|Situation||You want to configure Spam detection in Proofpoint Essentials.|
See below for information on the following default settings:
The Proofpoint Essentials default Spam settings should be suitable for most situations, but there are cases where some manual influence can help the system in making better decisions. For example, marketing newsletters can be problematic at the engine must decide which ones are desirable. Some accounts like 'info@mydomain' account can have a different email type profile, and can do well with some fine-tuning. You can use the following tools to customize the Proofpoint Essentials Spam classification:
Safe Sender list (Allow filter) rules
Senders you might need to Safe Sender list include legitimate Rolex traders in which you might have a real interest, contacts that use a very spammy template full of images for their html disclaimer, or normal contacts if you have a very sensitive Spam Slider setting.
Release Always button
The Release Always button from the Summary Report is an easy way to create Safe Sender list rules for a sender, and the benefit from creating the rules is that as the system learns, over time it will need to be done less often.
blocked Sender list (Block filter) rules
Senders you might want to blocklist include:
- Difficult-to-classify spam with predictable sender addresses
- Borderline marketing emails you can't seem to unsubscribe from
- (Temporarily) your corporate website contact form which got hacked and is sending spam, which can occasionally occur.
Questions to Consider
- Does all your spam come from a ".ru" sender? Then use the Sender email address filter.
- Does all your spam originate from IP addresses in China? Then use the IP Country filter (available in the Pure filter extensions, which also allows sender body text filter types and other).
- Do you receive many semi-legitimate bulk emails with "Unsubscribe" links at the bottom? Try creating a low priority body text Pure filter for "Unsubscribe", and individual Safe Sender list filters for your real newsletters, and be careful for false alarms.
- Another good tip for a block rule is to block your own email address... normally, if you really email yourself from your own account, it doesn't pass through us, but often spammers use your own email address as the sender. We cannot take action on this en masse because many web contact forms use the same address for both sender and recipient. For more tips on using the filters, you can look at the Expanded Overview on Filters.
'Report' emails using Email Logs on the Proofpoint Essentials Interface
These reports are used by the nightly Proofpoint Essentials' engine maintenance jobs to update our statistical anti-spam component with a better idea of what is spam and what is innocent on a per-organization basis, in other words it controls custom learning for your type of email. It only takes a few examples of a certain kind of email before the correction becomes strong enough to cross your spam threshold. Some common sense and care is needed in what emails are reported in this way. If you report any low priority email you don't like or have received by accident or if you don't want to bother unsubscribing from a true mailing list, you could end up confusing the Proofpoint Essentials' anti-spam component's job of separating out the real malicious, unsolicited spam from innocent email. Consider the engine's responsibility to make decisions automatically, and you could really improve its performance. Don't panic if you've reported one wrong email by accident, the system will continue to train itself. Look here to perform spam reporting from the email logs.
The Spam Disclaimer is an optional organization-wide or per-user setting that adds a little footer to incoming emails with a URL you can click that will take you to the Proofpoint Essentials Interface's Permalink page where the email will immediately be marked as Reported, and where you will also have access to quick dropdown sender filter options for faster results. Please ensure you've read the section on Reporting above before deciding which course of action to take. To turn on the Spam Disclaimer, look here.
The Spam Disclaimer doesn't do anything not available in the interface except to provide a shortcut, so if you do not see the Spam Disclaimer, just log in and search for that email in your Email Logs.
Spam Sensitivity Slider
This tool adjusts where the Proofpoint Essentials engine should make the call between Clean/Innocent, and Spam, which it will quarantine. Misclassifications might be just on the other side of that decision line, and you could experiment with slight adjustments here. Remember that this tool can be a big hammer, it does what it says: If you set the slider to be more sensitive, more email will get quarantined, clean or spam. If you set it less sensitive, more emails will get delivered. The default setting should be fine in most cases as the system is designed around it, but the volume-of-spam versus risk-of-catching-real-emails profile can be different for different email accounts, especially for 'info@mydomain' type accounts, and the Spam Slider can be very useful there. The Release Always button will always work here as well, so you can combine it with a more sensitive Spam Slider setting if your senders are fairly regular, but some email accounts like 'sales@mydomain' might rely on receiving emails from unknown senders all the time, so just be careful there. Or if you're happy enough that your account receives virtually no spam you can leave the slider at a less sensitive position.
Spam Stamp & Forward
Most companies/users will want their Spam filters on. But if not, you can choose the Stamp & Forward option. This will mark the email as having been classified as Spam but will still deliver to the intended recipient. For adjusting the spam sensitivity bar and Stamp & Forward options, look at the Spam Settings Overview.