Posted by Nishi on 21 November 2022
Email Policies help the administrators control the organization's email sending and receiving parameters. In Zoho Mail, you can define multiple email policies and apply them to various sets of users and groups. You can define email policies to restrict email access from other devices, other networks and also add account restrictions in the email policies.
It also helps the administrator to define and apply different privilege levels and restrictions to users and groups based on their role, requirement, and permissions in the organization. The different types of policies that can be set using Zoho Mail's secure email policy can be classified based on email and domain, access, account and email forwarding restrictions.
Zoho Mail applies the default Zoho Mail Business Policy to users and groups on creation. You can create new policies based on your organization's requirement and apply them to specific users and groups.
In this section, you can define the allowed or blocked domains, email addresses, attachment types and the subject text for incoming and outgoing emails.
The options available under domain restrictions are:
You can define the restrictions for incoming emails, outgoing emails or for both. You can allow or block certain domains for incoming and/or outgoing emails.
Allow: When you specify a domain as allowed domain for outgoing, the users and groups for whom the policy is applied will be able to send emails only to those domains. When they send emails to other domains, the outgoing server will reject them and bounce the email back to the sender.Block: When you specify a domain as a blocked domain, emails can be sent to all the domains, other than the ones specified in the blocked domain.Org Domains only: You can also allow email sending or receiving within the organization domains alone. When this restriction is applied, emails cannot be sent outside the organization domains or received from external accounts.
You can choose no restrictions to allow sending and receiving of emails without any domain restrictions.
The options available under email address restrictions are:
You can define the restrictions for incoming emails, outgoing emails or for both. You can allow or block certain email addresses for incoming and/or outgoing emails.
Allow: When you specify an email address as allowed email address for outgoing, the users and groups for whom the policy is applied will be able to send emails only to those email addresses. When they send emails to other email addresses, the outgoing server will reject them and bounce the email back to the sender. The same can be applied to incoming emails as well. When the restriction is applied for incoming, the incoming emails are delivered only from the allowed email addresses. Any email from the other email addresses not specified in the list will be rejected (bounced back). Block: When you specify an email address as blocked email address, the emails can be sent to all the email addresses, other than the one specified in the blocked email addresses.
You can choose no restrictions to allow sending and receiving of emails without any email address restrictions.
The options available under attachment restrictions are:
You can define the attachment type restrictions for incoming, outgoing or for both. You can allow or block certain attachment types for incoming and/or outgoing emails.
Allow: When you specify some attachment types as allowed type for outgoing, the users and groups for whom the policy is applied will be able to send emails only with the specified attachment type. When they send emails with other attachment types, the outgoing server will reject them and bounce the email back to the sender.Block: When you specify a type as blocked attachment type, the emails can be sent with any other attachment, other than the ones specified in the blocked attachment.
You can make sure that attachments with specific file names are blocked or allowed for both the incoming and outgoing emails.
For example, if you want to specify files with the name check, follow the below instructions:
The options available under email subject restrictions are:
You can define the restrictions for incoming, outgoing or for both. You can allow or block certain subjects for incoming and/or outgoing emails.
Allow: When you specify some subjects as allowed email subject for outgoing, the users and groups for whom the policy is applied will be able to send emails only with that subject. When they send emails with other subjects, the outgoing server will reject them and bounce the email back to the sender.Block: When you specify a subject as a blocked email subject, the emails can be sent with any other subject, other than the ones specified in the blocked subject.
Ex: If you specify the word "pharmacy" in the subject, it will block the emails irrespective of where the word appears in the subject. You can choose no restrictions to allow sending and receiving of emails without any subject restrictions.
You can define the account-based restrictions in this section. In this section, you can provide permissions to add external accounts as POP in Zoho and options to customize their signatures in Zoho Mail. You can also restrict the import/export of emails by the users and groups.
By default, Zoho Mail allows users to configure their external accounts via POP or IMAP. As an administrator, if you do not want the users to access their other accounts via POP, you can turn it off in this section. When turned off, the users for whom the policy is applied, will not be able to add the external accounts via POP.
Zoho Mail allows the users to configure and use multiple signatures for their accounts. As an administrator, you can turn off the feature. When the option is turned off, the users for whom the policy is applied, will not be able to customize their signatures, from the webmail console.
In the webmail and in the Admin Console, users and administrators have a feature to migrate emails in EML or ZIP format using the Import/Export Emails option. For security and privacy reasons, you can choose to turn off this feature for the users through email policy.
When turned off, the users will not be able to import emails into Zoho Mail or export the emails from Zoho Mail.
Users can save incoming attachments to Zoho Docs and also other cloud services like Google Drive, Dropbox, etc. However, the administrator can turn off the Add to Cloud option using the email policy to not allow users to save attachments to cloud storage.
Users can attach files from Zoho Docs or other cloud services like Google Drive, Dropbox, etc. to the emails that they are sending. However, the administrator can turn off the Attach from Cloud option using the email policy to not allow users to add attachments from cloud services.
While composing emails, users will have the option to send emails as a Blind Carbon Copy (BCC). However, the administrator can turn off the Display BCC option, to make sure that users do not have the option to BCC email addresses in their emails.
You can define the access restrictions in this section. You can provide permissions to access the account via POP, IMAP, and/or ActiveSync. Additionally, you can also decide whether the user can set up email forwarding from the account or not.
Zoho Mail allows users to enable their POP access, and retrieve emails via POP in email clients like Outlook, Thunderbird, etc. If you want to enable any access restrictions, you can turn off the POP access for the specific set of users. When turned off, the users, for whom the policy is applied, will not be able to access the Zoho account via POP. If they try to enable POP in webmail, they will receive an error message.
Zoho Mail allows users to enable their IMAP access, and retrieve emails via IMAP in email clients like Outlook, Thunderbird, etc. When turned off, the users for whom the policy is applied, will not be able to access the Zoho account via IMAP in other clients like iPhone, K9 etc.
When turned off, the users for whom the policy is applied, will not be able to access the Zoho account via Active Sync in other clients like iPad, Android etc.
When turned off, the users, for whom the policy is applied, will not be able to configure email forwarding from the Zoho accounts to external accounts.
The POP/IMAP options will be visible to the users in their Settings Page. However, if the admins turn off the Display POP&IMAP Settings option, users will not be able to change their POP/IMAP status. Only the admins will be able to enable/disable POP/ IMAP access for the users' accounts.
The Email Forwarding options will be visible to the users in their Settings Page. However, if the admins turn off the Display Mail Forward Settings option, users will not be able to change their email forwarding settings. Only the admins will be able to add or remove the email forwarding for the users' accounts.
You can also specify the IP restrictions if any for the users to whom the policy is applied to.
The maximum number of open sessions for a specific user account can be set. Turn on the Max Session Count option and enter the necessary limit. A minimum limit of 1 and a maximum limit of 25 can be set. Once the maximum limit set has been crossed, the user will not be able to log into their account in a new session. The user can close the current sessions and then log in to a new one.
If you have set up an IP restriction for your users, you can turn on the Mail Client IP Restriction to apply the IP range if external email clients are being used. Users to whom this policy has been applied will be able to access their mailbox only from this IP range, irrespective of whether they are logging in from webmail or external email clients. If an IP range is not set, this IP restriction will not take effect.
If you would like to restrict the IP addresses from which users can log in to their accounts, you can set up the IP range in the Allowed IP Addresses section. Users will not be able to log in to their accounts outside this IP range.
If you would like all outgoing emails sent by users to whom this policy is applied to be forwarded to another email address in the organization, you can configure it here.
The outgoing emails can be forwarded only to another organization account and not to any external account.
After you have created all the necessary restrictions, you need to apply them to the relevant policy.
Now, the relevant restrictions will be applied to the policy that you have created.
Next, you need to associate this policy with the respective users and groups.
You can also apply the email policy for users and groups in the user-specific or group-specific settings, or even at the time of creating the user or group.
Note:
Was this article helpful?
Subscribe now & Get the latest updates