Hi,
I recently started using RBLs to try to block SPAM. I have our Mail Filter set up to mark and deliver spam with scores 3-5 with Subject line tag as SUSPECT: and mark and deliver Subject line tag SPAM with scores 5-9 and block with scores 10 or higher. This has worked OK until we recently switched out our edge devices. An example email that we would like to block:
X-Spam-Score: 2
X-Spam-Report: Spam detection results: 2
AWL 0.001 Adjusted score from AWL reputation of From: address
BAYES_50 0.8 Bayes spam probability is 40 to 60%
DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid
DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature
DKIM_VALID_AU -0.1 Message has a valid DKIM or DK signature from author's domain
DKIM_VALID_EF -0.1 Message has a valid DKIM or DK signature from envelope-from domain
DMARC_PASS -0.1 DMARC pass policy
HTML_MESSAGE 0.001 HTML included in message
PDS_PRO_TLD 0.998 .tld TLD
RCVD_IN_SBL 0.141 Received via a relay in Spamhaus SBL
SPF_HELO_PASS -0.001 SPF: HELO matches SPF record
SPF_PASS -0.001 SPF: sender matches SPF record
URIBL_ABUSE_SURBL 1.25 Contains an URL listed in the ABUSE SURBL blocklist [www.spamdomain]
URIBL_SBL_A 0.1 Contains URL's A record listed in the Spamhaus SBL blocklist [xxx.xxx.xxx.xxx]
It seems that my block settings are too high to allow the spamfilter to block this email and we are getting a LOT of spam with similar scores. We are a sales / customer service organization and are willing to put up with a little spam to keep false positives low, but this email should be blocked, so it seems I am going to have to adjust my scoring. Are there any best practices or guides that I can follow? Thanks
Bruce
I recently started using RBLs to try to block SPAM. I have our Mail Filter set up to mark and deliver spam with scores 3-5 with Subject line tag as SUSPECT: and mark and deliver Subject line tag SPAM with scores 5-9 and block with scores 10 or higher. This has worked OK until we recently switched out our edge devices. An example email that we would like to block:
X-Spam-Score: 2
X-Spam-Report: Spam detection results: 2
AWL 0.001 Adjusted score from AWL reputation of From: address
BAYES_50 0.8 Bayes spam probability is 40 to 60%
DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid
DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature
DKIM_VALID_AU -0.1 Message has a valid DKIM or DK signature from author's domain
DKIM_VALID_EF -0.1 Message has a valid DKIM or DK signature from envelope-from domain
DMARC_PASS -0.1 DMARC pass policy
HTML_MESSAGE 0.001 HTML included in message
PDS_PRO_TLD 0.998 .tld TLD
RCVD_IN_SBL 0.141 Received via a relay in Spamhaus SBL
SPF_HELO_PASS -0.001 SPF: HELO matches SPF record
SPF_PASS -0.001 SPF: sender matches SPF record
URIBL_ABUSE_SURBL 1.25 Contains an URL listed in the ABUSE SURBL blocklist [www.spamdomain]
URIBL_SBL_A 0.1 Contains URL's A record listed in the Spamhaus SBL blocklist [xxx.xxx.xxx.xxx]
It seems that my block settings are too high to allow the spamfilter to block this email and we are getting a LOT of spam with similar scores. We are a sales / customer service organization and are willing to put up with a little spam to keep false positives low, but this email should be blocked, so it seems I am going to have to adjust my scoring. Are there any best practices or guides that I can follow? Thanks
Bruce
