We have four or five customers still on SG units and on-prem e-mail hosting. Since applying 9.706-9 for the 21Nails remediation we've had complaints at least one of them every few days over the last few weeks. It's not always the same customer on the same day, but these clients have rarely had complaints before and now we're having repeat complaints.
Reviewing logs, I can see that SASI is operational and some messages are being blocked due to RBL, SPF, and confirmed spam, but there are waves of messages making it through, sometimes a hundred or more, over a 12 hour window.
We're not new to this, and we understand how honeypot detection works, and that if a customer is at the top of a spam list they're vulnerable, but the volume involved is unusually high, the duration is unusually high, the repetition is unusual, and that it started about a week after 9.706-9 in addition to that our two on-prem XG customers don't have a complaint has us wondering.
We formed a Sophos case about two weeks ago and it didn't go further than "are you getting definition updates? Then submit the false negatives." No thank you. We've got hundreds of messages.
I'm curious if anyone else has been seeing similar increases of failed detection in the last month or so.
This thread was automatically locked due to age.