01-27-2010 01:43 PM
Hi guys,
Over the past week I've noticed a large number of spam not scoring enough to get blocked.
Take for instance last night, there were over 35 emails to various staff members, All the same subject, all for best medical online all with noreply@message.myspace.com with just a single a href url in the body, the highest reputation score that one hit was like a -2.9 alot are in the positives, but I'm seeing more and more of this happening over the past week.
Is anyone else experincing this?
Cheers Jj
01-29-2010 07:02 AM
Hi J,
-2.9 should be blocked by reputation filtering. It looks as through the spam is being sent via a bounce method, i.e. spoof your internal address and send messages to another gateway. The bounce will then come back to you internal user with the URL. Two things to do here, first check the reputation of the URL on www.senderbase.org in order to check the validity of it. Second enable bounce verification to ensure that these bounce messages are dropped at the gateway, i.e. if it wasn't sent through your ironport you shouldn't be accepting the bounce.
Dan
02-03-2010 05:59 AM
Hi All,
You may want to think about rising the BLOCKED policy limits a bit also. I have a great number of users who actually block -2.1 and lower (where -3.0 is default)
They claim they don't have any false positives on reputation scoring as far as they know.
Jeroen
02-03-2010 07:38 AM
In Ireland tend to go with -2.1 for the enterprise space and -3.1 in the ISP space.
Only one report of an FP on senderbase in the last 3 years.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: