Sometimes administrators wish to trust email from certain addresses to avoid scanning messages to either save resources or avoid false positives. The safe list provides a convenient location to list safe and trusted email addresses that these applications will check before scanning email.
Global Safe List
Emails can be specified using Glob Matcher syntax so, for example, you can safe list entire domains as "*@example.com."
Per-User Safe List
Each user/email address also has their own safe list. For example, lets assume "firstname.lastname@example.org" has a quarantine that they manage via the quarantine application. In the quarantine application they can add addresses to their own safe list.
For example, email@example.com may add "firstname.lastname@example.org" to their safelist. All email from "email@example.com" to "firstname.lastname@example.org" will automatically be passed as safelisted, while email from "email@example.com" to other users will be scanned as normal.
Per-User safe lists provide a mechanism to deal with false positives that won't effect the overall false negative rate of other user/emails.
Emails can be specified using Glob Matcher syntax so, for example, you can safe list entire domains as "*@example.com." Also, note that a user/email can add "*" to their Per-User safe list to entirely disable spam/phish scanning for emails to them.
Users can edit their own Per-User safe list in the quarantine web application. Administrators can view/edit/purge users's safe lists in the administration UI.