Increase in spam

VeNoMouSNZ · ‎01-27-2010

Hi guys,

Over the past week I've noticed a large number of spam not scoring enough to get blocked.

Take for instance last night, there were over 35 emails to various staff members, All the same subject, all for best medical online all with noreply@message.myspace.com with just a single a href url in the body, the highest reputation score that one hit was like a -2.9 alot are in the positives, but I'm seeing more and more of this happening over the past week.

Is anyone else experincing this?

Cheers Jj

dangriff · ‎01-29-2010

Hi J,

-2.9 should be blocked by reputation filtering. It looks as through the spam is being sent via a bounce method, i.e. spoof your internal address and send messages to another gateway. The bounce will then come back to you internal user with the URL. Two things to do here, first check the reputation of the URL on www.senderbase.org in order to check the validity of it. Second enable bounce verification to ensure that these bounce messages are dropped at the gateway, i.e. if it wasn't sent through your ironport you shouldn't be accepting the bounce.

Dan

jarends · ‎02-03-2010

Hi All,

You may want to think about rising the BLOCKED policy limits a bit also. I have a great number of users who actually block -2.1 and lower (where -3.0 is default)

They claim they don't have any false positives on reputation scoring as far as they know.

Jeroen

dangriff · ‎02-03-2010

In Ireland tend to go with -2.1 for the enterprise space and -3.1 in the ISP space.

Only one report of an FP on senderbase in the last 3 years.