cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1438
Views
0
Helpful
4
Replies

Scan for poor grammar

jheadley
Level 1
Level 1

Is it possible to scan the body of a message and create an alert when it finds poor grammar? 

Scammers from a country know for the scheme can setup an AOL, Yahoo or other free account  that would come from a 'trusted' mail server.  However if you look at the text of the message it can be poorly written with certain words be captilized in the middle of a sentenace.  I had this happen and a user thought it was out of the ordinary and come to find out it was a phising message.  Short of relying on human training it would be beneficial if you could scan the body for errors and create an alert for closer inspection.

4 Replies 4

Andreas Mueller
Level 4
Level 4

Hello Jamie,

there is no such functionality available in AsyncOS, however the task you are describing is something the Antispam engine takes care of. While it also does not have a "good/bad grammar" feature as well, it knows a lot more patterns related to poor written spam. I suggest that you activate to quarantine messages flagged as suspected spam. Depending on the review, the spam quarantine will update the spam corpus if a message is released as false positive, which, in return, improves the antispam database. So some sort of training as you pointed out.

Hope that helps,

Andreas

Thanks.   I will give that a try but would this catch anything from an address that is on a whitelist?  If someone was able to hack into a users mailbox and send us a malicious message would it not bypass the suspected spam filter? 

Hello Jamie,

indeed the Whitelist does not have span scanning enabled by default (can be changed in the mail flow policies), however in the scenario you decribe you would receive all kind of spam through that account, not only those with bad grammar. That's why it's called a whitelist, which should be used only for hosts you trust not to send spam. Malicous messages are still get blocked though, as antivirus is activated in all sendergroups by default.

Also note, sendergroups are only matching hosts or IPs, not individial sender addresses.

REgards,

Andreas

ninoroygaleos
Level 1
Level 1

This would be very very overheading performance of the Ironport or (if in case at the...) Server level. On other way, ther is no features from the Ironport however you may found that features on the 3rd party application like SMSME (i believe) then enable and create a reg-exp body policy to scan each and every email coming in and out. But, pretty sure this would be a very overheading on the performance of the Host.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: