Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 39 replies
  • Subscribers 1 subscriber
  • Views 170676 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Email Appliance - Spam still getting through

jadedmia
We are using Sophos Email Appliance (latest patch) and according to Sophos we have everything configured the best way to block spam. Still continuing to recieve spam to users inboxes. Really blatant stuff like free gift cards and things like that. Anyone have any ideas on how to stop it? It seems like since about Febuary 2014 a lot more spam is getting through and being marked in the logs as legitimate. I have checked the allow lists and I don't have anything listed that it could be bypassing the policies.

Any help would be greatly appreciated because it seems to be from Sophos's last correspondence that they are basically unwilling to help any further.

James
:53647


This thread was automatically locked due to age.
Parents
  • 0

    Sophos would be able to block a lot of these by simply greylisting all domains that aren't .com, .gov, .net, .biz,or .org.  In other words all domains that have more than 4 characters in the domain (jsmith@whatever.XXXX).  I was reading an article by a spam specialist that was indicating that these snowshoe campaigns are usually hit and run.  So if you greylist them, you temporarily give them a soft fail.  If the MTA is legitimate, it will try to resend, otherwise, no harm done, other than delaying the message for a few minutes.  Again this would only be for domain extensions past three characters.

    Seems to me like that's the way to go for now.

    If spammers change their ways again, then simply re-write the algorithm to slow down anybody that is not sending from a popular domain extension.

    :55316
Reply
  • 0

    Sophos would be able to block a lot of these by simply greylisting all domains that aren't .com, .gov, .net, .biz,or .org.  In other words all domains that have more than 4 characters in the domain (jsmith@whatever.XXXX).  I was reading an article by a spam specialist that was indicating that these snowshoe campaigns are usually hit and run.  So if you greylist them, you temporarily give them a soft fail.  If the MTA is legitimate, it will try to resend, otherwise, no harm done, other than delaying the message for a few minutes.  Again this would only be for domain extensions past three characters.

    Seems to me like that's the way to go for now.

    If spammers change their ways again, then simply re-write the algorithm to slow down anybody that is not sending from a popular domain extension.

    :55316
Children
No Data
Unfiltered HTML