Security and Compliance Dashboard
Posted by Nishi on 24 June 2025
Overview
The security and compliance dashboard in the Zoho Mail Admin console provides an overview of all the recommended security configurations. It displays the overall security and compliance score along with the completion status for each action.
Security and Compliance Score
The security and compliance score assesses your progress in completing the recommended actions to improve your organisation's security. The highest score indicates that your organisation is highly secure against all types of spoofing, account breaches and any data leaks, while the lowest score indicates that your organisation is vulnerable to a security breach. It is recommended to complete all the mentioned actions to keep your data secure.
The security threats that we protect you from include:
-
Spoofing - An email is considered to be spoofed when spammers forge an email address of an organization/ person.
-
Malware - Malware is any file or program that is intentionally designed to harm your computer/ network/ server.
-
Account Breach - Account breach is a security violation that exposes any confidential or sensitive information by an outsider.
-
Data Exfiltration - Data exfiltration is an unauthorised removal or movement of data from a device.
-
Data Leak - Data leak is accidental exposure of sensitive data onto the internet.
Certain security actions will be configured automatically such as MX records, SPF verification, and so on. Click Incomplete to quickly view the list of pending security actions.
Recommended Security Configurations
| Security Parameters | Description |
| DKIM Verification | DKIM is an email authentication method that uses encryption to validate if an email is generated from systems authorized by the domain administrator. Emails are detected as spam in case of DKIM Failure. |
| DMARC Verification | DMARC is an email authentication protocol, which builds on the widely deployed SPF and DKIM protocols. In case of authentication failure, the DMARC policy is set to quarantine. |
| DMARC Policy | DMARC is an email authentication protocol. It builds on the widely deployed SPF and DKIM protocols. Additionally, it includes a reporting function that allows senders and receivers to monitor and protect their domain from fraudulent email. |
| DNSBL Verification | DNSBL is a consolidated blocked list based on user spam marking, abuse patterns, and certain third-party blocklists. Emails are detected as spam if the sending domain/ email address or IP address is present on the blocked list. |
| SPF Verification | Sender Policy Framework, commonly known as SPF, is a text record associated with the domain to identify the servers permitted to send emails using the particular domain name. Emails are detected as spam in the case of SPF Failure and SPF Soft Failure. |
| Suspicious Login Alerts | Suspicious Login Alerts, if enabled send an email alerting users of any unusual logins into their email accounts. |
| Organization-wide TFA | Two-factor authentication is an additional security process to secure organization accounts with the combination of a password and a mobile device. You can choose to enable or disable TFA for your organization. |
| MX Record Configuration | MX records are special DNS Server records that designate recipient email servers for your domain. Configuring MX records for your domain ensures that all emails addressed to your domain are sent to the Zoho servers. |
| SPF Record Configuration | SPF is an authentication mechanism that helps in identifying the IP addresses permitted to send emails using the domain name. |
| DKIM Configuration | DKIM is an email validation system that uses encryption to validate if an email has been sent from authorized servers configured by the administrator of the domain. |
| S/MIME Configuration | Secure/Multipurpose Internet Mail Extensions (S/MIME) provides high-level security to your organization's emails. This encrypts the content of the email using keys, and curbs any misuse. It ensures that only authorized personnel can access your data. |
| No Trusted Senders | Emails from email addresses that are added to the Trusted Emails List get delivered to the mailbox without any spam check. These emails will not be validated for SPF/ DKIM/ blocklist checks. Please be doubly cautious before you add any email address to this list, as it may expose the organization to spam/ phishing attacks using this email address. |
| No Trusted Domains | Emails from domains that are added to the Trusted Domains List get delivered to the mailbox without any spam check. These emails will not be validated for SPF/ DKIM/ blocklist checks. Please be doubly cautious before you add any domain to this list, as it may expose the organization to spam/ phishing attacks using this domain. |
| Cousin Domain Verification | Cousin domains or look-alike domains are spoofed domains with their names similar to valid domains. If you expect a domain to send genuine emails, but want to mark an email from any other variations of the domain name as spam, you can add it in this section. |
| Display Name Verification | You can set up a display name and associate one or more email addresses with this display name. The emails that arrive with other display names, other than the ones added here will be considered fraudulent or spoofed emails. |
| Internationalized Spam Settings | You can allow or reject emails based on the language used in the email. If you allow certain languages, emails sent in those languages will be allowed and all the other emails will be moved to spam. Similarly, if you block certain languages, emails sent in those languages will be moved to spam and other emails will be allowed. |
| Group Privilege Settings | You can choose who can have access to create organization and personal groups under group privileges settings. By default, the super admin will have all the privileges in the organization. |
After you complete the security settings, click the tooltip next to each security Action to view the current configuration. You can modify the settings based on your organization's requirement.
Note:
This security feature will be available only for organizations that are using one of our paid plans.
Was this article helpful?
Subscribe now & Get the latest updates
Zoho Mail Admin Console
Easily manage your organization's email accounts on the go with the Zoho Mail Admin appβavailable for both iOS and Android. This intuitive mobile console empowers administrators to handle user accounts, settings, and security with justΒ aΒ fewΒ taps.
Manage all your organization's email settings easily with the Zoho Mail Admin Console for streamlined control and performance.
Learn MoreCustomize and manage Zoho Application Settings through the admin console for optimal app-level configurations.
Learn MoreFollow the steps to install and configure the Zoho Mail Extension for Plesk, enabling webmail integration and domain-level control.
Learn MoreEnsure GDPR compliance effortlessly by understanding how to handle Zoho Mail Data Subject Requests with step-by-step privacy protocols.
Learn MoreOptimize user provisioning and deactivation workflows with the Zoho User Management Guide.
Learn MoreDeploy the Zoho Mail Plugin for cPanel for centralized management and quick access to email features within your hosting panel.
Learn MoreImplement eDiscovery & Email Retention features in Zoho Mail to meet legal and compliance requirements.
Learn MoreLearn how to handle Zoho Mail & Workplace Subscription Management, including renewals, upgrades, and license allocation.
Learn MoreControl access levels with Zoho Mail Roles & Privileges, defining what users and admins can see or do within the mail system.
Learn MoreEnhance your organizationβs inbox hygiene with Zoho Mail Spam Control Settings that block malicious content.
Learn MoreConfigure your domain and users with this Zoho Email Hosting Setup Guide.
Learn MoreUse the Zoho Mail Migration Wizard to transfer emails, users, and settings easily from other platforms.
Learn MoreSet up IMAP Autodiscovery Settings in Zoho Mail for easier email client integration.
Learn MoreDefine and apply Custom Email Policies in Zoho Mail that enforce organization-wide standards.
Learn MoreAdjust Organization Email Settings in Zoho Mail for user preferences, default policies, and server-level configurations.
Learn MoreSecure Zoho Mail access with the right Firewall Settings configuration using this comprehensive guide.
Learn MoreGet an overview of organizational email performance with the Zoho Mail Organization Dashboard.
Learn MoreResolve Domain Verification Failed in Zoho Mail by identifying possible causes and correcting DNS settings.
Learn MoreStrengthen your organizationβs protection using Zoho Mail Admin Console Security Settings.
Learn MorePlan a successful Email Migration to Zoho Mail with minimal downtime and data loss.
Learn MoreAvoid data loss with reliable Email Backup & Recovery in Zoho Mail, ensuring quick restore options.
Learn MoreIntegrate Zoho Mail with Outlook via the Zoho Mail Outlook Add-In for improved productivity.
Learn MoreStreamline team communication by creating Email Groups or Distribution Lists in Zoho Mail.
Learn MoreUse the Zoho Mail Toolkit for admins to quickly resolve issues, perform diagnostics, and enhance configurations.
Learn MoreTrack email security events through the Zoho Mail Security & Compliance Dashboard.
Learn MoreSearch in Admin Console
Learn how to Search in Zoho Mail Admin Console using quick tips and tricks for efficient navigation.
Learn More