I have reported this in the past... and maybe others are on cruze control or dont care.. or havent seen a REAL quarantine report... but your current QUARANTINE report from the SG box is absolutely useless as it is written. Please take the time to read this instead of just waiting on votes. This is a real problem.

Currently the quarantine for both XG and SG units records and shows the mail header field 'RETURN TO' as the FROM address in quarantine and mail log screen. In many cases, this makes the interpretation of those emails impossible prior to releasing to the mail client.

For example... a LOT of bulk mail (even if coming from a known vendor) now included information to see if an address is valid. They add inforation to the RETURN TO field such as 'bounce-20_html-12235547.....' and may or may not have the actual FROM address included. This makes a VERY long and frankly useless FROM showing in the quarantine and mail logs. With only this shown, in some cases emails must be released just to see IF they really are good or not because the subject does not have enough information.
Other SPAM products on the market uses the 'FROM' field for that which in the above case might be 'webinar@cchemail.com'. Well we recognize CCH as a valid vendor so then we might release... or then look at the subject and release... in either case... better information. Even if its a spoofed address.. it will show up in no worse information than the 'bounce...' info. Any usually MUCH better information.
I realize when these were designed, maybe the RETURN to was often the same as the REPLY TO header fields. I dont see that in todays email world. 80-90% of the mails caught by our quarantine have a useless 'RETURN TO' field and a valid 'FROM' field
I have screen captures to illustrate but cant attach them here. Contact me for examples. These examples show the exact emails that come from another SPAM filtering company that use FROM as useful information. (we are testing both simultaneously)
If not a direct change.... allow the option in the setup to select FROM or RETURN TO. Then the user can decide. It would be the same number of fields... just another one that is already available for use.
I could send screens to show you if there was a way to attach them here. I know you are coming out with a new release... please take time to look at this. I

146.185.173.242
198.71.86.130
212.67.203.197
198.98.103.243
87.106.216.61
37.59.1.42
46.32.237.164
94.143.106.252
70.33.188.112
162.254.227.245

23.253.182.167
85.25.152.51
70.33.188.111
83.70.203.244
46.101.142.211
198.211.117.9
41.220.69.172
46.236.37.75
87.253.233.151
208.76.87.21

87.253.234.157
67.68.185.114
64.74.172.33
62.61.152.81
241.231.152.125
192.168.8.51
80.152.197.106
213.190.90.69
46.1.235.149
199.15.213.64

199.15.213.67
62.129.220.20
92.55.215.145
104.233.126.39
194.214.71.115
193.255.77.173
91.98.96.132
180.93.114.216
41.223.64.250
89.43.225.44

154.53.200.34
187.216.19.130
116.109.199.249
103.255.182.8
89.44.132.2
195.66.166.4
112.196.181.198
189.203.45.229
177.247.99.187
196.207.94.54

113.183.166.19
200.94.20.82
5.22.213.193
109.227.61.37
81.29.245.233
188.120.254.176
117.255.240.109
116.109.104.203
14.139.171.93
223.255.230.231

13.92.137.57
23.91.115.212
193.1.181.190
80.82.64.77
24.239.210.176
182.73.251.210
82.78.94.236
62.101.128.162
27.251.28.143
79.99.129.73

67.59.193.228
23.239.11.36
213.243.196.11
202.166.170.211
79.99.129.74
213.58.130.235
216.183.106.114
82.165.159.10
124.81.81.93
208.73.210.214

104.148.33.38
21.50.170.120
80.147.113.10
116.202.38.173
218.205.187.230
91.251.213.226
93.120.161.130
184.73.226.63
38.84.70.196
176.74.176.187

118.70.103.68
105.112.22.82
103.211.42.5
198.2.131.56
52.124.3.43
217.76.245.9
74.208.79.101
201.199.109.98
181.174.187.103
162.248.97.76

200.55.139.27
91.142.218.196
47.9.218.51
179.97.200.143
197.211.32.243
113.193.233.46
45.248.41.79
109.196.112.108
217.60.80.199
77.74.109.133

46.166.129.71
115.186.181.177
37.157.255.49
41.82.224.27
41.94.12.2
41.162.48.99
41.221.96.75
41.223.145.36
45.27.177.114
45.117.81.214

49.50.65.139
49.50.88.144
143.95.1.97
192.151.250.192
158.69.124.155
62.24.112.243
43.247.42.175
89.165.117.158
193.23.181.141
202.28.230.99

103.18.4.79
221.122.102.207
86.106.131.17
193.23.181.143
193.192.122.98
129.56.0.165
172.16.4.25
185.122.212.47
80.233.244.17
210.87.250.82

203.198.138.72
218.103.83.35
94.103.100.39
76.175.45.106
210.87.247.10
210.87.247.11
210.87.250.172
210.87.250.171
210.87.247.30
210.87.247.20

58.213.133.18
103.82.170.48
103.82.171.151

It would be very helpful to provide an option to be able to import email addresses from a file directly into the Reflexion portal as distribution lists vs only as users. In addition, on the "List All Users" page within the portal, possibly adding an option to the drop-down list to "Convert to Distribution List" to quickly convert any existing users to distribution lists if needed.

Just spoke with chat, and currently the only way to create a distribution list per chat is to create a new user account first and then go back and edit the user and change to a distribution list. This is a lot of work having to do this one by one for clients that have a lot of distribution groups. Therefore, the recommended method per support when having to create multiple distribution lists is to enable LDAP sync.

However, we do not enable LDAP sync for some of our clients since some of our clients do not allow all users to email to the Internet and are only allowed to email internally. For example, we may have a health care client with 200 users and only 50 of those users are allowed to email to the Internet. So there is a lot of time being wasted when onboarding new clients and having to create multiple distribution lists to ensure the a user is not mistakenly overlooked when having to go back and filter through 200 accounts in the portal to find the 150 needed to disable Account Security. This leaves a lot of room for user error and potential HIPAA violation when trying to enforce policies for our clients and a user accidentally emailing out information that is not permitted, etc. Whereas we can easily run commands from Exchange to export only mailboxes to one file and then distribution lists to another file, and import into Reflexion as a user or distribution list if the option is available. Or import all email addresses and then be able to go back to the "List All Users" page and select multiple account and convert to a distribution list with a new option from the drop-down menu, vs having to drill into each one by one.

Currently, only the Subject field and the content of the email is checked. Well before V8, maybe in V6, we could add the email address of a departed employee to 'Expressions' to force emails to that person into quarantine.

In most organizations, emails within the organization won't transit the SMTP Proxy. An additional benefit would be that adding the domain would prevent outside emailers from spoofing an internal user in the From field. There is otherwise no mechanism to catch something like the following example that demonstrates a spoof of the company president ordering the treasurer to wire money:

telnet mail.ourdomain.com 25

EHLO spoofersdomain.com
MAIL FROM:<info@spoofersdomain.com>
RCPT TO:<victim@ourdomain.com>
DATA
From: John Madison <president@ourdomain.com>
To: Treasurer
Subject: Urgent purchase - please wire
Jim, I found a real opportunity, please wire $5000 (five thousand) immediately to account #123456789 routing code 123456789 SWIFT Code CITYUS77
.