# alimail-security

Part of **ALIMAIL**

<!-- intent-backlink:auto -->

> 💡 **Path Selection**: This skill is one implementation path for the following routing skills. If you're unsure which path to take, check the corresponding routing skill:

> - [Recover access to mailbox login](../../intent/alimail-recover-access/SKILL.md)
> - [Troubleshoot why an email was not received](../../intent/alimail-troubleshoot-received/SKILL.md)
> - [Set up secure email communication](../../intent/alimail-configure-communication/SKILL.md)

# Alibaba Mail Security Console Guide

## Operations Overview

| Operation | Console Entry | Prerequisites | Description |
|----------|---------------|---------------|-------------|
| Change Password | Settings > Account and Security > Account Security > Change Password | Access to Alibaba Mail web client, registered mobile phone number | Update your account password with SMS verification |
| Set or Cancel Trusted Devices | Settings > Device Management | Active Alibaba Mail account, logged into web client | Mark a device as trusted to skip 2FA on future logins or revoke trust |
| Set Up S/MIME Signing and Encryption | Settings > View more settings > Account and Security > S/MIME Settings | AI Premium Edition access, valid PKCS#12 certificate, admin-enabled S/MIME | Import S/MIME certificates and enable digital signatures and email encryption |
| Configure Spam Filtering | Console > Mail > Anti-spam Settings | Admin access, domain configured in Alibaba Mail | Set spam filtering level and enable quarantine for suspected messages |
| Configure Custom Anti-Spam Settings | Web Client > Settings > Anti-Spam Settings | Access to Alibaba Mail web client, valid login | Choose filtering strictness and configure permanent deletion of spam |
| Add to Blacklist | Console > Mail > Settings > Blacklist | None | Block specific email addresses, domains, or IP addresses from sending emails |
| Add to Whitelist | Console > Mail > Settings > Whitelist | Access to Alibaba Mail web client | Allow specific senders to bypass spam filters |
| View Recent Logon Logs | Alibaba Mail Web Client > Settings > Account and Security > Log Query > Logon Log | Logged into Alibaba Mail web client | Review login history for the past 180 days |
| Configure External Account Reminder | Console > Security Management > External Account Reminder | Administrator account access | Set warning level for external sender addresses in received emails |

## Operation Steps

### Change Password

**Navigation**: Settings > Account and Security > Account Security > Change Password

**Prerequisites**:
- Access to the Alibaba Mail web client
- A registered mobile phone number attached to the account

1. Log on to the Alibaba Mail web client and click the **Settings** button in the upper-right corner  
   - Element: **Settings** (button) — upper-right corner

2. Navigate to **Account and Security** in the left navigation panel  
   - Element: **Account and Security** (menu) — left navigation panel

3. Click the **Change Password** button in the main content area  
   - Element: **Change Password** (button) — main content area  
   - Notes: After clicking, you will be prompted to authenticate via a text message sent to your attached mobile phone number.

4. Enter your **Old Password** and **New Password**, then click **OK**  
   - Element: **OK** (button) — dialog confirmation  
   - Notes: The password change is only completed after successful mobile verification.

| Parameter | Type | Required | Options/Values | Description |
|-----------|------|----------|----------------|-------------|
| Old Password | text_input | Yes | — | Enter your current password to verify identity before changing it. |
| New Password | text_input | Yes | — | Set a new password that meets the security requirements. |

### Set or Cancel Trusted Devices

**Navigation**: Settings > Device Management

**Prerequisites**:
- User must have an active Alibaba Mail account
- User must be logged in to the Alibaba Mail web client

1. Log on to the Alibaba Mail web client by entering your account and password  
   - Element: **Alibaba Mail web client** (link) — browser address bar

2. On the Two-Factor Authentication page, check the box to set the device as trusted  
   - Element: **Set as trusted device, skip verification for next logon** (checkbox) — Two-Factor Authentication page  
   - Notes: This option appears after successful password entry during login.

3. Click the **Settings** button in the upper-right corner of the web client  
   - Element: **Settings** (button) — upper-right corner

4. In the Device Management section, click **Cancel trusted device**  
   - Element: **Cancel trusted device** (button) — Device Management section  
   - Notes: The exact label may vary slightly depending on region; international version uses 'Unauthorize device'.

### Set Up S/MIME Signing and Encryption

**Navigation**: Settings > View more settings > Account and Security > S/MIME Settings

**Prerequisites**:
- Access to the AI Premium Edition of Alibaba Mail
- A valid S/MIME certificate in PKCS#12 format (.p12 or .pfx)
- Administrator must have enabled S/MIME feature in domain management console
- Personal certificate imported before enabling features

1. Click **Settings** in the top navigation panel  
   - Element: **Settings** (menu) — top navigation panel

2. Click **View more settings** under the Settings menu  
   - Element: **View more settings** (link) — under Settings menu

3. Select **Account and Security** from the left navigation panel  
   - Element: **Account and Security** (menu) — left navigation panel

4. Click on the **S/MIME Settings** tab  
   - Element: **S/MIME Settings** (tab) — main content area

5. Click **Import a new certificate** in the top-right corner  
   - Element: **Import a new certificate** (button) — top-right corner  
   - Notes: Uploads a .p12 or .pfx file containing the private key

6. Enter the **Certificate password** when prompted in the dialog box  
   - Element: **Certificate password** (text_input) — dialog box  
   - Notes: Required if the certificate contains a private key

7. Toggle **Digital signature** to enable signing  
   - Element: **Digital signature** (toggle) — main content area  
   - Notes: Must be enabled after certificate import

8. Toggle **Email encryption** to enable encryption  
   - Element: **Email encryption** (toggle) — main content area  
   - Notes: Enables encryption using recipient's public key

| Parameter | Type | Required | Options/Values | Description |
|-----------|------|----------|----------------|-------------|
| Certificate file | file | Yes | — | Upload an S/MIME certificate in PKCS#12 format (.p12 or .pfx) |
| Certificate password | password | Yes | — | Password for the certificate file if it contains a private key |

### Configure Spam Filtering

**Navigation**: Console > Mail > Anti-spam Settings

**Prerequisites**:
- Admin access to the Alibaba Mail console
- Domain already configured in Alibaba Mail

1. Navigate to the **Anti-spam Settings** page  
   - Element: **Anti-spam Settings** (link) — left navigation panel

2. Select the desired **Spam Filtering Level** from the dropdown  
   - Element: **Spam Filtering Level** (dropdown) — main content area  
   - Notes: Options include Low, Medium, High, and Custom. Custom allows advanced rule configuration.

3. Check **Enable Spam Quarantine** if you want to review suspected spam  
   - Element: **Enable Spam Quarantine** (checkbox) — main content area  
   - Notes: When enabled, suspected spam emails are moved to a quarantine folder for review.

4. Click **Save** at the bottom of the page  
   - Element: **Save** (button) — bottom of the page  
   - Notes: Changes take effect immediately after saving.

| Parameter | Type | Required | Options/Values | Description |
|-----------|------|----------|----------------|-------------|
| Spam Filtering Level | dropdown | Yes | Low, Medium, High, Custom | Determines how aggressively emails are scanned for spam content. |
| Enable Spam Quarantine | checkbox | No | — | If enabled, spam emails are quarantined instead of being deleted. |

### Configure Custom Anti-Spam Settings

**Navigation**: Web Client > Settings > Anti-Spam Settings

**Prerequisites**:
- Access to the Alibaba Mail web client
- Login with valid credentials

1. Click the **Settings** button in the upper-right corner of the web client  
   - Element: **Settings** (button) — upper-right corner

2. Select an anti-spam level from the radio options: **Low**, **Medium**, **High**, or **Strict**  
   - Element: **Low, Medium, High, Strict** (radio) — main content area  
   - Notes: The 'Strict' option only allows emails from whitelisted senders and contacts. The 'Low' option may deliver spam to your inbox.

3. Review and optionally check **Permanently delete**  
   - Element: **Permanently delete** (checkbox) — main content area  
   - Notes: This setting is not recommended due to risk of losing important emails.

| Parameter | Type | Required | Options/Values | Description |
|-----------|------|----------|----------------|-------------|
| Anti-spam Level | dropdown | No | Low, Medium, High, Strict | Determines how aggressively incoming emails are filtered for spam. |
| Permanently delete spam | checkbox | No | Yes, No | If enabled, all new incoming spam will be permanently deleted without being moved to the junk folder. |

### Add to Blacklist

**Navigation**: Console > Mail > Settings > Blacklist

**Prerequisites**:  
None

1. Log in to the Alibaba Mail web client and click the **Settings icon**  
   - Element: **Settings icon** (button) — upper-right corner of the page

2. Choose **Mail Settings** > **Blacklist** from the dropdown menu  
   - Element: **Mail Settings** (menu) — dropdown menu from Settings icon

3. Click **Add to Blacklist**  
   - Element: **Add to Blacklist** (button) — main content area  
   - Notes: You can add an IP address, domain name, or sender address. Nicknames and display names are not valid.

4. Alternatively, open an email and click **More options**  
   - Element: **More options** (link) — context menu or action bar

5. In the report form, select the **Add to blacklist** checkbox  
   - Element: **Add to blacklist** (checkbox) — in the report form  
   - Notes: In international version, the label is 'Add the above address to the blacklist'.

### Add to Whitelist

**Navigation**: Console > Mail > Settings > Whitelist

**Prerequisites**:
- Access to Alibaba Mail web client

1. Click the **Settings** button in the upper-right corner of the page  
   - Element: **Settings** (button) — upper-right corner

2. Navigate to **Mailbox Settings** > **Whitelist**  
   - Element: **Mailbox Settings** (menu) — left navigation panel

3. Click **Add to Whitelist**  
   - Element: **Add to Whitelist** (button) — main content area  
   - Notes: You can enter an IP address, domain name, or sender email address.

| Parameter | Type | Required | Options/Values | Description |
|-----------|------|----------|----------------|-------------|
| Address to add | text_input | Yes | — | Enter an IP address, domain name, or sender email address to be added to the whitelist. Nicknames and display names are not supported. |

### View Recent Logon Logs

**Navigation**: Alibaba Mail Web Client > Settings > Account and Security > Log Query > Logon Log

**Prerequisites**:
- Logged in to Alibaba Mail web client

1. Click the **Settings** button in the upper-right corner  
   - Element: **Settings** (button) — upper-right corner

2. Navigate to **Account and Security** > **Log Query**  
   - Element: **Account and Security** (menu) — Settings page

3. Select the **Logon Log** tab  
   - Element: **Logon Log** (tab) — Log Query section  
   - Notes: The logs show activity from the past 180 days.

### Configure External Account Reminder

**Navigation**: Console > Security Management > External Account Reminder

**Prerequisites**:
- Administrator account access to Alibaba Mail

1. Log in to Alibaba Mail using the administrator account and go to domain management background  
   - Element: **Security Management** (menu) — left navigation panel

2. Click **External Account Reminder** under Security Management  
   - Element: **External Account Reminder** (link) — left navigation panel

3. Select one radio option: **No Alert (Not Recommended)**, **General Alert for Sender Name (Default)**, or **Advanced Alert for Sender Name and Address**  
   - Element: **No Alert (Not Recommended)** (radio) — main content area

4. Click **Save** in the upper-left corner  
   - Element: **Save** (button) — upper-left corner

| Parameter | Type | Required | Options/Values | Description |
|-----------|------|----------|----------------|-------------|
| No Alert (Not Recommended) | radio | No | No Alert (Not Recommended), General Alert for Sender Name (Default), Advanced Alert for Sender Name and Address | Sets the level of warning displayed for external sender addresses in incoming emails. |

## FAQ

Q: Where can I find my recent login history?
A: Go to Settings > Account and Security > Log Query > Logon Log in the Alibaba Mail web client. Logs are retained for up to 180 days.

Q: What happens if I enable "Permanently delete spam"?
A: All new incoming spam emails will be deleted immediately without being moved to the Junk folder. This is irreversible and not recommended.

Q: Can I use S/MIME without the AI Premium Edition?
A: No. S/MIME signing and encryption require the AI Premium Edition of Alibaba Mail and must be enabled by an administrator.

Q: How do I stop being prompted for two-factor authentication on my personal device?
A: During login, check the "Set as trusted device, skip verification for next logon" checkbox on the 2FA page. You can later revoke this in Settings > Device Management.

Q: What types of addresses can I add to the blacklist or whitelist?
A: You can add full email addresses, domain names (e.g., example.com), or IP addresses. Display names or nicknames are not supported.

## Pricing & Billing

### Billing Model
All security features described in this guide—including password changes, trusted devices, S/MIME, spam filtering, blacklists, whitelists, log viewing, and external account reminders—are included at no additional cost with standard Alibaba Mail plans.

### Free Tier
- Password changes: free, no usage limits
- Trusted device management: free
- S/MIME: available in AI Premium Edition at no extra cost (max 30 certificates per mailbox)
- Anti-spam, blacklist, whitelist: free for all users
- Logon logs: automatically stored for 180 days at no charge
- External account reminders: free for administrators

### Billing Notes
These console operations do not incur any charges or consume quotas. S/MIME requires the AI Premium Edition but does not add incremental billing. Spam quarantine storage counts toward your overall mailbox quota.