Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4617
Views
9
Helpful
5
Replies

Ironport SPAM

Go to solution
ccg-security
Level 1
Level 1

‎01-22-2017 10:19 PM

HI Cisco Support,

Based on our message tacking, some of our incoming messages are tagged as spam and we want to know why is it tagged as spam. What are the criteria or scanning procedure to tagged as SPAM?

Thank you and Best Regards!

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Libin Varghese
Cisco Employee
Cisco Employee

‎01-23-2017 05:30 AM

Hi,

To identify these threats, IronPort Anti-Spam examines the full context of a message-its content, methods of message construction, the reputation of the sender, the reputation of web sites advertised in the message, and more. IronPort Anti-Spam combines the power of email and web reputation data, leveraging the full power of the world's largest email and web traffic monitoring network — SenderBase — to detect new attacks as soon as they begin.

IronPort Anti-Spam analyzes over 100,000 message attributes across the following dimensions:

• Email reputation — who is sending you this message?
• Message content — what content is included in this message?
• Message structure — how was this message constructed?
• Web reputation — where does the call to action take you?

Analyzing multi-dimensional relationships allows the system to catch a broad range of threats while maintaining accuracy. For example, a message that has content claiming to be from a legitimate financial institution but that is sent from an IP address on a consumer broadband network or that contains a URL hosted on a “zombie” PC will be viewed as suspicious. In contrast, a message coming from a pharmaceutical company with a positive reputation will not be tagged as spam even if the message contains words closely correlated with spam.

Keeping the above in mind the rules triggered would vary from email to email.

Thanks,
Libin Varghese

View solution in original post

Go to solution
Libin Varghese
Cisco Employee
Cisco Employee
In response to ccg-security

‎01-24-2017 04:48 AM

Hi,

The Spam verdict header can only be analyzed by the internal team at Cisco. If you require information regarding a specific email you would need to open a TAC case to get that reviewed.

- Libin V

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Libin Varghese
Cisco Employee
Cisco Employee

‎01-23-2017 05:30 AM

Hi,

To identify these threats, IronPort Anti-Spam examines the full context of a message-its content, methods of message construction, the reputation of the sender, the reputation of web sites advertised in the message, and more. IronPort Anti-Spam combines the power of email and web reputation data, leveraging the full power of the world's largest email and web traffic monitoring network — SenderBase — to detect new attacks as soon as they begin.

IronPort Anti-Spam analyzes over 100,000 message attributes across the following dimensions:

• Email reputation — who is sending you this message?
• Message content — what content is included in this message?
• Message structure — how was this message constructed?
• Web reputation — where does the call to action take you?

Analyzing multi-dimensional relationships allows the system to catch a broad range of threats while maintaining accuracy. For example, a message that has content claiming to be from a legitimate financial institution but that is sent from an IP address on a consumer broadband network or that contains a URL hosted on a “zombie” PC will be viewed as suspicious. In contrast, a message coming from a pharmaceutical company with a positive reputation will not be tagged as spam even if the message contains words closely correlated with spam.

Keeping the above in mind the rules triggered would vary from email to email.

Thanks,
Libin Varghese

Go to solution
ccg-security
Level 1
Level 1
In response to Libin Varghese

‎01-23-2017 04:26 PM

Hi Libin,

Thank you very much for the information. We saw the message header that the message is positive on Spam. how can we decrypt the X-Ironport Spam header to determine what's the cause of that email that marked as spam? Is there any way to determine based on message header what's the cause of SPAM issue on a specific email?

Our customer want's to know why the specific message marked as spam? We understand that it's based on senderbase or any database but what is the main reason that marked as spam?

Thank you and Best Regards!

0 Helpful

Go to solution
Libin Varghese
Cisco Employee
Cisco Employee
In response to ccg-security

‎01-24-2017 04:48 AM

Hi,

The Spam verdict header can only be analyzed by the internal team at Cisco. If you require information regarding a specific email you would need to open a TAC case to get that reviewed.

- Libin V

0 Helpful

Go to solution
Ravi Singh
Level 7
Level 7
In response to ccg-security

‎01-25-2017 12:55 AM

Please see the below link

How do I decode the X-IronPort-AV header on the ESA?

Our customer want's to know why the specific message marked as spam?

You can put this email sender in a white list, then it will be not be checked by ESA. Moreover you can also report to cisco about the same.

Go to solution
abdelhamid_mahmoud
Level 1
Level 1
In response to Libin Varghese

‎02-05-2018 07:45 AM

Hi libin,

 

kindly, what is your mean about  "the reputation of the sender"? domain (IP address of the domian) or sender account name as libin@cisco.com?

 

Thanks

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents