Not sure if this is still done anymore (i.e. spam submissions by end users), but I have one particular email address that has its mail filtered by an ironport device at the provider's end, however, there is a particular spammer who is adept at getting around the filtering.
Question: as per the directions here, can I submit a single email to the firstname.lastname@example.org address with multiple spam sample attachments as separate .eml files? or must there be one .eml attachment per submission?
FWIW, the samples are all ones that have a low rating and have got past the filtering, even with a high threshold set:
Just a quick addendum. I've been diligently sending samples from this spammer over the past month (spam campaign has been going on for 12+ months). In short, my provider's email spam filtering has gone from missing a good majority of them to now around 85-90% are held (have a rating of something insane 10-15+ on the score rating thing).
My provider's spam holding area keeps the recent 14 days of tagged messages - it used to have 0-5 messages in a 14 day period, and it's now up to 160 running total. I'm quite happy, and also happy that this arsehat's emails won't be landing in anyone else's inboxes if their provider is running an Ironport device.