|Email Plug-in (Reporting):||1.0.1-048|
|Email Plug-in (Encryption):||1.0.0-036|
Do we still send reports to these addresses or does Cisco use new ones? Been getting a lot of missed spam lately and despite reports for very similar spam emails they still are not being blocked.
False positives should go to email@example.com
False negatives (missed spam) should be sent to firstname.lastname@example.org
How do you all handle the forwarding of these spam or ham messages to IronPort in RFC-822 format?
End users are typically not "smart" enough to do this on their own. How do you all automate this on behalf of the end user?
I do it myself, just click on the message and then forward it to email@example.com
I always try to prevent/insulate the users from making ANY decisions when it comes to security.
Do you have your mail client already configured to forward mail as a RFC-822 formatted message? Because if not simply forwarding the message with default settings to that spam reporting address it does no good.
Wondering if this is also the correct rout to go for submitting mis-categorized Marketing emails?
There's a mailing list I'm on where every message get's flagged as Marketing. I reported yesterday to the ham address but they're still being flagged.
Copied from the support document:
Customers using IronPort Anti-Spam or Symantec Brightmail Anti-Spam will want to submit both 'missed spam ' (False Negatives) and messages which are incorrectly classified as SPAM (False Positives). In either case, the submission must be attached to an email as an RFC-822 MIME encoded attachment. This ensures that the submission can be processed quickly and efficiently. The actual steps to follow are different for each mail program (Mail User Agent).
I have not been sending them as an attachment. All messages go through a mail filter where I believe they are in this format and I have been forwarding the message intact to firstname.lastname@example.org. So likely I have been wasting my time.
We're getting quite a few false negatives (missed spam) through these past couple of weeks. I've followed the instructions outlined in the knowledge base.
Out of curiosity, how long does it take on average before the forwarded spam gets picked up on and is secured against?
Sorry to say it appears to be an unknown. I have yet to see any cogent official reply here. I've forwarded several false positive to the ham address weeks ago and the same mailing list messages are still being flagged as marketing. I'd guess the chances of action will be similar for your false negative situation. Cisco picked up Ironport within a year or so of our implementation of the product. The "support" forum was never stellar to begin with (they want you to call for every little issue) such that it was useful primarily in a social way, or for people who won't read the docs. The Cisco acquisition clearly has not helped in any way that I can see. Now we have a forum that's an order of magnitude slower and more annoying to use and you can see the deafening silence above. I highly recommend you open a ticket if you need action.
We purchased Ironport instead of CanIT Pro because "we'll get better support from a larger company." While the performance of the product has been pretty good, that statment hasn't worked out to be true and (also given the lack of flexability of the product compared to a more open solution) you can probably guess what my recommendation will be when our C100 kicks the bucket.
Maybe all this shouldn't be a surprise: http://etherealmind.com/yes-no-question-cisco-licensing/
I finally had to open a ticket on this one. After a month we figured out that S/MIME signed (but non-encrypted) messages broke their submission system. After another month the documentation was updated slightly (and I had a firm "maybe" that they will work on fixing the submission system). Since the docs *still* aren't entirely clear (and I was tired of dealing with the unsupport department and gave up ) I offer some simple bottom line guidance to follow which should increase your chances of a successful submission.
Try using the MS Outlook plugin. When you submit WITHOUT using the MS Outlook plugin (for example because it is not supported when the MS Exchange 2003 management tools are installed on the workstation) make sure the following are true:
Obviously, there is no indication when the submissions are hitting the bit-bucket, so it would be wise to follow the list above. Good luck!