01-11-2012 01:18 PM
Is it possible to scan the body of a message and create an alert when it finds poor grammar?
Scammers from a country know for the scheme can setup an AOL, Yahoo or other free account that would come from a 'trusted' mail server. However if you look at the text of the message it can be poorly written with certain words be captilized in the middle of a sentenace. I had this happen and a user thought it was out of the ordinary and come to find out it was a phising message. Short of relying on human training it would be beneficial if you could scan the body for errors and create an alert for closer inspection.
01-16-2012 02:23 AM
Hello Jamie,
there is no such functionality available in AsyncOS, however the task you are describing is something the Antispam engine takes care of. While it also does not have a "good/bad grammar" feature as well, it knows a lot more patterns related to poor written spam. I suggest that you activate to quarantine messages flagged as suspected spam. Depending on the review, the spam quarantine will update the spam corpus if a message is released as false positive, which, in return, improves the antispam database. So some sort of training as you pointed out.
Hope that helps,
Andreas
01-16-2012 07:00 AM
Thanks. I will give that a try but would this catch anything from an address that is on a whitelist? If someone was able to hack into a users mailbox and send us a malicious message would it not bypass the suspected spam filter?
01-17-2012 02:29 AM
Hello Jamie,
indeed the Whitelist does not have span scanning enabled by default (can be changed in the mail flow policies), however in the scenario you decribe you would receive all kind of spam through that account, not only those with bad grammar. That's why it's called a whitelist, which should be used only for hosts you trust not to send spam. Malicous messages are still get blocked though, as antivirus is activated in all sendergroups by default.
Also note, sendergroups are only matching hosts or IPs, not individial sender addresses.
REgards,
Andreas
02-27-2012 11:33 PM
This would be very very overheading performance of the Ironport or (if in case at the...) Server level. On other way, ther is no features from the Ironport however you may found that features on the 3rd party application like SMSME (i believe) then enable and create a reg-exp body policy to scan each and every email coming in and out. But, pretty sure this would be a very overheading on the performance of the Host.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: