Reflexion and You: Recommend Practices
Posted by Max McElroy, Last modified by Max McElroy on 31 July 2020 03:08 PM
This article applies to any Enterprises using any Reflexion services (RTC, RADAR, RTCEncrypt)
This article will: briefly describe recommended practices and requirements, provide links to configuration KBs
This article will not: provide specific configuration information (MX, smarthost, etc)
Reflexion can be a little confusing when first approached, but thankfully the configuration and setup are simple and straightforward. If you just purchased your Reflexion licenses through Sophos, created your first partnered client, or just need a refresher, please read on for a high level description of the setup flow.
1. With the Enterprise created in the database, the next step to is to make sure that the final destination mail server (mail exchanger) is setup to receive from Reflexion. On Exchange based systems, this is accomplished by creating Connectors that allow mail delivery from out IP ranges.
2. Once the inbound mailflow is configured, you can safely set your MX record to point to Reflexion's servers.
3. If you are sending outbound through our services, we very strongly recommend configuring an SPF record with Reflexion's information in it. While SPF is not a standardized Internet policy, it has become very popular as a domain authentication item. Reflexion does not offer DKIM signing, and we cannot recommend using Reflexion outbound while using a DKIM signature.
For additional information on these steps, please view this KB:
The settings on the Enterprise Properties page are the "New User Default" settings: any users created will automatically inherit those settings. The default settings will capture are effective, but may require some fine-tuning. For a "quick-setup," we would recommend moving the Spam Threshold slider to 75, and enabling the Spoofing Prevention option. For more information about advanced filtering options, please view this KB:
Additional Paid Services
Reflexion Archiving, Discovery, and Recovery (RADAR). Reflexion offers the RADAR archiving service as an additional option to RTC. This will automatically copy any messages processed for archive enabled users over to the RADAR service. Users are then able to access their archived mail on the archive.reflexion.net portal. For information on RADAR, please view this KB:
Please note: For optimal performance on RADAR, we strongly suggest using the Reflexion smarthost to send mail outbound through our servers. This will allow us to capture both inbound and outbound mail for the enabled users.
Reflexion Encryption Services (RTCEncrypt). Utilizing a self-hosted version of ZixEncrypt, Reflexion is able to offer secure message transfer from our clients to their mail recipients. Zix's secure message network receives a securemail request from our servers, holds onto the message, and sends a notification to the recipient that they have a securemail waiting from the sender. RTCEncrypt also offers Force TLS options on special request. For more information on RTCEncrypt, please view this KB:
Please note: RTCEncrypt REQUIRES the use of the Reflexion smarthost. In order to pass the mail off to Zix, we need to receive the outbound mail from the mail exchanger.
As usual, please feel free to contact support if there are any questions!