The actions invoked by each policy determine how a message is processed. However, actions invoked by end-user Good and Bad Senders groups override all actions except those actions invoked by content filtering policies.
Archive the message, Create an incident (without holding for review), Forward a copy of the message, Send a bounce message, Send notification
Hold message in Suspect Virus Quarantine, Strip and Delay in Suspect Virus Quarantine
Create an incident and hold message for review.
Add a header, Add annotation, Add BCC recipients, Clean the message, Deliver message with TLS encryption, Deliver message with content encryption (this action exhibits both route and modify category behaviors), Modify the subject line, Remove unresolved recipients, Strip attachments
Hold message in Spam Quarantine, Route the message, Deliver message with content encryption (this action exhibits both route and modify category behaviors)
Deliver message normally
Table: Processing action combination matrix shows how actions in processing categories combine. Actions are listed according to their processing category. Match an action-processing category in the left-hand column with an action-processing category in the top row to see how actions in those processing categories combine. Actions whose names begin with Treat as are processed according to the action specified by the policy to which they refer. For example, the Treat as a virus action is processed according to the action specified by your malware policy. Actions whose names begin with Bypass are subject only to the user interface limitations.