Email Address Registration Administrator Guide Address Registration Administrator Guide Documentation version: 1.0 Legal Notice Legal Notice Copyright © 2013 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo and are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if any. Symantec Corporation 350 Ellis Street Mountain View, CA 94043 http://www.symantec.com Clients are advised to seek specialist advice to ensure that they use the Symantec services in accordance with relevant legislation and regulations. Depending on jurisdiction, this may include (but is not limited to) data protection law, privacy law, telecommunications regulations, and employment law. In many jurisdictions, it is a requirement that users of the service are informed of or required to give consent to their email being monitored or intercepted for the purpose of receiving the security services that are offered by Symantec. Due to local legislation, some features that are described in this documentation are not available in some countries. Configuration of the Services remains your responsibility and entirely in your control. In certain countries it may be necessary to obtain the consent of individual personnel. Symantec advises you to always check local legislation prior to deploying a Symantec service. You should understand your company’s requirements around electronic messaging policy and any regulatory obligations applicable to your industry and jurisdiction. Symantec can accept no liability for any civil or criminal liability that may be incurred by you as a result of the operation of the Service or the implementation of any advice that is provided hereto. The documentation is provided "as is" and all express or implied conditions, representations, and warranties, including any implied warranty of merchantability, fitness for a particular purpose or non-infringement, are disclaimed, except to the extent that such disclaimers are held to be legally invalid. Symantec Corporation shall not be liable for incidental or consequential damages in connection with the furnishing, performance, or use of this documentation. The information that is contained in this documentation is subject to change without notice. Symantec may at its sole option vary these conditions of use by posting such revised terms to the website. Technical support If you need help on an aspect of the security services that is not covered by the online Help or administrator guides, contact your IT administrator or Support team. To find your Support team's contact details in the portal, click Support > Contact us. Address Registration This document includes the following topics: ■ About Address Registration ■ Registering addresses step-by-step ■ Locating address registration in the portal ■ Creating an address list in a spreadsheet or text editor ■ Managing registered addresses manually ■ Extracting email addresses with the synchronization tool ■ Extracting the address list from a mail server ■ Reviewing an address list ■ Uploading addresses to the infrastructure using the portal ■ Uploading addresses to the infrastructure using the synchronization tool ■ Maintaining an address list ■ Merging or replacing an existing address list ■ Automatic outbound address harvesting ■ Activating Address Registration About Address Registration Address Registration operates at the perimeter of the email services infrastructure alongside other protective and validation technologies such as traffic shaping and connection management. 6 Address Registration Registering addresses step-by-step Address Registration is used to reject any email sent to an address in your domains that does not appear in a database of known valid email addresses. Any email sent to an unregistered address is not accepted and gives rise to an SMTP 550 error. This error indicates to the sending mail server that the address is invalid. The process involved in using Address Registration is first to define a list of valid addresses, then to upload the addresses to the email services infrastructure. You can then review the addresses in the portal. By using Address Registration, you should see a significant drop in detected spam. Warning: You must provide one address list for each domain or subdomain that is provisioned to use the Email Services. Registering addresses step-by-step The following table provides an overview of the process for registering the lists of valid email addresses for your organization's domains. Table 1-1 Step Further Information Define list(s) of the valid email You can generate the list(s) by the following addresses for each of your domains and methods: subdomains. ■ Enter the email addresses manually through the portal. See “Managing registered addresses manually” on page 9. ■ Create the list manually using a spreadsheet or text editor. See “Creating an address list in a spreadsheet or text editor” on page 8. ■ Extract the user list using the Address Synchronization Tool. See “Extracting email addresses with the synchronization tool” on page 10. ■ Extract the list directly from your mail server. See “Extracting the address list from a mail server ” on page 11. Address Registration Locating address registration in the portal Table 1-1 (continued) Step Further Information Upload the list(s) to the email services Use one of the following methods: infrastructure. ■ Use the upload facility in the portal See “Uploading addresses to the infrastructure using the portal” on page 16. ■ Use the Address Synchronization Tool See “Uploading addresses to the infrastructure using the synchronization tool” on page 17. Review the list(s) in the portal See “Reviewing an address list” on page 15. Activate Address Registration. See “Activating Address Registration” on page 20. Maintain your list of addresses. Several options are available to maintain valid address lists: Adding and deleting addresses manually See “Managing registered addresses manually” on page 9. ■ Using the upload functionality in the portal to merge or replace an existing list See “Merging or replacing an existing address list” on page 18. ■ Keeping your addresses synchronized using the Address Synchronization Tool See “Uploading addresses to the infrastructure using the synchronization tool” on page 17. ■ Automatic outbound address harvesting See “Automatic outbound address harvesting” on page 19. ■ Locating address registration in the portal You configure and apply Address Registration settings per domain. 7 8 Address Registration Creating an address list in a spreadsheet or text editor To locate the address registration pages in the portal 1 Click Services > Email Services > Platform > Address Registration. 2 A summary of the state of Address Registration protection is shown for each of your domains. 3 To see details of the email addresses registered for a domain, first locate the domain in the summary list. Then click the domain name, or select the domain from the drop-down list. Creating an address list in a spreadsheet or text editor To use Address Registration, you first need to create a full list of your organization’s valid email addresses in a .csv file or .txt file. Each of your organization’s registered domains and subdomains must have its own list of valid email addresses. When compiling your lists of valid email addresses, include any alias addresses and externally visible group addresses; for example, sales@domain.com. However, if email addresses exist on subdomains (for example, user@sub.domain.com), these addresses should not be included in the valid address list for domain.com. A list of registered addresses must be provided for each domain and subdomain. You can create the lists manually either as a .txt file or .csv file in either a spreadsheet application or text editor. Enter each email address on a separate row or line. Wildcard symbols such as ^& %$* are not valid in an email address. The only acceptable symbols in an email address are: ■ underscore _ ■ hyphen - ■ dot . You can create your address list in several ways: ■ Enter the email addresses manually through the portal. ■ Create the list manually using a spreadsheet or text editor. ■ Extract the user list using the Address Synchronization Tool. ■ Extract the list directly from your mail server. See “Managing registered addresses manually” on page 9. See “Extracting email addresses with the synchronization tool” on page 10. Address Registration Managing registered addresses manually See “Extracting the address list from a mail server ” on page 11. Managing registered addresses manually You can add and delete registered addresses manually in the portal. You can define a list of email addresses to delete from the Address Registration service (such as recent staff leavers) and upload the list into the portal for deletion. The list must be defined in a .csv file. To enter an address 1 Click Services > Email Services > Platform > Address Registration. 2 Select the required domain from the Summary list or from the domains drop-down list. 3 Click New Address. 4 Enter the email address to register. 5 Click Add. The email address appears in the list of registered addresses. To delete a registered address 1 Click Services > Email Services > Platform > Address Registration. 2 Select the required domain from the Summary list or from the domains drop-down list. 3 Locate the address to delete and tick the box to the left of it. Note: In the Search Address field, you can use the * wildcard for partial matching. 4 Click Delete Selected. A confirmation message is displayed. To delete a list of registered addresses 1 Click Services > Email Services > Platform > Address Registration. 2 Select the required domain from the Summary list or from the domains drop-down list. 3 Click Delete Multiple Email Addresses. 9 10 Address Registration Extracting email addresses with the synchronization tool 4 Enter the file name of the .csv file or click Browse to locate it. 5 Click Upload. The upload-and-delete operation may take some time to complete depending on the size of the list. A confirmation message is displayed. See “Creating an address list in a spreadsheet or text editor” on page 8. Extracting email addresses with the synchronization tool The Synchronization Tool enables you to extract and maintain a list of valid email addresses in use in your organization. The address list is required for Address Registration. Synchronized email addresses can be used in Content Control rules. If you have a license for the Synchronization tool, you can extract your valid email addresses directly to the email services infrastructure. If you do not have a license, you can save the email addresses to a file. To use the synchronization tool with a license 1 In the Data repository section of the configuration process, in the Configure data repository window, select Symantec.cloud as the Repository Type. 2 Click Next. You can now continue with the User setup and the Domain setup. See the Online Help: Creating a configuration profile - process overview. To use the synchronization tool without a license 1 In the Data repository section of the configuration process, in the Configure data repository window, select File as the Repository Type. 2 Click Next. 3 In the Repository file configuration window, in the File Name field, enter the path and file name for the output. The Additions and Deletions fields are entered automatically. 4 Click Next.You can now continue on to the Filters section of the configuration. See the Online Help: Creating a configuration profile - process overview. See also Online Help on the Synchronization Tool. Address Registration Extracting the address list from a mail server Extracting the address list from a mail server We provide procedures to extract a list of your organization's valid email addresses from the following mail environment networks: ■ Exchange 2000 and 2003 ■ GroupWise ■ iMail ■ Lotus Notes V7 ■ MDaemon To extract user data from your mail server, you must have administrative rights for the domain or subdomain for which you are producing the list. The user data that is extracted by following these instructions may include more information than only the required valid email addresses. You need to remove any extra data before uploading the list to the email services infrastructure. You can do so by importing the data into a spreadsheet. To remove extra user data from an address list 1 Import the data into Microsoft Excel or another spreadsheet application. 2 Sort on the column that contains the email addresses, and delete all entries without an email address. 3 Delete all columns except the one containing the email addresses. 4 Save the file as a .csv file or copy the addresses to a .txt file. 5 You may also need to separate the data further, to provide one list for each of your domains or subdomains. Note: If you have questions on extracting your address lists directly from your mail server, contact your IT department or IT consultant. See “Producing an address list from Microsoft Exchange” on page 12. See “Producing an address list from GroupWise 7” on page 12. See “Producing an address list from iMail” on page 13. See “Producing an address list from Lotus Notes 7” on page 14. See “Producing an address list from MDaemon” on page 15. 11 12 Address Registration Extracting the address list from a mail server Producing an address list from Microsoft Exchange There are two versions of the command that extracts user data from the Exchange server. One produces a list of email addresses from one domain and all of its subdomains. The other enables you to select domains and subdomains from which to produce the list. To produce an address list from a single high level Active Directory domain and all of its subdomains ◆ From a command prompt, enter the following command: ldifde -f filename.txt -l proxyaddresses -r "(proxyaddresses=*smtp:*@*)" A text file called filename.txt containing your valid email addresses is produced. To produce an address list from a specific Active Directory location ◆ From a command prompt, enter the following command: ldifde -f filename.txt -d "dc=subsub,dc=sub,dc=domain,dc=com" -l proxyaddresses -r "(proxyaddresses=*smtp:*@*)" This command contains the information that you must supply in italics; for example, the name of the .txt file that is produced (filename.txt). The dc= values identify the required location in the Active Directory. Use as many of the dc= values as are required. For example, the command above produces a user list from the subsub.sub.domain.com Active Directory domain structure. Note: The *smtp: *@* filter in the command above ensures that only current valid email addresses are produced. You can amend this filter to your requirements, if necessary. See “Extracting the address list from a mail server ” on page 11. Producing an address list from GroupWise 7 You need to be familiar with NWAdmin and GroupWise Utilities before performing this procedure. Address Registration Extracting the address list from a mail server To produce an address list from GroupWise 7 1 Log on to NWAdmin and select the eDirectory tree that contains the users to export. 2 Select Tools > GroupWise Utilities > Export. An NDS query tool is displayed. 3 Click NDS/GroupWise Class and select User from the drop-down list to the right of it. 4 Under Attributes, select the object name (logon name), last name, given name, and NGW: File ID. 5 Enter a text file export name (for example, GW-FID.TXT). 6 Under Starting Context, click [Root]. 7 Check Export from subordinate contexts. This option causes objects in subordinate contexts to be exported. 8 Check Put the attribute names in first line. This option directs the export to put the attribute names as a comment in the first line of the export file. 9 Click Run. A comma-delimited text file of your users is produced. See “Extracting the address list from a mail server ” on page 11. Producing an address list from iMail Extracting a list of your user's email addresses can only be achieved on a single domain basis. If you have more than one domain, repeat these steps for each domain. To extract email addresses from iMail 1 Navigate to the iMail Administrator. 2 Expand the tree under your server name or domain. 3 Click Users. 4 Click Export Users to File. The \imail\Users.txt file is created. See “Extracting the address list from a mail server ” on page 11. 13 14 Address Registration Extracting the address list from a mail server Producing an address list from Lotus Notes 7 To produce an address list from Lotus Notes 7 1 From the Notes client, open the Name and Address book (names.nsf) on the Domino server. 2 Open the People view in the names.nsf database and create views to list the Internet addresses for each Person document in your domain: ■ Select Create > View. ■ Update the Create View window ■ Select Save and Customize. ■ Delete all column headings in the new private view. To delete all headings at once, highlight the first heading, click Control, and select the last heading to select them all. Use the Delete key to delete all headings. Click Yes to confirm the deletion ■ Right click on the empty heading bar and select Insert New Column... ■ Select Field as the Display type. Scroll down to the InternetAddress field and select it. ■ On the File menu, click Save to save the private view. 3 Close the view design tab by pressing the Esc key. 4 In the names.nsf left navigation view is the InternetAddressList view. One column in the view lists the Internet addresses of all users who are listed in the People view. To export the list of Internet addresses to a text file, select File > Export. 5 Update the Export window. 6 Select Export. 7 Update the Tabular Text Export window. 8 To export the view, select OK. 9 Repeat these steps for the other Views/Fields that contain valid Internet addresses if necessary. For example include the people view ShortName field (for Internet ID aliases), Group/InternetAddress (for external group distribution lists), and Mail-in databases/InternetAddress (for external Mail-in databases). See “Extracting the address list from a mail server ” on page 11. Address Registration Reviewing an address list Producing an address list from MDaemon To produce an address list from MDaemon 1 Navigate to the Message Router. 2 Click Accounts > Exporting > Export accounts to a comma delimited text file. 3 Specify the required path and file name. 4 Click OK. See “Extracting the address list from a mail server ” on page 11. Reviewing an address list When your address lists are uploaded to the email services infrastructure, review the addresses that are registered for each domain in the portal before activating Address Registration. Reviewing your list is imperative when your addresses are uploaded initially. Thereafter, it is good practice to review the list when any changes are made. If a list has uploaded incorrectly or if any email addresses are missing, you may experience temporary mail loss. The Summary page lists your domains and shows the state of each. You can download a CSV file of this summary. To review a summary of your address registration settings 1 Click Services > Email Services > Platform > Address Registration. 2 Ensure that Summary is selected in the domains drop-down list at the top of the page. Your domains are listed with the following information: ■ Domain name: If the domain is enabled for Address Registration, click on the domain name to view and edit its address list ■ Status: ■ On—Address Registration is protecting your organization from receiving emails to addresses not registered for this domain ■ Off—Create and check your list of registered addresses, and click this link to turn on the protection 15 16 Address Registration Uploading addresses to the infrastructure using the portal Do not set the Address Registration protection to On until you are satisfied that your list of registered email addresses is accurate and correct. Otherwise email to valid addresses may be rejected. ■ ■ Service not enabled for viewing—Contact Support to have this domain provisioned for Address Registration. Click Support > Contact Us for details. Upload/Download: Use the links to download an existing address list as a CSV file so that you can make changes to it and upload the edited file back to the portal. See “Uploading addresses to the infrastructure using the portal” on page 16. To review the address list for a domain 1 Click Services > Email Services > Platform > Address Registration. 2 Select the required domain from the Summary list or from the drop-down domains list. The list of registered addresses is displayed. You can download the list as a CSV file. 3 Repeat for any other domains to review. Uploading addresses to the infrastructure using the portal You can create or edit a list of your registered addresses offline in a .csv file or .txt file and upload the list to the portal. The following options are available for uploading lists into the portal: ■ Delete existing email addresses and replace with uploaded email addresses By selecting this option the uploaded list replaces the existing list. Any entries in the existing list that are not in the uploaded list are lost. ■ Merge existing email addresses with uploaded email addresses By selecting this option the uploaded list merges into the existing list. This is a useful way to add new entries to an existing list. During a merge, if duplicate email addresses exist within both the uploaded and existing lists, the portal does the following: highlights the number of duplicates, and gives you the option to overwrite the entries in the existing list (and to change their description, if required) or to cancel the list merge process. Address Registration Uploading addresses to the infrastructure using the synchronization tool To upload a list of addresses for a domain 1 Click Services > Email Services > Platform > Address Registration. 2 Do one of the following: ■ Select the domain from the Summary list, and click Upload ■ Select the domain from the domains drop-down list, and click Upload Multiple Email Addresses 3 Enter the file name of the .csv file or click Browse to locate it. 4 In the On upload area, select the appropriate option depending on whether the new addresses should replace or be merged with any existing addresses (duplicate entries are ignored). 5 Click Upload. The upload operation may take some time to complete depending on the size of the list. Confirmation of that the file was uploaded successfully is displayed. 6 Click OK. The list entries are displayed in the Address Registration page. Uploading addresses to the infrastructure using the synchronization tool If you have a license for the Synchronization tool, you can extract your valid addresses directly to the email services infrastructure. See “Extracting email addresses with the synchronization tool” on page 10. Maintaining an address list The purpose of registering your valid email addresses is to allow the email services to reject mail to unrecognized addresses. Therefore, it is important that an up-to-date list is maintained. You have several options for keeping the lists up-to-date: Periodic refresh of the complete list Achieved by uploading the address list and choosing Delete existing addresses and replace with uploaded addresses. It is recommended that you perform this refresh at regular intervals to implement all address additions and removals. See “Uploading addresses to the infrastructure using the portal” on page 16. 17 18 Address Registration Merging or replacing an existing address list Incremental additions Achieved by uploading the harvested list and choosing Merge existing addresses with uploaded addresses. This action can be used to augment the address harvesting operation, particularly where new addresses may not be captured when outbound messages are sent. See “Uploading addresses to the infrastructure using the portal” on page 16. Ad-hoc edits Achieved by adding and deleting addresses individually. This action can be used in between your routine list update cycle. See “Managing registered addresses manually” on page 9. Automated synchronization Use the Address Synchronization Tool to synchronize your address list automatically. Address harvesting An automatic process by which all email addresses that send mail out of your organization’s domains are harvested by the email services infrastructure and added to your list of registered addresses. See “Automatic outbound address harvesting” on page 19. It may be advisable to combine the process of adding new addresses and deleting old addresses with your existing process for handling staff leavers and joiners. You may also want to perform address maintenance tasks when you create distribution lists. See “Merging or replacing an existing address list” on page 18. See “Automatic outbound address harvesting” on page 19. Merging or replacing an existing address list You can download the current list from the portal and edit it offline before uploading it back to the portal. When saving the list, ensure that it is saved as a CSV (comma delimited) or TXT file. To download the current address list 1 Navigate to the Address Registration page. 2 Click Download Email Addresses. A dialog box asks you whether to open or save the file. The CSV file is named RegisteredUser.csv. The download operation may take some time to complete depending on the size of the list. See “Uploading addresses to the infrastructure using the portal” on page 16. See “Uploading addresses to the infrastructure using the synchronization tool” on page 17. Address Registration Automatic outbound address harvesting See “Maintaining an address list” on page 17. Automatic outbound address harvesting Outbound address harvesting is an automatic process. The Email Services infrastructure harvests all email addresses that send mail out by your registered outbound IP addresses. These addresses are added to your list of registered addresses. Outbound address harvesting does not automatically detect aliases. For example, johnsmith@company.com is the primary address for new user John Smith. However, the mail server environment may also hold and allow aliases such as j.smith@company.com, jsmith@company.com, and johnsmith@co.com. These alias addresses are not harvested automatically when John Smith’s first outbound message is sent out of your mail server environment. For all aliases to be harvested, an email must be sent out by each alias. Therefore, it may be appropriate to combine outbound address harvesting and manual addition or deletion through the portal as maintenance options. You must use the email services infrastructure as your outbound mail relay in order for address harvesting to work. To ensure that an email address is harvested, you can send an email from the email address to harvest@smtpsink.messagelabs.net. The email goes through the email services infrastructure and the address is harvested. The email is then deleted. It may take up to one hour for the infrastructure to process a harvested address. We keep a record of addresses that have been deleted. Email addresses that you have deleted from your list are not harvested in future. The email address is not harvested again. In line with relevant data protection legislation and industry best practice, the system does not harvest recipient addresses in the emails that your users send. Also, the system does not harvest addresses from the emails that are sent to your users. See “Maintaining an address list” on page 17. See “Merging or replacing an existing address list” on page 18. 19 20 Address Registration Activating Address Registration Activating Address Registration Note: Address Registration may already have been activated when your account was provisioned to use the Email Services. Once you are sure that you have a valid list of your organization’s valid email addresses uploaded to the email services infrastructure, you can then turn on Address Registration for your domains. When the setting for a domain is set to On, any email that is sent to an unregistered address is not accepted and gives rise to an SMTP 550 error. This error indicates to the sending mail server that the address is invalid. You should see a significant drop in detected spam. There should be no need to switch off Address Registration . If you want to do so, contact Support. Click Support > Contact Us for details. Warning: Do not set the Address Registration protection to On until you are satisfied that your list of registered email addresses is accurate and correct. Otherwise email to valid addresses may be rejected. To turn on Address Registration 1 Click Services > Email Services > Platform > Address Registration. 2 Locate the required domain in the Summary list or from the domains drop-down list. 3 Click the Off link. The Registered Email Address Settings window is displayed. 4 Click On. 5 Click Update. The Address Registration page now indicates that Address Registration protection for the domain is On. See “Reviewing an address list” on page 15.