Whitelist Sendergroup

Unanswered Question
Aug 21st, 2008

When we adopted the IronPort solution a few years ago, we implemented a whitelist sendergroup with a trusted mail flow policy. The sendergroup used a +6 to +10 score and the mail flow policy exempted senders from anti-spam processing. Up unitl the last month or so, this has worked for us. Now we are seeing senders with exceptionally high SBRS scores sending spam which is matching our whitelist. Some messages are coming from hotmail.com, and gmail.com

Is anyone else using a configuration like this and is the consensus that it is getting easier for domains to achieve higher SBRS scores?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
SPAMHater_ironport Thu, 08/21/2008 - 19:01


When we adopted the IronPort solution a few years ago, we implemented a whitelist sendergroup with a trusted mail flow policy.  The sendergroup used a +6 to +10 score and the mail flow policy exempted senders from anti-spam processing. Up unitl the last month or so, this has worked for us. Now we are seeing senders with exceptionally high SBRS scores sending spam which is matching our whitelist. Some messages are coming from hotmail.com, and gmail.com

Is anyone else using a configuration like this and is the consensus that it is getting easier for domains to achieve higher SBRS scores?



So you have the MFC Policy set to OFF for SPAM detection? I found a WhiteList to trusting. I use override lists, such as low override, medium override etc. for example low would be anyone I am trying to accept before any of the other policies hit still SPAM and A/V scan. The other policies would be removing the A/V piece and so on. But I try to A/V and SPAM scan for everybody and use the "Incoming Mail Policies" to add a particular domain or user not no SPAM scanning. Been working pretty good ;-) just mix and match them and list them in the correct order. Ofcourse I test all this stuff out ahead of time. Separate listener with separate domain. Hope it helps.
RJ_ironport Thu, 08/21/2008 - 20:00

Thanks for the reply. yes, we currently have a Mail flow policy with SPAM detection turned off. This used to work very well for us, but it seems as though some senders are achieving higher reputation scores. I was thinking of creating a new sendergroup above our whitelist that matched specific domains (not scores) and enable anti-spam and maybe throttle them as well. what do you think?

I appreciate the help. Thanks!

SPAMHater_ironport Thu, 08/21/2008 - 20:42


Thanks for the reply. yes, we currently have a Mail flow policy with SPAM detection turned off. This used to work very well for us, but it seems as though some senders are achieving higher reputation scores. I was thinking of creating a new sendergroup above our whitelist that matched specific domains (not scores) and enable anti-spam and maybe throttle them as well. what do you think?

I appreciate the help. Thanks!


Well I don't think senders are necessarily achieving higher SBRS scores, what I am seeing is more SPAM coming from sources that already had high scores such as yahoo, hotmail, google etc. If you create a policy on top of your whitelist to throttle you will have to throttle those sources and I think you might get too many complaints from your users!! I would try and turn SPAM scanning on and just use the whitelist to override in other areas such as the throttling but still scanning for a/v and spam. Just my humble opinion ;-) Maybe someone else can offer more choices, or other methods.

Actions

This Discussion