Increase in spam

Unanswered Question
Jan 27th, 2010

Hi guys,

Over the past week I've noticed a large number of spam not scoring enough to get blocked.

Take for instance last night, there were over 35 emails to various staff members, All the same subject, all for best medical online all with [email protected] with just a single a href url in the body, the highest reputation score that one hit was like a -2.9 alot are in the positives, but I'm seeing more and more of this happening over the past week.

Is anyone else experincing this?

Cheers Jj

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
dangriff Fri, 01/29/2010 - 07:02

Hi J,

-2.9 should be blocked by reputation filtering.  It looks as through the spam is being sent via a bounce method, i.e. spoof your internal address and send messages to another gateway.  The bounce will then come back to you internal user with the URL.  Two things to do here, first check the reputation of the URL on in order to check the validity of it.  Second enable bounce verification to ensure that these bounce messages are dropped at the gateway, i.e. if it wasn't sent through your ironport you shouldn't be accepting the bounce.


jarends Wed, 02/03/2010 - 05:59

Hi All,

You may want to think about rising the BLOCKED policy limits a bit also. I have a great number of users who actually block -2.1 and lower (where -3.0 is default)

They claim they don't have any false positives on reputation scoring as far as they know.


dangriff Wed, 02/03/2010 - 07:38

In Ireland tend to go with -2.1 for the enterprise space and -3.1 in the ISP space.

Only one report of an FP on senderbase in the last 3 years.


This Discussion