02-20-2018 01:19 PM - edited 03-08-2019 07:33 PM
Hi. We are seeing a high volume of spam coming from sources that have no SBRS scores. Is anyone else experiencing this? Some of the domains include:
skincare.howtogetridofwartsz.org
cats.surburbanpets.com
deck.cardscastgame.com
The domains don't accept emails (i.e, telnet to port 25 fails), so any bounces are being queued and retried. It would be preferable to not accept these emails at all, many of which, if not most, are being identified as spam. However, we deliver spam emails and place them in a spam folder for users to review, so we can't just drop them. Well, we could if we block the IPs, but there are so many of these domains popping up that trying to block by IP is not feasible, as they will just try from another domain tomorrow.
Any suggestions?
02-20-2018 06:31 PM
02-21-2018 06:57 AM - edited 02-21-2018 06:58 AM
Hi, Matthew. Thank you for that thorough and speedy response. To answer your question about the SBRS score, it is 'None'. It would be nice if we could drop them when CASE determines they are spam, and we may do so in the future. However, we are cautious. As you can imagine, it just takes one false positive resulting in an undelivered email to cause an uproar.
Our ESAs evaluate everything above a score of 80 as positive for spam, and scores above 40 are suspected spam. Both are delivered. If we could trust that emails with a score higher than 80 are identified as true positives, we could recommend dropping them. But I am not even sure where to find that information, or if we even have access to it.
Tim
02-21-2018 04:09 PM
Hey Tsilveruits,
Thanks for getting back to me - ah yeah that's quite a predicament there.
Unfortunately the scores won't 'appear' on your side as it's hashed within the required headers we insert - but you can be sure that any verdicts over 90 *this is the defaulted values* we consider clear spam.
But you are right - if a False positive triggers it can lead to some concern.
Another alternative if not already used is, the consideration to send them to a quarantine (spam) and let end user decide if they want to trust the email or not and release/delete accordingly.
We won't be able to assign scores to IPs quick enough if the volume doesn't come on the sensors to allocate a score via the algorithm - and stopping all SBRS none is very aggressive and i suggest against that.
Regards,
Matthew
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide