Knowledgebase: Spam
Spam Settings Explained
Posted by Elvin C, Last modified by Vinh N on 03 August 2018 07:51 PM

Spam Settings

Spam settings can be adjusted from the Spam tab under Company Settings. Most of these same settings can also be set from the Spam tab under each individual User (or Functional Account). The spam engine behavior is actually based on each individual user's spam settings. Company Settings > Spam are used as a default for any new user(s) created.

Customize Spam Filtering

Some users might need different spam filter levels or options set. End Users (and admins) can manage their own filter settings.

  • Silent Users also have personal, customizable settings - but these must be set and managed by an admin. They don't have access to login and manage their own settings. 

Most users probably want all categories of spam filtered aggressively. Your Sales team, however, might want lenient filtering of commercial offers so potential leads aren’t wrongly identified as spam. You might adjust the spam settings of the functional account '' so the spam sensitivity slider is adjusted to a less aggressive trigger point; or you might disable 'Quarantine bulk mail:' for the purchasing team.

Spam Sensitivity (slider)

This feature has a wide range of settings (2 - 22) which endeavor to meet the needs of all users. It is possible to manage each user's spam trigger threshold by adjusting this slider to a trigger level more closely to their needs. The range includes:

  • Very Strict: 2 - 3
  • Strict: 4 - 5
  • Standard: 6 - 8
  • Loose: 9 - 14
  • Very Loose: 15 - 22

Within each of these ranges is a fine tuning range to keep detection in as small steps of increment that is required to detect and manage modern sophisticated botnets. Spam sliders and adjustments of trigger levels are available per user and per organisation. (The lower the trigger level, the more spam is stopped. The higher the trigger level, the less we stop spam.)

Quarantine release policy:

This setting allows the admin to determine who will have the ability to release messages from quarantine. If set to "User can release", each user can release their own messages from the quarantine using any of the available means. (See Releasing emails from Quarantine and Releasing emails from Digest)

If set to "Admin release only", users will be able to preview quarantined messages, but only an admin will be able to release the message from quarantine. If a user tries to release a message from quarantine from their quarantine digest report they will get the message "Email cannot be released without admin privileges, please contact your administrator"

Quarantine email suspected of being phish:

What the setting does:

Emails will be more likely to be quarantined if they are scanned and identified as “phishing” based on additional factors, including your spam sensitivity level.

How it functions:

When an Inbound mail arrives, we scan and score the email. Part of the score is based on whether or not our engine identifies the message as a phishing attempt. If the message is identified as "phishing" it will add points to the total score. If this option is selected, it will add more points to the total score - making it more likely that the message will be quarantined. If this option is unselected, it will still add points, but not as many - so the message would likely need additional factors to add enough points to exceed the threshold to be quarantined.

If the total score is above your sensitivity setting, it will be quarantined. If the total score is below your sensitivity setting, it will stilll not be quarantined - even though you have this option checked.

Require admin to release phish emails:

Similar to the above description for the Quarantine release policy. If this is set to "Yes" any message that is identified as a phishing attempt can not be released by an End User or Silent User. If they attempt to release a phishing message from quarantine, they will receive the error described above and be directed to contact their admin to release the message. 

If this is set to "No", phishing messages will be treated like any other quarantined message and can be released by the user. 

NOTE: If the Quarantine release policy is set to "Admin release only", this option is grayed out since it becomes irrelevant. If EVERY quarantined message requires admin privileges to release, then of course the same would apply to phishing messages.

Quarantine Bulk Email:

What the setting does:

Quarantine bulk email will quarantine emails if they are scanned and are identified as “Confirmed Bulk Email” based on numerous factors also of your spam sensitivity level.

How It functions:

When an Inbound mail arrives, and the spam setting “Quarantine bulk email” is checked. We scan the email and add additional bulk factors to the email if found to be a “Bulk” email.

Depending on your Spam Sensitivity Trigger Level if the email is “Confirmed Bulk Email”, this will add factors. If the overall results over your trigger level, it will be quarantined. If the overall results below your trigger level, It will not be quarantined.

Spam stamp & forward:

Most users want their spam filters on. But they might want to forward spam through to Customer Support for further analysis. To allow potential spam to get through, you could choose to enable Spam stamp & forward for the email addresses used by Customer Support, for example. The following settings are available:

No - (Default Setting) Quarantine spam email. Deliver all others

All - Deliver all messages, but stamp spam email with the subject tag below. 

Partial - Delivery non-spam email normally. Quarantine very spammy email. Deliver moderately spammy email stamped with the subject tag below.

For more detail, see Spam stamp & forward settings

Spam stamp & forward subject tag:

This is the actual text that will be added to the beginning of the subject line of emails classified as spam if Spam stamp & forward is enabled. The default setting is ***Spam***, but this can be changed based on your preference.

Include an easy-spam-reporting disclaimer in passed email:

This option allows your users to report received messages as spam directly from the email message itself.

You can set this option by checking the box as described here.

Inbound domain spoofing protection:

This option can protect your users from spammers who attempt spoof your own domain, to make the messages appear as if the email came from one of their co-workers.

More detail is available here

Inbound sender DNS check: (disable at own risk)

Please review this article for a more detailed explaination. When enabled, the “Inbound sender DNS check”  provides an additional validation on the domain of the sender on inbound email. The validation includes:

  1. Sender Domain MX Records
    • A message will be rejected if the MAIL FROM domain has:
      • No DNS A or MX record, or
      • A malformed MX record such as a record with a zero-length MX hostname
  2. Sender Domain MX Records that point to private / reserved IP ranges
    • This signals a severe DNS misconfiguration and as a result we would reject the message.

Update spam detection settings above for all existing user accounts

This checkbox, found next to the Save button is extremely important. This will push the above settings to all users (regardless of their personal settings currently set). Without checking this box, any changes you make in the Company Spam Settings will only apply to new users created after these changes are made. To apply your changes to existing users, you must check this box before saving. 

(17 vote(s))
Not helpful

Comments (0)