Next, we have the Spam section, which allows us to check current approved senders and add new ones. To do so, hover on the section and click CONFIGURE on the right to show the Add setting | Spam form:
As usual, the first thing we need to provide is a short description for this new rule and then we have a few options to define it. The first one offers you the option to Be more aggressive when filtering spam, which will lower the threshold score required in terms of considering something suspicious:
Next, we have Bypass spam filters for messages received from internal senders, which will disable spam filters for messages sent internally within your business. It's usually best to also check those messages, since many attacks are designed to send messages from a compromised computer within your team to others. If your team uses third-party integration, for example, with Outlook, it's highly advisable to also check internal emails to be able to stop and detect these kinds of attacks early and to take action in relation to the potentially compromised computer.
You can also choose to bypass spam filters from addresses or domains from an approved list. To create a new list, click Use existing or create a new one, write a name, and click CREATE. You will see the new list added to this section and if you hover over one list, you will see the options to Edit its content or Don't use it. Select Edit to bring up the option to add an email address or a domain to this list. You can also choose to not require sender authentication for these sources:
The final option we see allows you to send the spam found using these rules to a specific quarantine list. You can choose the default option, or one of the custom options we created previously:
Once you are done, click ADD SETTING to save this new spam rule. Once created, you will see it listed in the spam section, along with a basic description, and hovering over it will allow you to EDIT, DISABLE, DELETE, ADD ANOTHER, or COPY TO ORGANIZATION, which is useful if you are handling more than one domain and you wish to apply the same rule across several domains.