List Servs

Unanswered Question
May 22nd, 2009

I have an internal department that has payed for the services of an external list serve. They now are able to easily send e-mail to a large number of recipients. The funny thing is that their newsletters are getting quarantined as SPAM when they are delivered to internal recipients. This is the first time I've encountered IronPort tagging e-mail that could be considered not SPAM.

The first option that I am going to give them is rather than use an external source to distribute newsletters to internal people is to just do it via our Exchange system using a mail merge. E-mails wont even go through our IronPort env. this way.

What other options do I have?

I don't want to white list the external list serve as they are also sending us legitimate SPAM that needs to be quarantined.

Thoughts?

The external list serve is spoofing our internal user's e-mail address as the FROM header which I currently allow both incoming and outgoing mail. This is something that is high on my list to begin researching and possibly shutting down.

Thoughts on this?

Thanks and long live the NATION.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mychrislo_ironport Mon, 05/25/2009 - 03:10

This is going to be very difficult. As a matter of facts, we have similar problems too.

My first thought is that, it is the external list serve problems. They are not using good ip, they are also mixing bad spams among with the good eDM your internal depts *pay* them to deliver. Complain them direclty. If you can.

(normally can't, because surely you can't control your internal dept, and the external list serv maintainers are going to say its your problem).

The 2nd thought is that you can maintain a list serve yourself. Just as you stated. But that's becoming you doing their job.

And actually, that's what's happening here. we mainten the email infrastructure here *and* doing the nasty eDM jobs. Pain in the neck.

We also *ignore* anyone with bad SBRS. That's just a policy, no one can/shall break it.

kyerramr Tue, 05/26/2009 - 08:32

Since for your environment these messages are not spam (False Positive's), have these submitted via Cisco IronPort Support for review and see why these are being tagged as SPAM (SBRS,content,reports or traps).

This should help you in identify why these messages are being tagged as SPAM by IPAS.

-Kishore

Jason Meyer Tue, 06/02/2009 - 16:02

I sent them to IronPort for evaluation and they indicated that they failed a Lottery Scam Rule. I did some digging on what that is and read that it could be an e-mail with links to webpages that will try to get users to imput their bank account information. Our e-mail did not have that but did have two links to the external list serve service for subscription maintenance?...

Actions

This Discussion