Skip to main content
Skip table of contents

Frequently Asked Questions (FAQs)

Email Status

Q: Why was an email quarantined as Infomail?

A: The email contains an unsubscribe link and/or content related to advertising, marketing, or newsletters.

Q: Why was an email quarantined as Banned?

A: The email contains an attachment that is prohibited by the customer's policy. For trusted senders, you can create a custom rule to bypass this policy check.

For more information on policies, please see this article: Policy Template

For more information on custom rules, please see this article: Creating a Custom Rule

Q: Why was an inbound email deleted instead of quarantined?

A: There may be a block rule in place. You can check this at a glance in the Live Email Tracker. If a block rule is activated for an inbound email, an “X” will appear beside the “Delete” status. Clicking on the “X” will show the rule. If there is no “X”, then no block rule is in place.

Alternatively, the policy in place on the customer domain may have certain spam categories set to “Delete” instead of “Quarantine.”

Q: An email has the “Deliver” status but has not arrived at the user’s inbox. What should I do?

A: If there is a successful SMTP handoff, you will need to perform a message trace internally. This connection log is the response from the receiving server/host.

In the example below, thee email has passed through our filters successfully and the recipient server responded confirming that the email has been queued for delivery.

image-20240727-114738.png

Q: An email was quarantined but I think this is a false positive. What should I do?

A:

  • If the email was quarantined as spam, infomail, or impersonation: It is recommended to create an allow rule. For guidance on creating an allow rule, refer to this guide: Creating an Allow Rule.

  • If the email was quarantined as phishing or malware: There may be certain URLs detected as malicious or other suspicious aspects of the email. If you trust the sender and are confident it is a false positive, it is recommended to create a custom rule. For guidance on creating a custom rule, refer to this guide: Creating a Custom Rule.

Q: An email was not detected as spam and I want to report a false negative. What should I do?

A: We strive to ensure our detection is as accurate as possible, but false negatives can occasionally occur.

If you are using either Mesh 365 or Mesh Unified the email can be remediated from The Live Email Tracker.

You can report the email as a missed detection to us. Please email the original spam sample as an .eml file to spam@meshsecurity.io.

If you need more details or have questions, please email support@meshsecurity.io or open a ticket through the MSP portal.

Additionally, it is recommended to block the sender by creating either a global block rule or a block rule specific to the customer.

For guidance on creating a block rule, refer to this guide: Creating a Block Rule.

Q: An internal email was marked as spam or impersonation. Why?

A: Typically, internal emails should not be routed outbound through the MX records; they should stay within O365 or the local network. This is a best practice and not exclusive to Mesh.

If the email originated from a CRM or other third-party software sending as the customer’s domain name, the best solution is to create a custom rule with the sending envelope-from and IP address.

Creating same domain allow rules (from example.com to example.com, where example.com is the customer domain) is not advisable as it can allow spoofed emails. Therefore, it is recommended to use a different envelope-from address and/or a static IP address.

For guidance on creating a custom rule, refer to this guide: Creating a Custom Rule.

Rules

Q: An email was quarantined but I think there is an allow rule in place. What could be the issue?

A: There are two possible scenarios where this may occur:

  1. The email was categorized as Malware, Phishing, Banned, or Policy - Geo:

    • Regular allow rules or allow rules created by end users only bypass spam, infomail, and impersonation verdicts. In this scenario, a custom rule is required.

    • Guide to create a custom rule: Creating a Custom Rule

  2. There is no allow rule in place for the sender/domain:

    • You can check this easily in the Live Email Tracker. If there is an allow rule activated for an inbound email, a checkmark will appear beside the “Deliver” status. Clicking this will show the rule. If there is no checkmark, there is no existing allow rule that matches the criteria of the inbound email.

    • Guide explaining the different status types: Email Statuses

Q: How do I import allow and block rules?

A: You can import rules quickly and easily for your customers using a CSV file.

Guide to import rules: Import Rules Using a CSV File

Q: I get an error when importing my allow and block rules. What should I do?

A: Ensure you are following the correct format and guidelines. Try some of our troubleshooting tips. If you are still encountering issues, please open a ticket with support for further investigation.

Guide to CSV troubleshooting tips: CSV Troubleshooting Tips

Q: I need to allow emails from MailChimp, how do I configure this?

While the MailChimp header-from address can be customized to appear as your own domain, it is not recommend to create a same domain allow rule. Instead, an allow rule for the envelope-from domain would be more applicable. The sending domain is always one of the following:

CODE 
mcsv.net 
mcdlv.net 
rsgsv.net

Creating a regular allow rule for these domains will ensure traffic is not quarantined.

Guide to create an allow rule: Creating an Allow Rule

Q: I need to allow emails from third-party phishing simulation software such as Phin Security, Huntress, or KnowBe4. How do I configure this?

A: Typically, third-party providers will use a list of domains they own and a range of static IP addresses. To bypass our filtering, you will need to create a custom rule for each domain and/or IP range. This will ensure that we do not quarantine any of the phishing test emails.

Guide to create a custom rule: Creating a Custom Rule

General Questions

Q: An end-user has requested to release an email. Where did the request go?

A: When a user requests to release an email, the request is sent to either an email address defined by the MSP, or to anyone with the administrator role at the customer.

The requests are available within the Live Email tracker by searching status - “Pending”.

Q: Do you have any training / marketing content I can provide to my customer?

A: Yes, you can find MSP Enablement material here in our help center. See more: MSP Enablement

Q: Does Mesh Gateway / Unified support MTA-STS?

A: No additional steps need to be taken within Mesh when you are configuring MTA-STS for your domain.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close