This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Bulk Message - Allow users to opt-out of bulk message checking

If we let users opt-out of bulk message checking, what exactly does this do? Would the messages still be tagged as BULK? Right now we have Bulk going to quarantine. Does it bypass it and go to their inbox?

 

Thanks,
John



This thread was automatically locked due to age.
Parents
  • bulk mail is not treated as spam  .. a lot of the time bulk mail does "look" spammy tho .. IE company X makes an email offer that looks shady or un-professional. Some people consider that spam.

    In fact known bulk mailers are tracked by not only black list holders, but stake holders such as Sophos. So that bulk mail rule is checking the message against that known list.  A good example is mailchimp.com  .. they send out millions of emails a day as a 3rd party service for people or companies that can not send their own email out.  So they classify as a "bulk mail sender"

    So to answer your question, if you allow users to "opt-out" of spam or bulk mail .. what ever message they opt out of would then be delivered (whitelisted) from your bulk mail rule.  

    same with spam checking.  for example:

     

    you make a bulk mail rule that quarantines all bulkmail

    user x opts out of domain y's email

    when email from domain y is received it will check against the per-user bloc/allow list .. if your action is quarantine, but sally has whitelisted domain y.. then the appliance would run the rule from the ui against the email, but also message split a copy for sally as she has manually added a white list for domain y. 

    this is the same procedure for whitelisting spam .. no other policy that is defined in the admin ui can be bypassed from the enduser portal. 

     

    Personally I recommend setting the bulk mail rule to tag subject and continue as it can be disruptive to quarantine, this also lets the user know that .. it looks spammy, but its really bulk mail. so if they do not wish to receive it any more, they should un-subscribe.

     

    Another popular option is add a Xheader and have outlook deal with it. For example

    change the action to add Xheader .. add the following .. (or under the last tab you could create a banner and add)  %%HITS%% or %%SPAM_REPORT%% 

    Other Policy Variables

    The following variables can only be used after a spam probability test has been performed:

    • %%HITS%%: A listing of all the rules that were found by the spam engine.
    • %%SPAM_REPORT%%: A verbose listing of the antispam rules triggered by the message.

    see : https://docs.sophos.com/msg/sea/help/en-us/msg/sea/concepts/PolAboutActionsTempVars.html?hl=%25%25hits

     

    then in outlook add a rule like:

    when message arrives

    check header for

    BULK_EMAIL_SENDER

    move to bulkmail folder

Reply
  • bulk mail is not treated as spam  .. a lot of the time bulk mail does "look" spammy tho .. IE company X makes an email offer that looks shady or un-professional. Some people consider that spam.

    In fact known bulk mailers are tracked by not only black list holders, but stake holders such as Sophos. So that bulk mail rule is checking the message against that known list.  A good example is mailchimp.com  .. they send out millions of emails a day as a 3rd party service for people or companies that can not send their own email out.  So they classify as a "bulk mail sender"

    So to answer your question, if you allow users to "opt-out" of spam or bulk mail .. what ever message they opt out of would then be delivered (whitelisted) from your bulk mail rule.  

    same with spam checking.  for example:

     

    you make a bulk mail rule that quarantines all bulkmail

    user x opts out of domain y's email

    when email from domain y is received it will check against the per-user bloc/allow list .. if your action is quarantine, but sally has whitelisted domain y.. then the appliance would run the rule from the ui against the email, but also message split a copy for sally as she has manually added a white list for domain y. 

    this is the same procedure for whitelisting spam .. no other policy that is defined in the admin ui can be bypassed from the enduser portal. 

     

    Personally I recommend setting the bulk mail rule to tag subject and continue as it can be disruptive to quarantine, this also lets the user know that .. it looks spammy, but its really bulk mail. so if they do not wish to receive it any more, they should un-subscribe.

     

    Another popular option is add a Xheader and have outlook deal with it. For example

    change the action to add Xheader .. add the following .. (or under the last tab you could create a banner and add)  %%HITS%% or %%SPAM_REPORT%% 

    Other Policy Variables

    The following variables can only be used after a spam probability test has been performed:

    • %%HITS%%: A listing of all the rules that were found by the spam engine.
    • %%SPAM_REPORT%%: A verbose listing of the antispam rules triggered by the message.

    see : https://docs.sophos.com/msg/sea/help/en-us/msg/sea/concepts/PolAboutActionsTempVars.html?hl=%25%25hits

     

    then in outlook add a rule like:

    when message arrives

    check header for

    BULK_EMAIL_SENDER

    move to bulkmail folder

Children
  • Thank you RW for the insight and sorry for the delay in getting back to you.

    If the end user selects "Allow users to opt-out of bulk message checking", does it override whatever action has been set for bulk messages? So in our case we have it set to tag subject and continue processing as the policy. Would the system no longer tag the message?

     

    Thank you,

    John

  • It only over-rides a quarantine action

    If you are using tag subject and and continue setting this inthe end user ui would not really do anything.. keep in mind all policy is run against the message.. the final action is based on the priority of the rules..

    Ie discard overrides quarantine and a data control rule over rides an additional policy.. likewise a threatprotection trumps them all..

    This prohibits say a rule with deliever immediatly as an actionand moving that above an av rule..

  • Thank you for the insight RW!