02-01-2010 07:11 AM
Do we still send reports to these addresses or does Cisco use new ones? Been getting a lot of missed spam lately and despite reports for very similar spam emails they still are not being blocked.
False positives should go to ham@access.ironport.com
False negatives (missed spam) should be sent to spam@access.ironport.com
02-01-2010 07:25 AM
As far as I know (and the knowledge base) these addresses are still right
Peter
02-01-2010 07:34 AM
Thanks Peter, I will continue to send them, just hope they are still being used.
02-03-2010 05:53 AM
Agreed! These email addresses are right and still usable.
Jeroen
03-10-2010 08:30 AM
How do you all handle the forwarding of these spam or ham messages to IronPort in RFC-822 format?
End users are typically not "smart" enough to do this on their own. How do you all automate this on behalf of the end user?
03-10-2010 12:18 PM
I do it myself, just click on the message and then forward it to spam@access.ironport.com
I always try to prevent/insulate the users from making ANY decisions when it comes to security.
03-10-2010 12:23 PM
Do you have your mail client already configured to forward mail as a RFC-822 formatted message? Because if not simply forwarding the message with default settings to that spam reporting address it does no good.
03-12-2010 01:30 AM
Have a look in knowledge base about this (Answer ID 472 , Answer ID 471 )
Peter
03-12-2010 09:02 AM
Wondering if this is also the correct rout to go for submitting mis-categorized Marketing emails?
There's a mailing list I'm on where every message get's flagged as Marketing. I reported yesterday to the ham address but they're still being flagged.
03-12-2010 09:40 AM
Copied from the support document:
Customers using IronPort Anti-Spam or Symantec Brightmail Anti-Spam will want to submit both 'missed spam ' (False Negatives) and messages which are incorrectly classified as SPAM (False Positives). In either case, the submission must be attached to an email as an RFC-822 MIME encoded attachment. This ensures that the submission can be processed quickly and efficiently. The actual steps to follow are different for each mail program (Mail User Agent).
Report undetected spam to: spam@access.ironport.com
Report false-positives to: ham@access.ironport.com
Peter
03-12-2010 11:22 AM
Yup, that's what I did
03-24-2010 05:54 AM
I have not been sending them as an attachment. All messages go through a mail filter where I believe they are in this format and I have been forwarding the message intact to spam@access.ironport.com. So likely I have been wasting my time.
03-24-2010 03:30 AM
Cheers guys,
We're getting quite a few false negatives (missed spam) through these past couple of weeks. I've followed the instructions outlined in the knowledge base.
Out of curiosity, how long does it take on average before the forwarded spam gets picked up on and is secured against?
R.
03-24-2010 06:14 AM
Sorry to say it appears to be an unknown. I have yet to see any cogent official reply here. I've forwarded several false positive to the ham address weeks ago and the same mailing list messages are still being flagged as marketing. I'd guess the chances of action will be similar for your false negative situation. Cisco picked up Ironport within a year or so of our implementation of the product. The "support" forum was never stellar to begin with (they want you to call for every little issue) such that it was useful primarily in a social way, or for people who won't read the docs. The Cisco acquisition clearly has not helped in any way that I can see. Now we have a forum that's an order of magnitude slower and more annoying to use and you can see the deafening silence above. I highly recommend you open a ticket if you need action.
We purchased Ironport instead of CanIT Pro because "we'll get better support from a larger company." While the performance of the product has been pretty good, that statment hasn't worked out to be true and (also given the lack of flexability of the product compared to a more open solution) you can probably guess what my recommendation will be when our C100 kicks the bucket.
Maybe all this shouldn't be a surprise: http://etherealmind.com/yes-no-question-cisco-licensing/
08-03-2010 01:24 PM
I finally had to open a ticket on this one. After a month we figured out that S/MIME signed (but non-encrypted) messages broke their submission system. After another month the documentation was updated slightly (and I had a firm "maybe" that they will work on fixing the submission system). Since the docs *still* aren't entirely clear (and I was tired of dealing with the unsupport department and gave up ) I offer some simple bottom line guidance to follow which should increase your chances of a successful submission.
Try using the MS Outlook plugin. When you submit WITHOUT using the MS Outlook plugin (for example because it is not supported when the MS Exchange 2003 management tools are installed on the workstation) make sure the following are true:
Obviously, there is no indication when the submissions are hitting the bit-bucket, so it would be wise to follow the list above. Good luck!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide