Quarantine notifications, but no release functionalility
Quarantine notifications, but no release functionality.
We have currently setup the Spam quarantine notification messages for our employees. When they receive such an alert message, the users are able to release the captured messages. We would like to have the Quarantine alerts message to stay in place, but want to prevent end-users to release the messages. We want to force a 'second opinion' flow in between, to delegate this task to the Hygiene administrators. In such a configuration employees shouldn't be able to open the Quarantine URL either. Unfortunately we see some users are not able to see the difference between real Spam and a False positive. This way quarantined messages were released and malicious software arrived at the users inbox.
Jorge Hernandez commented
I was hoping that this issue was resolved when I clicked on this link.
the problem with End user spam notifications is that the users have too much power by default and may release a spam or phish email within the report itself. this is a major drawback and a big reason why end user spam notification can be a separate security concern in of itself.
for now I've been lookin for a way to convert the email firstname.lastname@example.org when it arrives to the users as plain text, to avoid the email embedded links from working. so far no luck. if anyone has found another solution please post one. thanks
Bill Broom commented
We have not turned on the notifications, because we don't want the account holder being able to release mail. We currently download all message trace logs and create our own for a few select accounts, but remove the option to release and we would start using it.
Elizabeth Strait commented
Agree that this feature would be a great addition for our line of defense against Spam and malicious messages.
Dan Smith commented
We would let our users know about the self-service quarantine, but we really need to have an approval mechanism to protect them from themselves...
James Busch commented
This feature is badly needed!
Please do this! Our users need to be able to inspect the quarantine in order to identify needed messages, but an admin review process should be added so the messages are inspected prior to release.
Adding the admin review process would provide multiple benefits:
- Reduces costs (end users can do the searching rather than admins),
- Improves improve customer service and confidence (end users empowered to search for messages themselves.)
- Provides security assurances for the agency (messages inspected prior to release)
How has this been open for three years and had no response?
We would like to have the ability for users to *see* their quarantined messages, but not for them to release them. It's fine if they can *request* that they be released, which should then notify an admin.
Barring that, we should at least be able to turn off user managed quarantine. Unless I'm incorrect, as it stands there is no way to turn this off for my users.
Curtis Sizemore commented
This is needed to keep users from releasing bad emails to themselves.
We want the same option that the end users can get quarantine notification but not able to release the quarantine message. Can EOP add this option?