Administration Guide
Track and Trace Administration Guide Documentation version: 1.0 Legal Notice Legal Notice Copyright 2013 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo and are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if any. Symantec Corporation 350 Ellis Street Mountain View, CA 94043 http://www.symantec.com Clients are advised to seek specialist advice to ensure that they use the Symantec services in accordance with relevant legislation and regulations. Depending on jurisdiction, this may include (but is not limited to) data protection law, privacy law, telecommunications regulations, and employment law. In many jurisdictions, it is a requirement that users of the service are informed of or required to give consent to their email being monitored or intercepted for the purpose of receiving the security services that are offered by Symantec. Due to local legislation, some features that are described in this documentation are not available in some countries. Configuration of the Services remains your responsibility and entirely in your control. In certain countries it may be necessary to obtain the consent of individual personnel. Symantec advises you to always check local legislation prior to deploying a Symantec service. You should understand your company s requirements around electronic messaging policy and any regulatory obligations applicable to your industry and jurisdiction. Symantec can accept no liability for any civil or criminal liability that may be incurred by you as a result of the operation of the Service or the implementation of any advice that is provided hereto. The documentation is provided "as is" and all express or implied conditions, representations, and warranties, including any implied warranty of merchantability, fitness for a particular purpose or non-infringement, are disclaimed, except to the extent that such disclaimers are held to be legally invalid. Symantec Corporation shall not be liable for incidental or consequential damages in connection with the furnishing, performance, or use of this documentation. The information that is contained in this documentation is subject to change without notice. Symantec may at its sole option vary these conditions of use by posting such revised terms to the website.
Technical support If you need help on an aspect of the security services that is not covered by the online Help or administrator guides, contact your IT administrator or Support team. To find your Support team's contact details in the portal, click Support > Contact us.
This document includes the following topics: About Email Track and Trace Searching for an email with Email Track and Trace Searching by message ID in Email Track and Trace Viewing Email Track and Trace search results Viewing email delivery details in Email Track and Trace Requesting Email Track and Trace results by email Enabling a user for Email Track and Trace About Email Track and Trace The Email Track and Trace tool lets you trace a specific email and determine if and when it was processed and the action taken. You can search for an email that was processed within the last 30 days. Typically, an email is searchable within 15 minutes of entering the Email Services infrastructure. The Email Services infrastructure does not store copies of any emails that pass through it. Rather, it logs key information about each email at the time of processing. When an email is found, the following details are displayed: Whether and when an email was accepted or not into the Email Services infrastructure. Note: The infrastructure rejects all emails that are not on your organization's valid address list. To avoid an email being rejected, ensure that your Address Registration address list is always up to date.
Searching for an email with Email Track and Trace 5 Whether and when the email was delivered to the recipient's network. Or, in the event of an unsuccessful first delivery attempt, whether retry attempts are in progress. Which of the Email Services intercepted the email and the action that was taken on it. The Email Track and Trace tool enforces a security policy that ensures you can only search for the emails that you have permission to view. The security policy is based on the following criteria: The organization you work for. The access privileges that are associated with your portal login ID. Access rights for Email Track and Trace are applied across all of the domains that are provisioned for your account. The user role. An administrator with the Edit Configuration permission can access Email Track and Trace. An administrator can grant an Email Track And Trace user role for other portal users. You can find Email Track and Trace in the portal under the Tools tab. See Searching for an email with Email Track and Trace on page 5. See Searching by message ID in Email Track and Trace on page 7. See Requesting Email Track and Trace results by email on page 13. See Viewing Email Track and Trace search results on page 8. See Viewing email delivery details in Email Track and Trace on page 10. See Enabling a user for Email Track and Trace on page 13. Searching for an email with Email Track and Trace To perform a search, you must specify at least one of the following criteria: Recipient Sender Subject line To identify a specific email, we recommend that you provide as much information as possible when defining your search criteria. You can view your results on screen or have them emailed to you.
Searching for an email with Email Track and Trace 6 To search for an email 1 Select Tools > Email Track and Trace. 2 In the Search tab, enter your search criteria. To display additional search options, select Show All. The following search options are available: Search options Recipient Description Search for the recipient's email address. The email address must conform to valid email address format, including an @ symbol and a period. An asterisk (*) can be used as a wildcard to represent one or more characters, for example *@domain.* The maximum field length is 255 characters. Sender Search for the sender's email address. The email address must conform to valid email address format, including an @ symbol and a period. An asterisk (*) can be used as a wildcard to represent one or more characters, for example *@domain.* The maximum field length is 255 characters. Date range Specify the time range for your search. You can search for any emails that were processed within the last 30 days. An email is typically searchable within 15 minutes of it entering the infrastructure. You can select from a preset range of hours or days, or you can select a specific time range. The timezone defaults to the one that is defined in your Profile. You can change the timezone for a search as required. Subject line Search by subject line. If you only know part of the subject line, select one of the options in the drop-down menu: "Contains", "Begins with", or "Ends with". Then, enter the characters to search for. An asterisk character (*) cannot be used as wildcard in this search box. If you search with an asterisk, the Email Track and Trace tool searches for any emails that contain an asterisk within the subject line.
Searching by message ID in Email Track and Trace 7 Search options Attachment filename Receiving server external IP Sending server external IP Service Helo Attachment MD5 checksum Email size Description Search for the name of the attachment file. The maximum field length is 255 characters. Search for emails that have been delivered to a specific IP address. Wildcards are not supported. Search for the IP address of the sending mail server. Wildcards are not supported. Note: You cannot search for the sending host name details. If you suspect that one of the Email Services intercepted an email, you can search by the service name, for example "Content Control". You can use the Helo string as one of your search parameters (part of the SMTP receiving server identification process). Asterisk wildcards are not supported. Search for an email attachment's unique MD5 checksum string. The search box must contain an MD5 checksum string in valid format (32 alphanumeric characters). Search for emails within a preset size range. 3 Select whether to receive your results on screen or by email. 4 Click Search. See About Email Track and Trace on page 4. See Viewing Email Track and Trace search results on page 8. See Searching by message ID in Email Track and Trace on page 7. Searching by message ID in Email Track and Trace Mail servers generate a unique message ID for each email that is sent out. An Email Track and Trace search by message ID pinpoints an individual email. To search for an email by message ID 1 Select Tools > Email Track and Trace. 2 Select the Search by ID tab. 3 Enter the message ID in the Message ID box.
Viewing Email Track and Trace search results 8 4 Select whether to receive your results on screen or by email. 5 Click Search. See Searching for an email with Email Track and Trace on page 5. See About Email Track and Trace on page 4. See Viewing Email Track and Trace search results on page 8. Viewing Email Track and Trace search results When you submit your search, a progress bar is displayed while the search runs. When the search completes, the page displays a list of entries that match your search criteria. You can sort the results once all of the results are returned by clicking on a column heading of your choice. The results list remains available in the portal for 24 hours or until you submit a new search. Your search criteria also remain on screen when your results are displayed so that you can refine your search if necessary. The Email Track and Trace tool searches across multiple datacenters and can display up to 1,000 results from each datacenter. However, if more than 1,000 results are found, we recommend that you refine your search criteria. As well as viewing your search results on screen, you can also send them in CSV format to an email address. Note: If an email was sent to multiple recipients, each instance of the email is shown in the search results list. The following table shows the information that is displayed in the results list. Table 1-1 Column heading Message direction Subject Recipient Sender Email Track and Trace results list Description The icon to the left of the subject field shows whether the email is inbound to your domain or outbound from your domain. The subject line of the email. The email address of the intended recipient. The email address of the sender.
Viewing Email Track and Trace search results 9 Table 1-1 Column heading Accepted Email Track and Trace results list (continued) Description If the email was accepted into the infrastructure, this column displays a check mark icon and the date and time that the email was received. Any email that is not accepted into the infrastructure is listed as rejected because the address is not registered. The infrastructure rejects all emails that are sent to addresses that are not on your organization's valid address list. Therefore, to avoid an email being rejected, ensure that your Address Registration address list is always up to date. Delivered If the email was delivered to the recipient's network, the date and time of delivery are displayed along with a check mark icon. Note: In some circumstances, the email appears as delivered to the recipient's network, but may not have reached the intended recipient. Typically, the recipient organization's email security policies for inbound email are the reason for an email not reaching an intended recipient. If the email was not delivered to the recipient's network, it could be for one of the following reasons: Not delivered The email was not delivered into the recipient s network. One of the Email Services may have intercepted it, or the email was not accepted into the Email Services infrastructure in the first place. Pending information The complete log for the email is not available yet. Typically, an email is searchable within 15 minutes of entering the infrastructure. Try your search again in a short while. Retrying delivery The email is in the process of being sent. An email enters a retry schedule if it cannot be delivered immediately. Delivery failed We tried to deliver the email, but were unsuccessful. The delivery failure may be due to a connection problem between our infrastructure and the recipient's network. Note: When malware is detected in an outgoing email and that email is blocked and not sent, a Track and Trace log record is not created because the recipient never receives the blocked message. The recipient's email administrator may be notified, depending on the policies of the recipient network. Because no log entry is created, Track and Trace searches will not find blocked messages, nor will the messages be included in Track and Trace reports. This can cause a discrepancy between the total number of messages sent and the number of messages found by Track and Trace, which can give the appearance that messages are missing.
Viewing email delivery details in Email Track and Trace 10 Table 1-1 Column heading Service Email Track and Trace results list (continued) Description Which of the Email Services that the email has triggered during processing. See Searching for an email with Email Track and Trace on page 5. See Viewing email delivery details in Email Track and Trace on page 10. Viewing email delivery details in Email Track and Trace When you submit an Email Track and Trace search, a list of results is displayed on screen. To view detailed information about a specific email, click on the associated item in the results list. To view full delivery information 1 Select Tools > Email Track and Trace. Enter your search criteria and submit your search. 2 When you have received your search results, click on the required entry in the results list. A pop-up window displays the delivery details in the Summary tab. One of the following main delivery status messages is displayed at the top of the page: Delivered to recipient network The email was delivered to the recipient's network. Note: In some circumstances, the email appears as delivered to the recipient's network, but may not have reached the intended recipient. Typically, the recipient organization's email security policies for inbound email are the reason for an email not reaching an intended recipient. Not delivered The email was not delivered to the recipient s network. One of the Email Services may have intercepted it, or the email was not accepted into the Email Services infrastructure in the first place. Pending information The complete log for the email is not available yet. Typically, an email is searchable within 15 minutes of entering the infrastructure. Try your search again in a short while.
Viewing email delivery details in Email Track and Trace 11 Retrying delivery The email is in the process of being sent. An email enters a retry schedule if it cannot be delivered immediately. Delivery failed We tried to deliver the email, but were unsuccessful. The delivery failure may be due to a connection problem between our infrastructure and the recipient's network. The following information is provided in the Summary page: Detail Sender Recipient Subject Message Size Message ID Message Reference Connection Description The email address of the sender. The email address of the recipient. The subject line of the email. The total size of the email message, including any attachments. The message ID, as shown in the header of most emails. The message reference number. If the email was accepted into the infrastructure for scanning, a check mark icon and the Accepted label are displayed. If the email was rejected, an "X" icon and the Email rejected label are displayed. The infrastructure rejects all emails that are not on your organization's valid address list. To avoid an email being rejected, ensure that your Address Registration address list is always up to date. Sending Server Sending Server Helo The IP address of the sending mail server. The Helo string that identifies the sending SMTP server.
Viewing email delivery details in Email Track and Trace 12 Detail Connection Started Connection Finished Status Security Scan Delivery result Delivery Attempts Latest Attempt Recipient Server View advanced delivery information Description The date and time in GMT that the sending server has connected to our infrastructure. The date and time in GMT that the sending server has disconnected from our infrastructure. If the delivery status is Retrying delivery, this field provides detailed information about the delivery retries. If one or more of your Email Services intercepted the email, the service that applied the most severe action is provided. The main delivery status of the email message. The number of delivery attempts. The date and time in GMT of the most recent delivery attempt. The IP address of the recipient server. Clicking this link opens the Log View tab, which displays detailed connection information in chronological order according to dates and times in GMT.
Requesting Email Track and Trace results by email 13 3 Click on the Attachments tab for information about any email attachment. You cannot open the Attachments tab if the email did not have an attachment. If the email has an associated attachment, the attachment's name is displayed along with its MD5 checksum value. 4 Click on the Log View tab for detailed connection information. Detailed connection information is displayed in chronological order according to dates and times in GMT. See Viewing Email Track and Trace search results on page 8. See About Email Track and Trace on page 4. Requesting Email Track and Trace results by email You can have the results of an Email Track and Trace search sent to you or to another recipient in an email. The results are sent as a CSV file attachment. The CSV file is password protected. To request search results by email 1 Select Tools > Email Track and Trace. The Search tab opens. 2 Define your search criteria. 3 At the bottom of the Search page, select Email the results as a CSV file when the search is complete. 4 Enter a valid email address. 5 Create a password for the CSV file and enter it in the Password for results file box. 6 Click Search. See About Email Track and Trace on page 4. See Searching for an email with Email Track and Trace on page 5. See Viewing Email Track and Trace search results on page 8. Enabling a user for Email Track and Trace An administrator with the Edit Configuration user role can access Email Track and Trace. An administrator can assign the Email Track And Trace user role to other portal users who are within the administrator's organization.
Enabling a user for Email Track and Trace 14 To enable a user for Email Track and Trace 1 Select Administration > User Management. 2 Add the new user, or locate an existing user. 3 Assign the Email Track and Trace custom role to the user. See About Email Track and Trace on page 4.