Showing results for 
Search instead for 
Did you mean: 
Cisco Secure Email Support Community

Product Support Talos Support Cisco Support Reference + Current Release
Gateway Reputation Lookup Open a support case Secure Email Guided Setup
Gateway: 14.0.1-033
Cloud Gateway Email Status Portal Support & Downloads
Email and Web Manager: 14.0.0-418
Email and Web Manager Web & Email Reputation Worldwide Contacts Product Naming Quick Reference
Reporting Plug-in:
Encryption Bug Search
Encryption Plug-in:
Cloud Mailbox Notification Service
Outlook Add-in(s): More info


ESA Iron port: Whitelist senders with PRVS enabled on their mailboxes

Hello all, 


In our company we have some senders which hase some SPAM filters enabled on their mailboxes which means that our ESA Ironport as sender addresses sees something like this: 

We don't want to whitelist all domain, but just this one user mail address to go throught our filters. 

Examples for Incoming mail policies shows only (e.g., user@,, 

I have tried like * but seems not working like that. 


So does anyone have solution for this? 




Octavian Szolga


Can you please be more specific? Those addresses are modified by ESA using a feature called bounce verification:


If the sending domain also uses ESA, that's why you see those email with the prvs=6829960914 tag.

It's not exactly wise to skip spam based on a specific email address, although it's doable.

Usually, you skip spam engine before reaching Incoming Mail Policy, in HAT, by adding the sender domain or IP in a specific Sender Group that has attached a Mail Flow Policy that does not have SPAM engine enabled.


Still, going back to your scenario, have you tested your policy for let's say email sender  with only in the Incoming Mail Policy?

I'm asking you this, because:


  • Sender address matches:
    • Envelope Sender (RFC821 MAIL FROM address)
    • Address found in the RFC822 From: header
    • Address found in the RFC822 Reply-To: header

I expect 'prvs' email to be in Envelope Sender field but not in From header, so I guess it would work.









I will try to whitelist like this  with only but I think I already tried it some time ago and it was still quarantined. Will let You know once get another mails from this affected sender. 

Hello Kajinssa,


To add - the prvs tagging is done by bounce verification - so as the email leaves your environment (assuming it's enabled) your environment will tag it - once the recipient replies; your device will strip (or should) strip the prvs tagging as it receives assuming it's a tagging your side did.


Now if the issue is this tag is done by another Cisco secure email customer and you're receiving it like this - you cannot strip the tagging as it's not your own tagging.


So to allow this email through and not get hit by quarantine - I would like to ask:

- Which quarantine is it matching? Is it anti-spam that flags it? or is it a content filter?



If it's anti-spam the only means that i can recommend is using a message filter which allows you to add the variables; incoming mail policies will match specific full usernames or domains only which as you shared is not ideal.


That means if you're on-prem just use the CLI and create a message filter to allow this email to skip anti-spam.

If you're on CES - you will need to either:


1) Get CLI access to your CES allocation and create the filter

2) Engage Cisco TAC to assist you in getting access/configuring the message filter with your consent.


A message filter could be:


if mail-from ==""






Where the username is a contains rule and it should skip as long as this string is consistent.

If you use equals to then you need to have the prvs-tagging.


Thanks i hope this helps.




Hello Mathew, 


Thanks for Your input. Yes, this PRVS tag is done by other CISCO ESA and we are receiving email like this. And it is maching our Incoming mail policies - so Content filter. 

It could be easily resolved, if there will be possibilty to use * to catch all string which are after this char. 



Hello @Octavian Szolga , 

So I tried to whitelist just but ESA ignore it, if sender address have this prvs tag at the begginning.