07-18-2022 01:54 AM
Hello,
i would like to open discussion about, what is the best way to block spam/malicious senders for incoming emails.
I finding best manageable option and don't know decide which is better from these:
HAT - There is an option for add sender IP or geolocation, this option is probably good for persistent spam/malicious senders
Policy - Policy which is on first place where matching senders and is used content filter for not delivering. This comes to me little messy when list starts to grow.
Content filter - Policy like previous but all senders will be in Dictionary and used in content filter, this option look most familiar for me.
Kind regards
07-19-2022 08:28 AM
07-19-2022 08:42 AM
What i'm afraid in this solution is when the blacklist is full of random spam emails/domains and at that moment is not intelligible readable as well as won't that use up system available resources? What to do after one year? Is good practise to make analysis how many senders are still active?
07-19-2022 09:08 AM
07-21-2022 05:45 AM
If we get persistent senders which are easily identified to an IP or IP range - we just block them on the firewall to the mail servers. Even with senderbase refusal getting a lot of continous connections consumes resources so just block them before they even get to the ESA. After six months/12 months empty out the ACL and start again.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide