cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Cisco Secure Email Support Community

Product Support Talos Support Cisco Support Reference + Current Release
Gateway Reputation Lookup Open a support case Secure Email Guided Setup
Gateway: 14.2.0-616
Cloud Gateway Email Status Portal Support & Downloads docs.ces.cisco.com
Email and Web Manager: 14.2.0-203
Email and Web Manager Web & Email Reputation Worldwide Contacts Product Naming Quick Reference
Reporting Plug-in: 1.1.0.136
Encryption Bug Search
Encryption Plug-in: 1.2.1.167
Cloud Mailbox Notification Service
Outlook Add-in(s): More info

860
Views
20
Helpful
3
Replies
tecnix
Beginner

submissions to spam@access.ironport.com - multiple .eml files 1 email?

Hi,

 

Not sure if this is still done anymore (i.e. spam submissions by end users), but I have one particular email address that has its mail filtered by an ironport device at the provider's end, however, there is a particular spammer who is adept at getting around the filtering.

 

Question: as per the directions here, can I submit a single email to the spam@access.ironport.com address with multiple spam sample attachments as separate .eml files? or must there be one .eml attachment per submission?


FWIW, the samples are all ones that have a low rating and have got past the filtering, even with a high threshold set:

 

X-spamdetect  : -5.900000 IronPort SPAM scanned=-10.0, SpamUrl=4.1

 

Thank you.

 

1 ACCEPTED SOLUTION

Accepted Solutions
UdupiKrishna
Cisco Employee

You can submit multiple spam samples in a single submission/email. Each sample will have separated CID(s) created for tracking on TALOS portal.

I tested it, it should for you too

View solution in original post

3 REPLIES 3
UdupiKrishna
Cisco Employee

You can submit multiple spam samples in a single submission/email. Each sample will have separated CID(s) created for tracking on TALOS portal.

I tested it, it should for you too

Thank you for testing, UdupiKrishna, much appreciated.

tecnix
Beginner

Just a quick addendum. I've been diligently sending samples from this spammer over the past month (spam campaign has been going on for 12+ months). In short, my provider's email spam filtering has gone from missing a good majority of them to now around 85-90% are held (have a rating of something insane 10-15+ on the score rating thing).

 

My provider's spam holding area keeps the recent 14 days of tagged messages - it used to have 0-5 messages in a 14 day period, and it's now up to 160 running total. I'm quite happy, and also happy that this arsehat's emails won't be landing in anyone else's inboxes if their provider is running an Ironport device.

Create
Recognize Your Peers
Content for Community-Ad