Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 5 replies
  • Subscribers 4 subscribers
  • Views 9038 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Email marked as SPAM - How to know why?

DeltaSM

Hello guys,

We currently have one Sophos SG210 with Email protection activated.

SPAM filter (in Antispam tab) is on and behavior is to warn our users with a [SPAM] tag.

However, a user reported me that several emails from DHL (shipment confirmation - no attachment / only text) were on her "Junk email" folder. 

Is there a way to have an information why these emails were marked as [SPAM] by SPAM filter? I tried to consult the logs but don't see these mails as SPAM and in the mail manager, there are marked as delivered (which is true in fact but they were tagged) however.

Kind Regards,

DeltaSM



This thread was automatically locked due to age.
  • 0

    Hi DeltaSM,

     

    i havent any UTM here to check but isnt there any information in the SMTP Proxy log if you search for the source mail you might find something.

     

    Regards

     

    Jason

    Regards

    Jason

    Sophos Certified Architect - UTM

  • 0 in reply to Jason Klein

    Hello Jason,

    I find my email but no information about spam detection or something else.

    Do I have to have some SPAM information normally?

    Regards,

    DeltaSM

  • 0 in reply to DeltaSM

    Hi,

     

    even so i see it in mail manager, i can see in the smtp proxy something like "rejected after data" which can mean as far as i could check that, that the rbl check wasnt announced until the whole message was received. So the sender would need to get the mail off a black list i guess.

     

    But i would be interested as well how i can more detailed information on a mail that was declared as spam.

     

    Regards

     

    Jason

    Regards

    Jason

    Sophos Certified Architect - UTM

  • +1

    For most items, the answer is No.   UTM forwards a hash of the message to the spam service and gets back a result.    As a result, the inner workings of the spam engine decision process is not visible.   In the logs, you can look for dkim_status="value" (dkim result), ctasd_status="value" (spam engine result) and reason="value".   Most likely, you will simply see ctasd_status="confirmed".

    There is also a token for ctasd_params="value", but I have not found it to contain anything useful.

  • 0 in reply to DouglasFoster

    @Jason : in my case, emails are not reject by list like abuseat, etc. during the SMTP transaction. My problem is with the "SPAM filter".

    @Douglas: thank you for your answer. Indeed for some SPAMs I see some information about dkim, ctasd, etc. Unfortunately, for the SPAM messages concerned, I have no further information in the logs file :(

    As you confirmed, and as I supposed, there is no way to have detailed information. It's not a big deal but it could me very annoying sometimes.

    Case can be close :)

Unfiltered HTML