Problem:

EMF supports many different policy types, the most commonly used of which is a Basic Mail Filtering policy. Regarding execution order in the policy engine, policies must be considered to act at the same time. However, the Unencrypted Message Filter policy type is an exception to the "all at once" rule, and is always executed in the final stage of the policy engine, after all other policies are executed, allowing certain types of message checking that is sometimes necessary.

Solution:

An Unencrypted Message Filter policy is normally used in an EMF security context. It is normally used to check the contents of a message that has had its encryption/signature stripped by EMF Allow Security Stripping policies, and has subsequently been altered by the policy engine. (For more information on Security Stripping, please see the EMF Administrator's Guide.) An Unencrypted Message Filter policy is normally used as a final check on such messages before delivery. An Unencrypted Message Filter policy therefore conveniently acts last in the policy engine execution order.

This property of an Unencrypted Message Filter policy allows it to be used outside of a security context, to check any message desired, especially when you need to check something in the message that has just been done by the policy engine. A Basic Mail Filtering policy is insufficient in these cases. An Unencrypted Message Filter policy can be written in the same way as a Basic Mail Filtering policy, but instead acts in the final stage of the policy engine.

Examples of where you may wish use an Unencrypted Message Filter policy:

1. Check for the presence of the spam confidence X-header in the message. The Unencrypted Message Filter policy can be written to log a unique event to the EMF Event Log as the policy action. Counting the number of times that this event is logged each day will give you a good approximation of the number of these messages that are released from quarantine each day (either manually or by the Personal Quarantine Manager feature). Note that the Unencrypted Message Filter policy is not executed if a message is quarantined, only when the message is released from quarantine.

   Messages released from quarantine are processed by the Policy Engine again, but only outbound security policies are applied. (The same process is used when an Email Firewall Administrator releases a message from Quarantine using Web Admin, or an end user releases a message using the Personal Quarantine Manager feature.) This means that the Policy Engine will not apply content-type policies, but will apply security policies, including Unencrypted Message Filter policies.
   
   

2. Any policy-generated notifications, including any Return to Sender non-delivery reports, queue threshold notifications, and Quarantine Summary Notifications, are sent through the policy engine for encryption/signing only. To check the content of these notifications, an Unencrypted Message Filter policy must be used, since the standard "all policies at once" phase of policy execution occurs before the encryption/signing phase, and does not occur for policy-generated notifications.