Spam Settings Explained
Situation | Administrators have switched to Proofpoint Essentials and would like to understand how our Spam Settings work and what they mean. Administrators are also receiving reports that too much spam is getting through. |
---|---|
Solution | Spam settings can be adjusted from the Spam Settings drop down under Email (Security Settings). Most of these same settings can also be set from the Spam tab under each individual User (or Functional Account). The spam engine behavior is actually based on each individual user's spam settings. Security Settings > Email > Spam Settings are used as a default for any new user(s) created |
Customize Spam Filtering
- Some users might need different spam filter levels or options set. End Users (and admins) can manage their own filter settings.
- Silent Users also have personal, customizable settings that must be set and managed by an admin. They don't have access to login and manage their own settings.
- Most users probably want all categories of spam filtered aggressively. Your Sales team, however, might want lenient filtering of commercial offers so potential leads aren’t wrongly identified as spam.
- You might adjust the spam settings of the functional account 'sales@mycompany.com' so the spam sensitivity slider is adjusted to a less aggressive trigger point; or you might disable Quarantine bulk mail: for the purchasing team.
Spam Settings
Spam Sensitivity (slider)
This feature has a wide range of settings (2 - 22) which endeavor to meet the needs of all users. It is possible to manage each user's spam trigger threshold by adjusting this slider to a trigger level more closely to their needs. The range includes:
- Very Strict: 2 - 3
- Strict: 4 - 5
- Standard: 6 - 8
- Loose: 9 - 14
- Very Loose: 15 - 22
Within each of these ranges is a fine tuning range to keep detection in as small steps of increment that is required to detect and manage modern sophisticated botnets. Spam sliders and adjustments of trigger levels are available per user and per organization. The lower the trigger level, the more spam is stopped. The higher the trigger level, less spam is stopped.
Quarantine release policy
This setting allows the admin to determine who will have the ability to release messages from quarantine.
- User can release - each user can release their own messages from the quarantine using any of the available means. (See Releasing emails from Quarantine and Releasing emails from Digest)
- Admin release only - users will be able to preview quarantined messages, but only an admin will be able to release the message from quarantine. If a user tries to release a message from quarantine from their quarantine digest report they will get the message Email cannot be released without admin privileges, please contact your administrator.
Quarantine email suspected of being phish
Emails will be more likely to be quarantined if they are scanned and identified as “phishing” based on additional factors, including your spam sensitivity level.
- When an Inbound mail arrives, we scan and score the email. Part of the score is based on whether or not our engine identifies the message as a phishing attempt. If the message is identified as "phishing" it will add points to the total score.
- If this option is selected, it will add more points to the total score - making it more likely that the message will be quarantined.
- If this option is unselected, it will still add points, but not as many - so the message would likely need additional factors to add enough points to exceed the threshold to be quarantined.
- If the total score is above your sensitivity setting, it will be quarantined. If the total score is below your sensitivity setting, it will still not be quarantined - even though you have this option checked.
Require admin to release phish emails
- Similar to the above description for the Quarantine release policy. If this is set to "Yes" any message that is identified as a phishing attempt can not be released by an End User or Silent User. If they attempt to release a phishing message from quarantine, they will receive the error described above and be directed to contact their admin to release the message.
- If this is set to No, phishing messages will be treated like any other quarantined message and can be released by the user.
Users will receive this specific error in their digest if they try to release the message in any form when this setting is enabled: "An Email that you have selected requires administrator privileges to be released."
If the Quarantine release policy is set to Admin release only, this option is grayed out since it becomes irrelevant. If EVERY quarantined message requires admin privileges to release, then of course the same would apply to phishing messages.
Quarantine Bulk Email
Quarantine bulk email will scores emails if they are scanned and are identified as Confirmed Bulk Email based on numerous factors combined with your spam sensitivity level.
- When an Inbound mail arrives, and the spam setting Quarantine bulk email is checked. We scan the email and add additional bulk factors to the email if found to be a Bulk email.
- Depending on your Spam Sensitivity Trigger Level if the email is Confirmed Bulk Email, this will add factors to the Proofpoint MLX scoring.
- If the overall results over your trigger level, it will be quarantined.
- If the overall results below your trigger level, It will not be quarantined.
Bulk email and spam sensitivity level
Please note that we adhere to the spam sensitivity level. There are items that can cause the messages to score lower than perceived, and not quarantine as bulk.
We do NOT auto-quarantine an email if it scores high for bulk per factors lowering it's overall score.
Spam stamp & forward
Most users want their spam filters on. But they might want to forward spam through to Customer Support for further analysis. To allow potential spam to get through, you could choose to enable Spam stamp & forward for the email addresses used by Customer Support.
To Enable:
1. Navigate to Security Settings > Email > Spam Settings.
2. Find the Spam and stamp & forward and select one of the below options from the dropdown:
- No - (Default Setting) Quarantine spam email. Deliver all others.
- All - Deliver all messages, but stamp spam email with the subject tag below. If this option is enabled, all email that is classified as spam according to your spam slider bar will be stamped and delivered. (Even if on a User or Company Blocklist)
- Partial - Delivery non-spam email normally. Quarantine very spammy email. Deliver moderately spammy email stamped with the subject tag below. If this option is enabled it will stamp and forward emails whose spam score is between 9 and 19.
- For more detail, see Spam stamp & forward settings
Digests VS. Spam Stamp & Forward
Digests may not contain data if this feature is enabled. Some messages are auto-forwarded with the subject tag and do not show in the digest.
False Negative issues
Please note that when the stamp & forward feature is on, support cannot assist with false negative reporting reports. Support's directive will be to turn this feature off.
Spam stamp & forward subject tag
This is the actual text that will be added to the beginning of the subject line of emails classified as spam if Spam stamp & forward is enabled. The default setting is ***Spam***, but this can be changed based on your preference.
If you wish to apply this setting to existing user accounts, ensure Update spam detection settings above for all existing user accounts is enabled. This setting is located at the bottom of the page. After enabling, click Save.
Include an easy-spam-reporting disclaimer in passed email
This option allows your users to report received messages as spam directly from the email message itself.
You can set this option by checking the box as described here.
Inbound domain spoofing protection
This option can protect your users from spammers who attempt spoof your own domain, to make the messages appear as if the email came from one of their co-workers.
Domain protection only
This feature is to auto-quarantine emails that recognize inbound emails where the FROM or SENDER fields include your company domain(s).
If you want to receive emails from legitimate sources that spoof your own domain, please see this by-pass domain spoofing KB.
Inbound sender DNS check: (disable at own risk)
Please review this article for a more detailed explanation. When enabled, the Inbound sender DNS check provides an additional validation on the domain of the sender on inbound email. The validation includes:
-
Sender Domain MX Records
- A message will be rejected if the MAIL FROM domain has:
- No DNS A or MX record, or
- A malformed MX record such as a record with a zero-length MX hostname
- A message will be rejected if the MAIL FROM domain has:
- Sender Domain MX Records that point to private / reserved IP ranges
- This signals a severe DNS mis-configuration and as a result we would reject the message.
Update spam detection settings above for all existing user accounts
This checkbox, found next to the Save button is extremely important. This will push the above settings to all users (regardless of their personal settings currently set). Without checking this box, any changes you make in the Company Spam Settings will only apply to new users created after these changes are made. To apply your changes to existing users, you must check this box before saving.
Default spam settings
Below are the default spam settings when a new customer is created:
- Spam Sensitivity - set to 7
- Quarantine release policy - All users
- Quarantine email suspected of being phish - Yes
- Require admin to release phish emails - Yes
- Quarantine bulk email - No
- Spam stamp & forward - No
- Spam stamp & forward subject tag - ***Spam***
- Include an easy-spam-reporting disclaimer in passed email - No
- Inbound domain spoofing protection - unchecked
- Inbound sender DNS check - checked
Template
If you create a template as a reseller, you can assign specific default settings.