Reported Spam Keeps Being Delivered

Our associates keep marking some messages that have been delivered to their mailbox as spam but SEA keeps delivering to them. The "Report as Spam" KB (http://sea.sophos.com/webhelp/sea/concepts/SubmitSpam.html) isn't working the way it should. How can our users report spam back to our local SEA and have the SEA stop delivering those messages?

  • Hi John, 

    Refer to the following article for configuring User Privileges for Spam Management. Alongside, refer to, https://community.sophos.com/kb/en-us/120802 for more information on Anti Spam settings.

    Hope that helps,

  • In reply to sachingurung:

    Hi Sachingurung,

     

    Thank you for those helpful links and we already have implemented them.

    Here is an example of what my users are frustrated with.

    An email that arrives in their Outlook inbox is not tagged as spam. They review the email, and for whatever reason, decide to mark it as spam using the Sophos Report as Spam button. At this point, they expect to no longer receive messages from this sender again. A day or two later they then receive another email from the same sender even though that hit the Sophos Report as Spam button. This is their frustration. If they hit the button, whether or not Sophos lab thinks the email is spam or not, for that user and most likely everyone in our domain it is. They do not want to see it again in their inbox. It can go to quarantine or be discarded, but it does not need to ever show up in their inbox again.

    Currently, they do not get this functionality from the Sophos Report as Spam button and this is a huge problem for us. I understand what Sophos lab is doing and may not treat a message as spam for one domain across all client domains, but for us it needs to be treated that way. I am not sure how Sophos lab processes email, but I can see a check happening against Sophos Lab's rules and then check happening against a subset of Sophos's Lab rules for our domain. In another words, Sophos lab should also check against what my domain users want as a secondary processing point.

    I really appreciate your help with this!

     

  • In reply to JohnGarmon:

    Hey  

    I apologize for this inconvenience. Along with your users submitting the spam samples via the Outlook Add-In, were you able to observe any similar patterns regarding these suspected emails?

    It may take sometime for each submitted spam sample to be investigated and addressed by our labs, so in the meantime you could create a manual rule to block these senders.

    If possible, i'd also request that you PM me with your user's email addresses so I can follow up with their submissions.

    Thanks,

  • In reply to FloSupport:

    Hi FS,

     

    In regards to your comment about a creating a manual rule to block these senders. How best should I do this? Outside of redirecting emails going to the lab and manually adding to the block list on our side is the only way to do this I believe. Seems like a lot of work for something that should be automated. I apologize for my comments, but I keep getting calls about this from our users and now adding a manual process does not seem sustainable long-term for something that should be already in place.

    Would adding PureMessage help eliminate this? 

    I will PM you with the additional information. 

  • In reply to JohnGarmon:

    Hi John,

    Ensure you have a bulk mail rule as well, I recommend tag subject and continue, but you could quarantine it if you like.   Quite often these messages "look" like spam however they are legitimate known mailing lists. 

     

    these emails are not treated as spam, so the specific bulk mail rule is required.

  • In reply to Red_Warrior:

    Hi RW,

     

    I was messaging FloSupport about our users marking items as spam, but that never gets back to our SEA. It goes to is-spam, but our SEA does not get the user's request. I think their needs to be a block function and deleted message on the quarantine portal like there is an approve function and deliver. It is way easy to approve a user but very difficult to block a user or domain. I am going to reach out to our Sophos sales rep and recommend adding this feature.

     

    Thanks!

    John