/
Risky Policies Detection and Remediation in Email Gateway Defense

Risky Policies Detection and Remediation in Email Gateway Defense

Email Gateway Defense (EGD) displays a notification banner when risky policy configurations are detected for your tenant. Risky policies are overly broad allow rules, such as whole-domain allows for large external senders or wildcard patterns (for example, *.vendor.com), that bypass security controls and increase exposure to spoofing and impersonation attacks.

EGD detects high-risk domain allow rules for commonly impersonated vendors, such as financial software and e-signature providers. Detection runs across account-level, domain-level, and user-level policies.

Where the Banner Appears

A Risky Policies Detected banner appears at the top of all pages in the EGD admin console when risky policies are detected.

riskyPoliciesEGD.png

The banner remains visible as long as risky policies are unresolved. If you choose not to take action, the banner reappears on your next login.

Banner changes, such as new risky policies being detected or all policies being remediated, are reflected after you refresh the page.

How to Remediate Risky Policies

To remediate, click Improve email security by removing them in the Risky Policies Detected banner. This opens the Risky Policies page in Email Protection, a separate Barracuda experience for managing email security policies.

  • Delete all – Removes all flagged policies across all levels for the tenant you are currently managing.

  • Delete individually – Click the trash can icon next to any specific policy to remove it on its own.

Note: Deletion cannot be undone.

If removal partially fails, for example, due to a permission issue at one policy level, an alert appears and policies that could not be deleted return to their default state. The banner will continue to appear if some risky policies remain or a recheck finds qualifying policies.

For the full step-by-step remediation instructions, see Risky Policies Detection and Remediation.

Best Practices

  • Replace broad allow rules (for example, wide wildcards) with specific, verified senders or domains.

  • Use authentication-based controls (SPF, DKIM, DMARC alignment) instead of blanket allow lists.

  • Review exceptions regularly and remove unused or legacy entries.

  • Consult the EGD Best Practices Guide for recommended configuration settings and optimization tips.

Notes

  • Detection runs automatically – No configuration is required. Only administrators with access to Email Protection can modify or remove flagged policies. Changes take effect after you save your updates on the Email Protection Risky Policies page.

  • No automatic remediation – Email Protection does not delete or modify risky policies without your explicit confirmation.

We value your feedback.
If you have questions, suggestions, or feedback on our documentation, contact the Campus Product Documentation team.
For general product inquiries or technical support, please contact the global Barracuda Support team.