HTML Sanitizer

The HTML Sanitizer scans and removes scripting code within the email body and attachments.It scans:

  • the email body of emails that have the MIME type set to “text/html”
  • all attachments of type .htm or .html.

Configuring the HTML Sanitizer

  1. Go to Email Security > HTML Sanitizer.

HTML Sanitizer configuration page

  1. Enable the HTML Sanitizer by selecting Enable the HTML Sanitizer checkbox .
  2. Select direction of emails:
Option Description
Scan inbound SMTP emails Scan and sanitize HTML scripts from all incoming emails.
Scan outbound SMTP emails Scan and sanitize HTML scripts from all outgoing emails.
  1. Click Apply.

HTML Sanitizer Whitelist

The HTML Sanitizer Whitelist can be configured to exclude emails received from specific senders.

NOTE

To exclude specific IP Addresses or domains, use the HTML Sanitizer Domain\IP Exclusions feature. For more information refer to HTML Sanitizer.

To manage senders in the HTML Sanitizer Whitelist:

  1. Navigate to Email Security > HTML Sanitizer and select Whitelist tab.

HTML Sanitizer Whitelist page

  1. In Whitelist entry, key in an email address, an email domain (for example, *@domain.com) or an email sub-domain (for example, *@*.domain.com) and click Add.

NOTE

To remove an entry from the HTML Sanitizer whitelist, select an entry and click Remove.

  1. Click Apply.

HTML Santizer Domain\IP Exclusions

The HTML Santizer Domain\IP Exclusions feature enables administrators to specify IP addresses or domains to exclude from HTML Sanitizer. This will not simply use an IP address list; it can also support domain addresses, which are then resolved at runtime, so that all the IP addresses for the domain in question are obtained. This is done in two ways:

  1. By default, the feature queries the MX records of the domain being processed
  2. Optionally, you can choose to have the SPF record of the domain queried. If the domain doesn’t have an SPF record, the SPF part is ignored and only the MX records are used.

If the IP address from where the email originated (the one which sent to the perimeter server) is an IP listed in the Domains\IPs exclusions tab or resolved from a domain in the same list, then the email is not processed by HTML Sanitizer. The exclusion list also accepts domains, resolves the domains’ MX records and (optionally) checks the SPF record to get IP addresses.

To manage domains\IP exclusions in the HTML Sanitizer Whitelist:

  1. Navigate to Email Security > HTML Sanitizer and select Domains\IP exclusions tab.

Domain\IP Exclusions

  1. Key in the domain or IP address to exclude and click Add.

NOTE

To remove an entry from the HTML Sanitizer Domain\IP Exclusions, select an entry and click Remove.

  1. Optionally, select Query the SPF records of the specified domains for the list of the servers to exclude.
  2. Click Apply.