Allowed email addresses

You can define the restrictions for incoming emails, outgoing emails or for both.  You can allow or block certain email addresses for incoming and/or outgoing emails.

Allow: When you specify an email address as allowed email address for outgoing, the users and groups for whom the policy is applied will be able to send emails only to those email addresses. When they send emails to other email addresses, the outgoing server will reject them and bounce the email back to the sender. The same can be applied to incoming emails as well. When the restriction is applied for incoming, the incoming emails are delivered only from the allowed email addresses. Any email from the other email addresses not specified in the list will be rejected (bounced back). Block: When you specify an email address as blocked email address, the emails can be sent to all the email addresses, other than the one specified in the blocked email addresses.

You can choose no restrictions to allow sending and receiving of emails without any email address restrictions.

Attachment

The options available under attachment restrictions are:

  • No restrictions
  • Blocked attachments
  • Allowed attachments

You can define the attachment type restrictions for incoming, outgoing or for both. You can allow or block certain attachment types for incoming and/or outgoing emails.

Allow: When you specify some attachment types as allowed type for outgoing, the users and groups for whom the policy is applied will be able to send emails only with the specified attachment type. When they send emails with other attachment types, the outgoing server will reject them and bounce the email back to the sender.Block: When you specify a type as blocked attachment type, the emails can be sent with any other attachment, other than the ones specified in the blocked attachment.

You can make sure that attachments with specific file names are blocked or allowed for both the incoming and outgoing emails. 

For example, if you want to specify files with the name check, follow the below instructions:

  1. Select whether you want to apply the attachment conditions for incoming or outgoing.
  2. Once you click on either incoming or outgoing, select the condition you want to apply.
  3. You can choose no restrictions to allow sending and receiving of emails without any attachment restrictions.
  4. If you choose either the Allowed or Blocked option, enter the file name that you would like to specify.
  5. Follow the below convention to mention the file names:Mention check if the file might contain the name checkMention "check" if the name of the file might be checkMention *check if the file name might end with checkMention check* if the file name might begin with check
  6. Mention check if the file might contain the name check
  7. Mention "check" if the name of the file might be check
  8. Mention *check if the file name might end with check
  9. Mention check* if the file name might begin with check
  10. The restriction will be applied according to your specifications.

Subject

The options available under email subject restrictions are:

  • No restrictions
  • Blocked subjects
  • Allowed subjects

You can define the restrictions for incoming, outgoing or for both. You can allow or block certain subjects for incoming and/or outgoing emails.

Allow: When you specify some subjects as allowed email subject for outgoing, the users and groups for whom the policy is applied will be able to send emails only with that subject. When they send emails with other subjects, the outgoing server will reject them and bounce the email back to the sender.Block: When you specify a subject as a blocked email subject, the emails can be sent with any other subject, other than the ones specified in the blocked subject.

Ex: If you specify the word "pharmacy" in the subject, it will block the emails irrespective of where the word appears in the subject. You can choose no restrictions to allow sending and receiving of emails without any subject restrictions.

Account Restrictions

You can define the account-based restrictions in this section. In this section, you can provide permissions to add external accounts as POP in Zoho and options to customize their signatures in Zoho Mail. You can also restrict the import/export of emails by the users and groups. 

Steps to define new account restrictions:

  1. In the Admin Console, go to the Mail Settings menu. 
  2. Go to the Account Restrictions section.
  3. Click Create and enter a new name for the restriction.
  4. You can define account-based restrictions such as external account access, import/export of emails, etc. from this section.

External Accounts Access

By default, Zoho Mail allows users to configure their external accounts via POP or IMAP. As an administrator, if you do not want the users to access their other accounts via POP, you can turn it off in this section. When turned off, the users for whom the policy is applied, will not be able to add the external accounts via POP. 

Signature Customization

Zoho Mail allows the users to configure and use multiple signatures for their accounts. As an administrator, you can turn off the feature. When the option is turned off, the users for whom the policy is applied, will not be able to customize their signatures, from the webmail console. 

Import/ Export Emails

In the webmail and in the Admin Console, users and administrators have a feature to migrate emails in EML or ZIP format using the Import/Export Emails option. For security and privacy reasons, you can choose to turn off this feature for the users through email policy. 

When turned off, the users will not be able to import emails into Zoho Mail or export the emails from Zoho Mail. 

Add to Cloud

Users can save incoming attachments to Zoho Docs and also other cloud services like Google Drive, Dropbox, etc. However, the administrator can turn off the Add to Cloud option using the email policy to not allow users to save attachments to cloud storage. 

Attach from Cloud

Users can attach files from Zoho Docs or other cloud services like Google Drive, Dropbox, etc. to the emails that they are sending. However, the administrator can turn off the Attach from Cloud option using the email policy to not allow users to add attachments from cloud services.

Display BCC

While composing emails, users will have the option to send emails as a Blind Carbon Copy (BCC). However, the administrator can turn off the Display BCC option, to make sure that users do not have the option to BCC email addresses in their emails.

Access Restrictions

You can define the access restrictions in this section. You can provide permissions to access the account via POP, IMAP, and/or ActiveSync. Additionally, you can also decide whether the user can set up email forwarding from the account or not. 

Steps to define new email restrictions:

  1. In the Admin Console, go to the Mail Settings menu. 
  2. Go to the Access Restrictions section.
  3. Click Create and enter a new name for the restriction.
  4. You can define restrictions for domains, email addresses, attachments and email subjects in this section.

POP Access

Zoho Mail allows users to enable their POP access, and retrieve emails via POP in email clients like Outlook, Thunderbird, etc. If you want to enable any access restrictions, you can turn off the POP access for the specific set of users. When turned off, the users, for whom the policy is applied, will not be able to access the Zoho account via POP. If they try to enable POP in webmail, they will receive an error message.

IMAP Access

Zoho Mail allows users to enable their IMAP access, and retrieve emails via IMAP in email clients like Outlook, Thunderbird, etc. When turned off, the users for whom the policy is applied, will not be able to access the Zoho account via IMAP in other clients like iPhone, K9 etc. 

ActiveSync

When turned off, the users for whom the policy is applied, will not be able to access the Zoho account via Active Sync in other clients like iPad, Android etc.

Email Forwarding

When turned off, the users, for whom the policy is applied, will not be able to configure email forwarding from the Zoho accounts to external accounts.

Display POP/IMAP Settings

The POP/IMAP options will be visible to the users in their Settings Page. However, if the admins turn off the Display POP&IMAP Settings option, users will not be able to change their POP/IMAP status. Only the admins will be able to enable/disable POP/ IMAP access for the users' accounts.

Display Email Forwarding Settings

The Email Forwarding options will be visible to the users in their Settings Page. However, if the admins turn off the Display Mail Forward Settings option, users will not be able to change their email forwarding settings. Only the admins will be able to add or remove the email forwarding for the users' accounts.

You can also specify the IP restrictions if any for the users to whom the policy is applied to.

Maximum Session Count

The maximum number of open sessions for a specific user account can be set. Turn on the Max Session Count option and enter the necessary limit. A minimum limit of 1 and a maximum limit of 25 can be set. Once the maximum limit set has been crossed, the user will not be able to log into their account in a new session. The user can close the current sessions and then log in to a new one. 

Mail Client IP Restriction

If you have set up an IP restriction for your users, you can turn on the Mail Client IP Restriction to apply the IP range if external email clients are being used. Users to whom this policy has been applied will be able to access their mailbox only from this IP range, irrespective of whether they are logging in from webmail or external email clients. If an IP range is not set, this IP restriction will not take effect.

Allowed IP Addresses

If you would like to restrict the IP addresses from which users can log in to their accounts, you can set up the IP range in the Allowed IP Addresses section. Users will not be able to log in to their accounts outside this IP range.

Forward Restrictions

If you would like all outgoing emails sent by users to whom this policy is applied to be forwarded to another email address in the organization, you can configure it here.

Steps to define new forward restrictions:

  1. In the Admin Console, go to the Mail Settings menu. 
  2. Go to the Forward Restrictions section.
  3. Click Create and enter a new name for the restriction.
  4. In the Outgoing Email Forwarding Policy field, enter the email address to which all outgoing emails should be forwarded. 

The outgoing emails can be forwarded only to another organization account and not to any external account.

Applying restrictions to the policy:

After you have created all the necessary restrictions, you need to apply them to the relevant policy. 

  1. In the Admin Console, go to the Mail Settings menu.
  2. Go to Policies, and select the policy with which you would like to associate the restrictions.
  3. In the Restrictions dropdown, select Email Restriction.
  4. In the Email Restriction Applied dropdown, select the restriction that you'd like to associate with this policy.
  5. Review the settings once, and click Change.
  6. In the Restrictions dropdown, select Account Restriction.
  7. In the Account Restriction Applied dropdown, select the restriction that you'd like to associate with this policy.
  8. Review the settings once, and click Change.
  9. In the Restrictions dropdown, select Access Restriction.
  10. In the Access Restriction Applied dropdown, select the restriction that you'd like to associate with this policy.
  11. Review the settings once, and click Change.
  12. In the Restrictions dropdown, select Forward Restriction.
  13. In the Mail Forward Restriction Applied dropdown, select the restriction that you'd like to associate with this policy.
  14. Review the settings once, and click Change.

​Now, the relevant restrictions will be applied to the policy that you have created.

​Associate policy with users and groups:

Next, you need to associate this policy with the respective users and groups.

Steps to associate policy with users and groups:

  1. In the Admin Console, go to the Mail Settings menu.
  2. Go to Policies, and select the policy with which you would like to associate users and groups.
  3. Go to the Associated Users tab.
  4. Click Add to manually select the users for this policy. Select the users that you'd like to add, and click Proceed.
  5. Click Import if you'd like to import users for this policy using a CSV file. Browse and select the CSV file containing the user list, and click Import.
  6. Similarly, go to the Associated Groups ​tab.
  7. Click Add to manually select the groups for this policy. Select the groups that you'd like to add, and click Proceed.
  8. Click Import if you'd like to import groups for this policy using a CSV file. Browse and select the CSV file containing the group list, and click Import.
  9. You can also change the policy of users in this section by clicking the Change Policy icon the respective user. You can also select multiple users, click on the Change Policy icon and select the policy you'd like to apply for all the selected users.

You can also apply the email policy for users and groups in the user-specific or group-specific settings, or even at the time of creating the user or group.

Note:

  • You can create multiple policies and apply them to different sets of users or groups, but you can apply only one policy to a particular user or group.
  • If you delete a specific policy, all users or groups under that policy will be moved to the Default Policy.
  • If an admin associates another admin with an email policy, the restrictions in that policy will apply to the admin as well. 
  • The restrictions created by the email policy apply not only in the Mail Settings but in the Mail Admin Console too.

Was this article helpful?

Subscribe now & Get the latest updates

Index / Admin Guide

Zoho Mail provides extensive control panel for the administrators to manage their organization users, email accounts and policies.

Email hosting setup

Zoho Mail Suite provides enterprise features for email hosting to satisfy the needs of organizations of all types and sizes. Zoho Mail provides custom domain-based email address for all members of your organization in no time.

Troubleshooting Domain Verification

When you register the domain with one provider, but point the Nameservers to another provider, then the CNAME/ TXT/ MX/ SPF records added in your Domain Registrar is not considered valid.

Zoho Mail plugin for cPanel

cPanel provides a control panel for domain owners to manage the different aspects of web hosting. Zoho Mail Plugin for cPanel helps you sign up for email hosting with Zoho Mail from within cPanel. This plugin is available under the Email section.

Zoho Mail for Plesk

Plesk is a web hosting platform with a control panel that allows domain owners to manage the different aspects of web hosting. Zoho Mail Plugin for Plesk helps you sign up for email hosting with Zoho Mail from within Plesk. 

Searching Admin Console

Zoho Mail Admin Console provides a centralized interface from where you can manage critical aspects of an organization - the different domains, users, groups, organizational spam control, email policies, to name a few. However, this wealth of information might make navigating through the Admin Console slightly challenging.

Dashboard

The Admin Console Dashboard is the first thing you will see as soon as you login to the Zoho Mail Admin Console. It is a culmination of important data your admin might need at their disposal. You can enable or disable widgets in your dashboard including data on your organization's Email Traffic Stats.

Users

The user details section, provides the list of users already added to the organization. When you click on each user, you can have a detailed view about the particular user. The Admin can also perform a set of actions on the user. The primary email address of the users are listed in the section.

Roles and Privileges

The roles available in Zoho Mail are Super Administrator, Administrator, and User roles. The members of the organizations can assume different roles in Zoho Mail, based on the requirement. The Super Administrator can provide Administrator privileges to other users.

Groups

Groups or Distribution Lists are common email addresses, shared by a set of users for a specific purpose. When an email is sent to the group account, a copy of the email gets delivered to the mailbox of all the members of the Group.

Organization Settings

The administrator can control organization-wide parameters under the Organization section. Settings for the entire organization such as the org name, logo, templates for the welcome email and signature, format for the display name and email address.

Domain Options

Zoho Mail allows organizations to add domains to their organization accounts or even buy domains through Zoho. Your organization members will further be able to send and receive emails using their custom domain-based email addresses in Zoho.

Autodiscovery Settings

The Autodiscovery service ensures that email accounts can easily be configured using the IMAP protocol or on mobile devices using ActiveSync. The procedure varies depending on whether you want to configure it for IMAP or ActiveSync.

Email Policies/ Rules

Email Policies help the administrators control the organization's email sending and receiving parameters. In Zoho Mail, you can define multiple email policies and apply them to various sets of users and groups. 

Advanced Delivery Options

With Zoho Mail, you can redirect or send a copy of an email automatically by configuring Email Routing. Email Routing is helpful in many situations like if you want to automatically send a copy of one user's email to another. 

Security and Compliance Dashboard

The security and compliance dashboard in the Zoho Mail Admin console provides an overview of all the recommended security configurations. It displays the overall compliance score.

Organization Security

Organization accounts hold a lot of sensitive data and there's a need for certain security rules to make sure your data stays safe and is not compromised. The administrator can protect their user and organization data with the help of email security features.

Organization Spam Control

Zoho Mail is a secure email service with a spam control system that provides multiple options to customize the settings such that they suit your organization's needs. 

Zoho Mail Outlook Add-in

Zoho Mail users can now experience enhanced email security and have better control over their preferences with the new Outlook Add-in while using their email client. 

Export User Accounts

The Zoho Mail Admin Console provide options to export or backup users' emails, recover any deleted emails and also retry sending of emails that have failed delivery. 

Data Subject Requests

Organizations deal with an enormous amount of confidential data on a daily basis. So, organizations might receive data subject requests to check for some legal or compliance issues.  

Migration to Zoho Mail

Zoho Mail offers a very simple solution to migrate data from your previous email provider to the respective user accounts in Zoho Mail directly. These user accounts need to be created in Zoho Mail before adding the migration. 

Zoho Exchange Migration Wizard

Zoho user and email migration wizard can be used to discover users and migrate their emails from the Active Directory/ Exchange environment to their accounts in their Zoho Mail organization accounts. 

Application Settings

The administrator can control the settings for other Zoho apps and third-party applications and integrations from the Other App Settings section in the Zoho Mail Admin Console.

Email Retention and eDiscovery

Email retention is the process of retaining emails in an organization for a specific period in an organized manner based on the policies of the organization. 

Email Backup and Recovery

Email backup processes and stores emails in a safe, centralized location that can be retrieved at any point in time. It helps prevent data loss by enabling users to restore email content that has been accidentally deleted or lost.

Reports & Statistics

Zoho Mail has a separate Admin Reports section which comprises of statistics on various aspects of your organization's emailing experience. As an administrator, these reports will help you gain information on all aspects of your organization.

Zoho Toolkit

Zoho Mail provides easy-to-use diagnostic tools to troubleshoot some services. There are options to check the domain and registry details. You can run some basic DNS configuration checks for a specific domain, and analyze message headers.

Subscription

Zoho Mail offers different plans to accommodate different users. One can choose the subscription that would suit their organization from the array of available plans. You can also opt for the mix and match plan to have a tailor-made subscription.

Firewall settings

Configure your firewall settings and allow your organization members to access Zoho Mail without any restrictions. All of the below-mentioned domains have to be whitelisted even if you don't see activity at those addresses.

Have a query or want to discuss ?

Email:

sales@fgrade.com

Call us:

+917569743290