FAQ: User receiving too much spam. Do the following checklist.
Once you protection service is powered up, it filters spam at a uniform level of aggressiveness. If too much spam is still geting through, you can adjust filtering levels.
To troubleshoot spam, follow the steps below to determine the best solution. For more detailed information, see the Email Protection Service Administration Guide (
www.postini.com/admindoc).
|
Has the
user address been added to the email protection service? |
Search for the user’s address in the Administration Console. If not found, then the mail is being delivered without filtering. Add the user address, and note:
• If the address is associated with user who’s already registered, add a user alias.
• If the service could recognize the address via domain aliasing, create a domain alias for the user’s domain.
• If the address could be a distribution list, see the distribution list solution below.
|
Was the
message sent to a mailing or distribution list rather than an individual
user? |
• Find the message header’s To address, and search for that address in the Administration Console. If the address is not there, you must add the mailing list. Since mailing lists tend to include those outside of your organization, do not add the list as a user. Add it as an alias of the responsible owner so that the Quarantine Summary and password messages are sent to the mailing list owner rather than the entire mailing list itself.
|
|
Was the
message sent directly to your mail server bypassing the protection service? |
|
• Remember, spammers don’t follow DNS standards for selecting MX records. To prevent bypassing of the email protection service filters, set up your email server or firewall to only accept email from the protection service’s IP ranges (found on the reverse side).
• Using the Support Portal’s Message Header Analyzer, make sure the headers include an email server registered with the email protection service.
|
Was the
sender’s address in the Approved Senders list? |
If the sender or sender’s domain is on an Approved Senders list, either the user’s personal list or a list defined for the user’s org, messages will be delivered, regardless of spam-like content. This is also true if the spammer has spoofed the sender address to match an Approved Sender.
• Review the user- and org-level Senders Lists and delete any large and well-known domains that are often spoofed by spammers.
|
Have users
added their own addresses or domains as an Approved Mailing List? |
If so, all spam addressed to the user, regardless of spam settings, will be delivered to that user’s inbox.
• In the Administration Console, remove the user’s address or domain from user’s Approved Senders and Recipients lists.
|
Did a user
within your organization send the message? |
• Messages exchanged among users on the same server aren’t processed by the email protection service, unless you configure your server for intradomain filtering. Review the message headers to see if the email was sent from someone within your organization.
|
Was the
mail delivered from quarantine? |
• The user or an administrator may have delivered the message from Quarantine.
|
What do I
do if I’ve tried all of these suggestions? |
• Use the Message Header Analyzer to check the spam score in the message header. If it is above 2.0000 and the message has been through the protection service, send email to
spam@postini.com with the message attached (not forwarded). The message will be evaluated to make improvements to the filtering engine.
