I would love to have a setting that would block/reject/quarantine/tag any emails from domains which are slightly different than domains which have been previously accepted. For example, a client of ours was receiving and communicating with an email domain (i.e. xyznewyork.com). There was a man in the middle attack that created a new email domain (i.e. xyynewyork.com) and used the same username as the sender. The email passed through and our client began communicating with this 3rd party with devastating results. I don't know of any current setting in the gateway that would have blocked the email domain is it was correctly set, had MX records, and wasn't on a blacklist. Thus, I think that a new feature such as the one I am suggesting could help block this very difficult form of attack.

The usability of the "Inbound Allow/Block" table is absolutely awful!

There should be a way to sort the columns, and a way to load the entire list without having to "scroll to load more" an unknown & unlisted number of times!

The sorting algorithm for the address/domain/ip column should INCLUDE both straight-up alphanumeric sorting and IP-aware "numerical-by-octet" sorting.

As well as the above, that same column should have an option for domain-only sorting, to allow for combining entries of various addresses in a domain (probably added at different times), into a single full-domain entry.

There should also be a way to filter by date (between X & Y; or after X; or on date X; etc.) to find changes that were made together or near each other. Having an actual time would be nice too, in that type of case, but I suppose that'd bit would just be icing on top.

You should also be able to filter on Action, so that we only see all the BLOCK entries, or all the ALLOW entries, if we need that.

Also, the ability to select multiple entries for deletion should be made available -- although, please do so in a way that does take SOME extra effort, so accidents are limited -- such as checkboxes for each line, without having any select all option perhaps. Or maybe having a select all button, but throwing 2-3 warning messages (one when clicking select all, one when clicking delete, and another "are you sure you want to delete *** number of entries") with the default dialog result being "No, I changed my mind" and the "Escape" key action also being "Cancel", forcing a user to pick a third "Yes, delete all selected entries" button manually... with no key equivalent on that button that could be accidentally selected.

Finally, and most importantly, before any of that, there should probably be an Export to TSV, tab-separated values (or "Export to XLSX", if you absolutely must), so that we can manipulate and search the list for ourselves in a spreadsheet app such as Numbers/GoogleSheets/Excel, until you can implement the other features.

1> Blacklist check for a domain/IP.
2> Test a mail server response on SMTP/SMTPS.
3> SPF & aSPF detailed logs, at least for those which fail either or both. Policy enhancements for aSPF condition.
4> DKIM & aDKIM detailed logs, at least for those which fail either or both. Policy enhancements for aDKIM condition.
5> DMARC logs, list domains that pass & fail DMARC strict policies.
6> ToC detailed analysis logs instead of just blocking/warning.
7> Header anomalies detailed logging and reporting.
8> Sender's Mail service provider & DNS. Top 50/100 at least.
9> Look out for report generated by MXTOOLBOX https://mxtoolbox.com/EmailHeaders.aspx from header anomalies.
10> Tools to create strong SPF & DMARC policies. This should be difficult to add.
11> Mails received from which country, AI & Deep ML analysis on mail content. Reports based on that. This can be a unique feature.
12> Plug in Outlook or on browser indicating reputation of mail for that user. Adding this functionality on CIXA might also help in upsell.
13> Some more tools were explained here can be integrated in Central mail.
14> Restrictions on attaching links/content/file from cloud storage providers.

Hello,
we have two suggestions:

1)
When we use the recommended sophos List in the DLP with the file types, then in future every Mail with a digital signature is blocked.
That`s not good, many from our customers with a digital signatur in the mail are blocked from DLP then. DLP should only block the file types in the list.

2)
When a important customer is sorted out in Quarantäne as spam, then we want to move him in the allow list. But then we have the problem that every mail in future from the customer will no longer scanned on viruses. Thats a terrible problem/mistake. (for example the customer gets Emotet, etc.. in future) The allow list should only be for spamfiltering not for disable scanning on viruses.

Regards